I'm trying to update some code to python3, using ldap3 version '0.9.7.4'. (https://pypi.python.org/pypi/ldap3)
Previously, I used python-ldap with python2 to authenticate a user like this:
import ldap
address = "ldap://HOST:389"
con = ldap.initialize(address)
base_dn = "ourDN=jjj"
con.protocol_version = ldap.VERSION3
search_filter = "(uid=USERNAME)"
result = con.search_s(base_dn, ldap.SCOPE_SUBTREE, search_filter, None)
user_dn = result[0][0] # get the user DN
con.simple_bind_s(user_dn, "PASSWORD")
This properly returns (97, [], 2, [])
on correct password, and raises ldap.INVALID_CREDENTIALS
on a bind attempt using an incorrect password.
Using ldap3
in python3 I'm doing the following:
from ldap3 import Server, Connection, AUTH_SIMPLE, STRATEGY_SYNC, ALL
s = Server(HOST, port=389, get_info=ALL)
c = Connection(s, authentication=AUTH_SIMPLE, user=user_dn, password=PASSWORD, check_names=True, lazy=False, client_strategy=STRATEGY_SYNC, raise_exceptions=True)
c.open()
c.bind()
It's raising the following exception:
ldap3.core.exceptions.LDAPInvalidCredentialsResult: LDAPInvalidCredentialsResult - 49 - invalidCredentials - [{'dn': '', 'message': '', 'type': 'bindResponse', 'result': 0, 'saslCreds': 'None', 'description': 'success', 'referrals': None}]
I'm using the user_dn
value returned by python2's ldap search, since this appears to be working in python2.
How can I get this to bind properly using ldap3 in python3?
(One thing strange, I noticed, is that the ldap3's LDAPInvalidCredentialsResult includes 'description': 'success'
. I'm guessing this just means response successfully recieved...)
I'm the author of ldap3, please set raise_exceptions=False
in the Connection definition and check the connection.result
after the bind. You should get the reason why your bind()
is unsuccessful.