Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

macOS build isn't usable #237

Closed
Closed
@simmel

Description

@simmel

What went wrong?

Tried to use ldap3 with gssapi and I can't get SASL GSSAPI auth over LDAPS to work.

  • GSSAPI over LDAP works
  • NO AUTH/PLAIN over LDAPS works
  • GSSAPI over LDAPS doesn't work

GSSAPI over LDAPS works on Linux (I tried ArchLinux but should work on any)

How do we reproduce?

$ python3 -m venv ldap3gssapitest$ cd ldap3gssapitest$ source bin/activate$ pip3 install ldap3 gssapi cryptography$ cat > search.py <<EOF#!/usr/bin/env python3from ldap3 import Server, Connection, Tls, SASL, KERBEROSimport ssltls = Tls(validate=ssl.CERT_NONE, version=ssl.PROTOCOL_TLSv1_2)server = Server('yourldapserver', use_ssl=True, tls=tls)c = Connection(        server, authentication=SASL, sasl_mechanism=KERBEROS)c.bind()print(c.extend.standard.who_am_i())EOF$ python3 search.pydn:uid=simlu,cn=gssapi,cn=auth

That should yield an LDAP dn which should match your Kerberos principal.

With macOS 11.1 I get:

$ python3 search.pyTraceback (most recent call last):  File "/private/tmp/ldap3gssapitest/search.py", line 8, in <module>    c.bind()  File "/private/tmp/ldap3gssapitest/lib/python3.9/site-packages/ldap3/core/connection.py", line 608, in bind    response = self.do_sasl_bind(controls)  File "/private/tmp/ldap3gssapitest/lib/python3.9/site-packages/ldap3/core/connection.py", line 1336, in do_sasl_bind    result = sasl_gssapi(self, controls)  File "/private/tmp/ldap3gssapitest/lib/python3.9/site-packages/ldap3/protocol/sasl/kerberos.py", line 118, in sasl_gssapi    out_token = ctx.step(in_token)  File "<decorator-gen-15>", line 2, in step  File "/private/tmp/ldap3gssapitest/lib/python3.9/site-packages/gssapi/_utils.py", line 155, in check_last_err    return func(self, *args, **kwargs)  File "<decorator-gen-5>", line 2, in step  File "/private/tmp/ldap3gssapitest/lib/python3.9/site-packages/gssapi/_utils.py", line 128, in catch_and_return_token    return func(self, *args, **kwargs)  File "/private/tmp/ldap3gssapitest/lib/python3.9/site-packages/gssapi/sec_contexts.py", line 519, in step    return self._initiator_step(token=token)  File "/private/tmp/ldap3gssapitest/lib/python3.9/site-packages/gssapi/sec_contexts.py", line 535, in _initiator_step    res = rsec_contexts.init_sec_context(self._target_name, self._creds,  File "gssapi/raw/sec_contexts.pyx", line 245, in gssapi.raw.sec_contexts.init_sec_contextgssapi.raw.exceptions.MalformedParameterError: Major (51183616): A parameter was malformed Miscellaneous failure (see text), Minor (0): Success$

Component versions (python-gssapi, Kerberos, OS / distro, etc.)

$ pip3 freezecffi==1.14.4cryptography==3.3.1decorator==4.4.2gssapi==1.6.12ldap3==2.8.1pyasn1==0.4.8pycparser==2.20six==1.15.0$ pacman -Qi krb5 | grep VersionVersion         : 1.18.2-1

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      [8]ページ先頭
      ©2009-2025 Movatter.jp