[EMAIL PROTECTED] wrote:
import ldap
l = ldap.initialize("ldap://server.net";)
l.simple_bind(DN, "secret")
> 1
                 ^^^
You probably want to use the synchronous method simple_bind_s() since you want to impersonate on this LDAP connection immediately before doing anything else on that connection.

l.result(1)
(97, [])

Could you please use argument trace_level=2 when calling ldap.initialize() and examine the debug log? It records all method calls of your particular LDAPObject instance.

l = ldap.initialize("ldap://server.net",trace_level=2)

Level 2 outputs a debug log with results received. Protect this log since it also contains passwords!

l.search("dc=server,dc=net", ldap.SCOPE_SUBTREE, "(sAMAccountName=user)")
OPERATIONS_ERROR: {'info': '00000000: LdapErr: DSID-0C090627, comment:
In order to perform this operation a successful bind must be completed
on the connection., data 0, vece', 'desc': 'Operations error'}

Still something went wrong with your bind. Since I don't know your DN I can't say anything. The DN should be a local user in this domain and not a user from another trusted domain. If you have a complicated AD setup with various domains and delegated trust connecting to the GC (global catalog) on port 3268 might be easier.

The simple bind works fine and returns a result, when i get the
result, it returns 97 meaning successful.

It would raise an exception if an LDAP error was received.

 So there was a successful
bind on the connection, right?

Don't know. Since I don't know your DN and AD domain configuation.

I've added a new example script ms_ad_bind.py to python-ldap's Demo/ directory illustrating all the possible bind methods:

http://python-ldap.cvs.sourceforge.net/*checkout*/python-ldap/python-ldap/Demo/ms_ad_bind.py?content-type=text%2Fplain

For getting the SASL stuff to correctly work your DNS has to be properly set up for AD (A RRs and matching PTR RRs for the DCs).

Ciao, Michael.
--
http://mail.python.org/mailman/listinfo/python-list

Reply via email to