Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #94684
| Path | csiph.com!usenet.pasdenom.info!aioe.org!eternal-september.org!feeder.eternal-september.org!mx02.eternal-september.org!.POSTED!not-for-mail |
|---|---|
| From | Michael Ströder <michael@stroeder.com> |
| Newsgroups | comp.lang.python |
| Subject | Re: Authenticate users using command line tool against AD in python |
| Date | Tue, 28 Jul 2015 09:56:16 +0200 |
| Organization | A noiseless patient Spider |
| Lines | 26 |
| Message-ID | <mp7cg2$605$1@dont-email.me> (permalink) |
| References | <aead3a1f-c1ed-4694-ba9a-f18164f07284@googlegroups.com> |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=ISO-8859-1 |
| Content-Transfer-Encoding | 7bit |
| Injection-Date | Tue, 28 Jul 2015 07:54:42 +0000 (UTC) |
| Injection-Info | mx02.eternal-september.org; posting-host="b6c6daf486d0281415cc730b73ecdf3a"; logging-data="6149"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19rh5z79RKTkwXvM49Avck36COMCJ9ZKY8=" |
| User-Agent | Mozilla/5.0 (X11; Linux x86_64; rv:36.0) Gecko/20100101 SeaMonkey/2.33.1 |
| In-Reply-To | <aead3a1f-c1ed-4694-ba9a-f18164f07284@googlegroups.com> |
| Cancel-Lock | sha1:0JSycsnAnGj8Ywn1IRt7RsEp4P8= |
| Xref | csiph.com comp.lang.python:94684 |
Show key headers only | View raw
Prasad Katti wrote: > I am writing a command line tool in python to generate one time > passwords/tokens. The command line tool will have certain sub-commands like > --generate-token and --list-all-tokens for example. I want to restrict > access to certain sub-commands. In this case, when user tries to generate a > new token, I want him/her to authenticate against AD server first. This does not sound secure: The user can easily use a modified copy of your script. > I have looked at python-ldap and I am even able to bind to the AD server. > In my application I have a function > > def authenticate_user(username, password): pass > > which gets username and plain-text password. How do I use the LDAPObject instance to validate these credentials? You probably want to use http://www.python-ldap.org/doc/html/ldap.html#ldap.LDAPObject.simple_bind_s Check whether password is non-zero before because most LDAP servers consider an empty password as anon simple bind even if the bind-DN is set. Ciao, Michael.
Back to comp.lang.python | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
Authenticate users using command line tool against AD in python Prasad Katti <percy.k1234@gmail.com> - 2015-07-27 16:01 -0700
Re: Authenticate users using command line tool against AD in python Michael Ströder <michael@stroeder.com> - 2015-07-28 09:56 +0200
Re: Authenticate users using command line tool against AD in python Prasad Katti <percy.k1234@gmail.com> - 2015-07-31 11:07 -0700
Re: Authenticate users using command line tool against AD in python Michael Ströder <michael@stroeder.com> - 2015-07-31 22:08 +0200
csiph-web