本文整理汇总了Python中ldap3.SASL属性的典型用法代码示例。如果您正苦于以下问题:Python ldap3.SASL属性的具体用法?Python ldap3.SASL怎么用?Python ldap3.SASL使用的例子?那么恭喜您, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类ldap3的用法示例。
在下文中一共展示了ldap3.SASL属性的7个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: __init__
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import SASL [as 别名]
def __init__(self, user_search_string, search_by):
super().__init__(user_search_string, search_by)
self.FREEIPA_SERVER = import_from_settings('FREEIPA_SERVER')
self.FREEIPA_USER_SEARCH_BASE = import_from_settings('FREEIPA_USER_SEARCH_BASE', 'cn=users,cn=accounts')
self.FREEIPA_KTNAME = import_from_settings('FREEIPA_KTNAME', '')
self.server = Server('ldap://{}'.format(self.FREEIPA_SERVER), use_ssl=True, connect_timeout=1)
if len(self.FREEIPA_KTNAME) > 0:
logger.info('Kerberos bind enabled: %s', self.FREEIPA_KTNAME)
# kerberos SASL/GSSAPI bind
os.environ["KRB5_CLIENT_KTNAME"] = self.FREEIPA_KTNAME
self.conn = Connection(self.server, authentication=SASL, sasl_mechanism=KERBEROS, auto_bind=True)
else:
# anonomous bind
self.conn = Connection(self.server, auto_bind=True)
if not self.conn.bind():
raise ImproperlyConfigured('Failed to bind to LDAP server: {}'.format(self.conn.result))
else:
logger.info('LDAP bind successful: %s', self.conn.extend.standard.who_am_i()) 示例2: create_ldap_connection
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import SASL [as 别名]
def create_ldap_connection(domain_controller):
"""Create ldap connection object.
"""
# Disable W0212: Access to a protected member _is_ipv6 of a
# client class
#
# This is needed because twisted monkey patches socket._is_ipv6
# and ldap3 code is wrong.
# pylint: disable=W0212
ldap3.Server._is_ipv6 = lambda x, y: False
server = ldap3.Server(domain_controller, mode=ldap3.IP_V4_ONLY)
return ldap3.Connection(
server,
authentication=ldap3.SASL,
sasl_mechanism='GSSAPI',
sasl_credentials=(True,),
client_strategy=ldap3.RESTARTABLE,
auto_bind=True,
auto_range=True,
return_empty_attributes=False
) 示例3: initConnection
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import SASL [as 别名]
def initConnection(self, authdata, kdc=None):
if not kdc:
kdc = authdata['domain']
self.server = Server("ldap://%s:%s" % (self.targetHost, self.targetPort), get_info=ALL)
self.session = Connection(self.server, user="a", password="b", authentication=SASL, sasl_mechanism=KERBEROS)
ldap_kerberos(authdata['domain'], kdc, authdata['tgt'], authdata['username'], self.session, self.targetHost) 示例4: _connect_to_uri
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import SASL [as 别名]
def _connect_to_uri(self, uri):
"""Create an LDAP connection to the given URI."""
try:
server = ldap3.Server(
uri,
mode=ldap3.IP_V4_ONLY,
connect_timeout=self._connect_timeout,
)
if self.user and self.password:
ldap_auth = {
'user': self.user,
'password': self.password
}
else:
ldap_auth = {
'authentication': ldap3.SASL,
'sasl_mechanism': 'GSSAPI',
'sasl_credentials': (True,)
}
return ldap3.Connection(
server,
client_strategy=ldap3.RESTARTABLE,
auto_bind=True,
auto_encode=True,
auto_escape=True,
return_empty_attributes=False,
**ldap_auth
)
except (ldap_exceptions.LDAPSocketOpenError,
ldap_exceptions.LDAPBindError,
ldap_exceptions.LDAPMaximumRetriesError):
_LOGGER.debug('Failed to connect to %s', uri, exc_info=True)
return None 示例5: __init__
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import SASL [as 别名]
def __init__(self, url, require_tls=True):
Core.debug("creating ldap3 connection to %r", url)
serv = ldap3.Server(url,
tls=ldap3.Tls(validate=ssl.CERT_REQUIRED),
get_info=ldap3.DSA)
self.conn = ldap3.Connection(serv,
#authentication=ldap3.SASL,
#sasl_mechanism=ldap3.GSSAPI,
raise_exceptions=True)
self.conn.open()
if require_tls and not url.startswith(("ldaps://", "ldapi://")):
self.conn.start_tls()
self._controls = {c[0] for c in self.conn.server.info.supported_controls}
self._features = {c[0] for c in self.conn.server.info.supported_features} 示例6: bind_gssapi
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import SASL [as 别名]
def bind_gssapi(self, authzid=""):
self.conn.authentication = ldap3.SASL
self.conn.sasl_mechanism = ldap3.GSSAPI
self.conn.sasl_credentials = (self.conn.server.host, authzid)
self.conn.bind() 示例7: ldap_kerberos
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import SASL [as 别名]
def ldap_kerberos(domain, kdc, tgt, username, ldapconnection, hostname):
# Hackery to authenticate with ldap3 using impacket Kerberos stack
# I originally wrote this for BloodHound.py, but it works fine (tm) here too
username = Principal(username, type=constants.PrincipalNameType.NT_PRINCIPAL.value)
servername = Principal('ldap/%s' % hostname, type=constants.PrincipalNameType.NT_SRV_INST.value)
tgs, cipher, _, sessionkey = getKerberosTGS(servername, domain, kdc,
tgt['KDC_REP'], tgt['cipher'], tgt['sessionKey'])
# Let's build a NegTokenInit with a Kerberos AP_REQ
blob = SPNEGO_NegTokenInit()
# Kerberos
blob['MechTypes'] = [TypesMech['MS KRB5 - Microsoft Kerberos 5']]
# Let's extract the ticket from the TGS
tgs = decoder.decode(tgs, asn1Spec=TGS_REP())[0]
ticket = Ticket()
ticket.from_asn1(tgs['ticket'])
# Now let's build the AP_REQ
apReq = AP_REQ()
apReq['pvno'] = 5
apReq['msg-type'] = int(constants.ApplicationTagNumbers.AP_REQ.value)
opts = []
apReq['ap-options'] = constants.encodeFlags(opts)
seq_set(apReq, 'ticket', ticket.to_asn1)
authenticator = Authenticator()
authenticator['authenticator-vno'] = 5
authenticator['crealm'] = domain
seq_set(authenticator, 'cname', username.components_to_asn1)
now = datetime.datetime.utcnow()
authenticator['cusec'] = now.microsecond
authenticator['ctime'] = KerberosTime.to_asn1(now)
encodedAuthenticator = encoder.encode(authenticator)
# Key Usage 11
# AP-REQ Authenticator (includes application authenticator
# subkey), encrypted with the application session key
# (Section 5.5.1)
encryptedEncodedAuthenticator = cipher.encrypt(sessionkey, 11, encodedAuthenticator, None)
apReq['authenticator'] = noValue
apReq['authenticator']['etype'] = cipher.enctype
apReq['authenticator']['cipher'] = encryptedEncodedAuthenticator
blob['MechToken'] = encoder.encode(apReq)
# From here back to ldap3
ldapconnection.open(read_server_info=False)
request = bind_operation(ldapconnection.version, SASL, None, None, ldapconnection.sasl_mechanism, blob.getData())
response = ldapconnection.post_send_single_response(ldapconnection.send('bindRequest', request, None))[0]
ldapconnection.result = response
if response['result'] == 0:
ldapconnection.bound = True
ldapconnection.refresh_server_info()
return response['result'] == 0