Let me raise the question of using ldap3 in a windows environment.

Is it possible to establish a connection (conn.bind () - necessary for administration: creation / modification of objects) by domain authentication - without a password? From the scrappy comments on the forums, I had the impression that this can be implemented via Kerberos, which is part of ldap3: KERBEROS = GSSAPI = 'GSSAPI'

And the documentation has a description: https://ldap3.readthedocs.io/bind.html

But it seems to work only on Linux - the error crashes:

ModuleNotFoundError: No module named 'gssapi'

And there is even some solution: https://stackoverflow.com/questions/32710365/how-to-install-gssapi-python-module-on-windows

But to start this business somehow fails. Has anyone been administering a domain while authenticating through KERBEROS?

An example of the connection used with NTLM:

 from ldap3 import Server, Connection, ALL, NTLM server = Server('servername.local', get_info=ALL) conn = Connection(server, user='DOMAIN\\User', password='****', authentication=NTLM) print(conn) conn.start_tls() print(conn) conn.bind() print(conn.result) print(conn.bound)

More complete instructions proposed by @MaxU: https://stackoverflow.com/questions/52279503/passwordless-python-ldap3-authentication-from-windows-client/52280673#52280673

However, the problem remains in the connection (there are admin rights on the domain):

 C:\Users\UserProfile\PycharmProjects\untitled10\venv\Scripts\python.exe C:/Users/UserProfile/.PyCharmCE2018.3/config/scratches/scratch.py Traceback (most recent call last): File "C:/Users/UserProfile/.PyCharmCE2018.3/config/scratches/scratch.py", line 7, in <module> c.bind() File "C:\Users\UserProfile\PycharmProjects\untitled10\venv\lib\site-packages\ldap3\core\connection.py", line 530, in bind self.open(read_server_info=False) File "C:\Users\UserProfile\PycharmProjects\untitled10\venv\lib\site-packages\ldap3\strategy\sync.py", line 56, in open BaseStrategy.open(self, reset_usage, read_server_info) File "C:\Users\UserProfile\PycharmProjects\untitled10\venv\lib\site-packages\ldap3\strategy\base.py", line 147, in open raise LDAPSocketOpenError('unable to open socket', exception_history) ldap3.core.exceptions.LDAPSocketOpenError: ('unable to open socket', [(LDAPSocketOpenError('socket ssl wrapping error: [WinError 10054] An existing connection was forcibly closed by the remote host',), ('10.127.37.7', 636))])
  • Try this - MaxU
  • @MaxU, thanks - this instruction is more complete than I found. but the problem still remains - unable to open socket - Alex
  • ('10 .127.37.7 ', 636): @Alex, you are trying to establish an SSL connection, replace the IP address with the FQDN, as all the manuals advise you. In the link that MaxU cited, MaxU even recommend checking the server name via SPN - see the comment Jason Dec 5 '18 at 19:35 - Sergey Nudnov

0