Re: Authenticate users using command line tool against AD in python

From	Michael Ströder <michael@stroeder.com>
Newsgroups	comp.lang.python
Subject	Re: Authenticate users using command line tool against AD in python
Date	2015-07-28 09:56 +0200
Organization	A noiseless patient Spider
Message-ID	<mp7cg2$605$1@dont-email.me> (permalink)
References	<aead3a1f-c1ed-4694-ba9a-f18164f07284@googlegroups.com>

Show all headers | View raw

Prasad Katti wrote:
> I am writing a command line tool in python to generate one time
> passwords/tokens. The command line tool will have certain sub-commands like
> --generate-token and --list-all-tokens for example. I want to restrict
> access to certain sub-commands. In this case, when user tries to generate a
> new token, I want him/her to authenticate against AD server first.

This does not sound secure:
The user can easily use a modified copy of your script.

> I have looked at python-ldap and I am even able to bind to the AD server.
> In my application I have a function
> 
>     def authenticate_user(username, password): pass
> 
> which gets username and plain-text password. How do I use the LDAPObject instance to validate these credentials?

You probably want to use

http://www.python-ldap.org/doc/html/ldap.html#ldap.LDAPObject.simple_bind_s

Check whether password is non-zero before because most LDAP servers consider
an empty password as anon simple bind even if the bind-DN is set.

Ciao, Michael.

Thread

Authenticate users using command line tool against AD in python Prasad Katti <percy.k1234@gmail.com> - 2015-07-27 16:01 -0700
  Re: Authenticate users using command line tool against AD in python Michael Ströder <michael@stroeder.com> - 2015-07-28 09:56 +0200
    Re: Authenticate users using command line tool against AD in python Prasad Katti <percy.k1234@gmail.com> - 2015-07-31 11:07 -0700
      Re: Authenticate users using command line tool against AD in python Michael Ströder <michael@stroeder.com> - 2015-07-31 22:08 +0200

csiph-web