Prasad Katti wrote: > I am writing a command line tool in python to generate one time > passwords/tokens. The command line tool will have certain sub-commands like > --generate-token and --list-all-tokens for example. I want to restrict > access to certain sub-commands. In this case, when user tries to generate a > new token, I want him/her to authenticate against AD server first.
This does not sound secure: The user can easily use a modified copy of your script. > I have looked at python-ldap and I am even able to bind to the AD server. > In my application I have a function > > def authenticate_user(username, password): pass > > which gets username and plain-text password. How do I use the LDAPObject > instance to validate these credentials? You probably want to use http://www.python-ldap.org/doc/html/ldap.html#ldap.LDAPObject.simple_bind_s Check whether password is non-zero before because most LDAP servers consider an empty password as anon simple bind even if the bind-DN is set. Ciao, Michael. -- https://mail.python.org/mailman/listinfo/python-list
