I am currently trying to get the gssapi module for python to run on windows. My goal is to authenticate with an Active Directory using python module ldap3. gssapi is an requirement for this to work. However, installation fails because it cannot find krb5-config. On Linux it is easy to install. I installed Kerberos for Windows but it does not have krb5-config and I could not find it anywhere else (other than for Linux). Does anyone know where to find the required tools or how to continue (if it is possible at all)?
问题:
回答1:
Following the suggestion of @keithhendry (https://github.com/cannatag/ldap3/issues/190) I replaced the kerberos.py
under ldap3\protocol\sasl\
with this one.
In order to use Windows' GSSAPI, you also need to install the winkerberos package and replace the kerberos import at line 15 in kerberos.py as follows:
import winkerberos as kerberos
This works transparently because winkerberos follows the same API structure as pykerberos, on which the edited kerberos.py was based.
Now you can use authentication=SASL, sasl_mechanism=GSSAPI
when constructing the Connection
with ldap3 and everything should automagically work (assuming that the other 999 things that can go wrong with Kerberos don't go wrong).
回答2:
I couldn't get the gssapi
module to install on Windows either, but I did manage to get the ldap3
module to authenticate against Active Directory on Windows using code like this:
import ssl
import ldap3
tls_configuration = ldap3.Tls(validate=ssl.CERT_NONE,
version=ssl.PROTOCOL_TLSv1_2)
server = ldap3.Server(host='domaincontroller.example.com', port=636,
use_ssl=True, tls=tls_configuration,
get_info=ldap3.ALL)
con = ldap3.Connection(server, version=3,
auto_bind=True,
raise_exceptions=True,
user='EXAMPLE\\username',
password='MySecret',
authentication=ldap3.NTLM)