FAQ
I would like to write a python web service that would take a username and password entered on a
web form and authenticate to Active directory. A few questions about this.

1. How can I do it :-)
2. I would like the script to be in the same server as the websites which is a linux box. So I need it to call active
directory on a M$ box. If this is too hard could someone at least explain the process if I make this a service
on the M$ box. Which I guess I can do if keeping it on the Linux box is too much.
3. I would like to expand the service so that I could check the computer the user is on and not make them enter a
username and password if they are already logged in to the domain. I huess I would have to use Java Script for
this. Any ideas here?

Thank you in advance.

Jason Tesser
Web/Multimedia Programmer
Northland Ministries Inc.
(715)324-6900 x3050

Search Discussions

  • Jason Tesser at Nov 25, 2003 at 12:10 pm
    Has nobody tried to do this kind of thing?

    -----Original Message-----
    From: python-list-bounces+jtesser=nbbc.edu at python.org
    [mailto:python-list-bounces+jtesser=nbbc.edu at python.org]On Behalf Of
    Jason Tesser
    Sent: Monday, November 24, 2003 7:00 AM
    To: Python List (E-mail)
    Subject: Web Authentication to AD


    I would like to write a python web service that would take a username and password entered on a
    web form and authenticate to Active directory. A few questions about this.

    1. How can I do it :-)
    2. I would like the script to be in the same server as the websites which is a linux box. So I need it to call active
    directory on a M$ box. If this is too hard could someone at least explain the process if I make this a service
    on the M$ box. Which I guess I can do if keeping it on the Linux box is too much.
    3. I would like to expand the service so that I could check the computer the user is on and not make them enter a
    username and password if they are already logged in to the domain. I huess I would have to use Java Script for
    this. Any ideas here?

    Thank you in advance.

    Jason Tesser
    Web/Multimedia Programmer
    Northland Ministries Inc.
    (715)324-6900 x3050
  • Gerhard Häring at Nov 25, 2003 at 12:17 pm

    Jason Tesser wrote:
    Has nobody tried to do this kind of thing? [...]
    Not me. However, the easiest solution probably to use the integrated
    Windows authentication of IIS on win32.

    -- Gerhard
  • Gerhard Häring at Nov 25, 2003 at 12:25 pm

    Gerhard H?ring wrote:
    Jason Tesser wrote:
    Has nobody tried to do this kind of thing? [...]
    Not me. However, the easiest solution probably to use the integrated
    Windows authentication of IIS on win32.
    If it must run on Unix, you could probably let your web service run
    under Apache and use mod_ntlm for authentication.

    A freshmeat.net search for ntlm might also provide useful software for
    your task.

    I haven't tried any of these yet, though.

    -- Gerhard
  • Jason Tesser at Nov 25, 2003 at 12:37 pm
    HI,

    <snip>
    If it must run on Unix, you could probably let your web service run
    under Apache and use mod_ntlm for authentication.
    That is an old project though with no work being done on it. Plus it doesn't
    do exactly what I am trying to do. I think the best thing for me to do is as
    follows: I am just not sure how to do it all yet :-)

    Maybe make a python web service talk use pam. That should work as pam can
    do the rest I think. Maybe something with oldap. There has to be a good way
    in python to accomplish this.

    <snip>
    http://mail.python.org/mailman/listinfo/python-list
  • Stephan Diehl at Nov 25, 2003 at 1:22 pm

    Jason Tesser wrote:

    Has nobody tried to do this kind of thing?

    -----Original Message-----
    From: python-list-bounces+jtesser=nbbc.edu at python.org
    [mailto:python-list-bounces+jtesser=nbbc.edu at python.org]On Behalf Of
    Jason Tesser
    Sent: Monday, November 24, 2003 7:00 AM
    To: Python List (E-mail)
    Subject: Web Authentication to AD


    I would like to write a python web service that would take a username and
    password entered on a
    web form and authenticate to Active directory. A few questions about
    this.

    1. How can I do it :-)
    2. I would like the script to be in the same server as the websites which
    is a linux box. So I need it to call active
    directory on a M$ box. If this is too hard could someone at least explain
    the process if I make this a service on the M$ box. Which I guess I can do
    if keeping it on the Linux box is too much.
    3. I would like to expand the service so that I could check the computer
    the user is on and not make them enter a
    username and password if they are already logged in to the domain. I
    huess I would have to use Java Script for
    this. Any ideas here?

    Thank you in advance.

    Jason Tesser
    Web/Multimedia Programmer
    Northland Ministries Inc.
    (715)324-6900 x3050
    You mean probably something like the following script.
    This could be used to get info about other users, so basicly, there must be
    a already a fixed known user on AD to bind to.
    At the heart of it: if you can bind successfully with specific user
    credentials, the user is authenticated.
    With my script, the predefined user is needed, because users want to
    authenticate against their sAMAccountName and not their LDAP USER DN (which
    nobody knows anyway).
    By the way, I wouldn't consider this script as secure since everything is
    transported over the network in cleartext.

    ---------------------------------------------------------------------
    import ldap
    from pprint import pprint

    HOST = "IP OF AD SERVER"
    USER = "SEARCH USER DN"
    PASSWD = "SEARCH USER PASSWORD"
    SEARCHDN = "SEARCHDN"

    class LDAPAuth:
    def __init__(self,host=HOST,user=USER,passwd=PASSWD):
    self.host = host
    self.conn = conn = ldap.open(host)
    conn.protocol_version = ldap.VERSION3
    conn.simple_bind_s(user,passwd)

    def authenticate(self,user='',passwd=''):
    userdata = self.conn.search_s(SEARCHDN,
    ldap.SCOPE_SUBTREE,
    'sAMAccountName=%s' % user)
    if len(userdata) == 1:
    dn = userdata[0][0]
    try:
    l = ldap.open(self.host)
    l.protocol_version = ldap.VERSION3
    l.simple_bind_s(dn,passwd)
    l.search_s(SEARCHDN,ldap.SCOPE_SUBTREE,'objectType=bla')
    l.unbind_s()
    return True
    except ldap.LDAPError:
    return False
    else:
    return False

    def getInfoAbout(self,user):
    return self.conn.search_s(SEARCHDN,
    ldap.SCOPE_SUBTREE,
    'sAMAccountName=%s' % user)

    if __name__ == '__main__':
    import getopt
    import sys

    helpmsg = """USAGE: ldapauth -h : print this message
    ldapauth -u <name> -p <passwd> : check user credentials
    ldapauth -i <name> : info about user"""

    opts,args = getopt.getopt(sys.argv[1:],'u:p:i:h')
    od = {}
    for o,v in opts:
    od[o[1:]] = v
    if od.has_key('h'):
    print helpmsg
    else:
    l = LDAPAuth()
    if od.has_key('i'):
    pprint(l.getInfoAbout('%s' % od['i']))
    elif od.has_key('u') and od.has_key('p'):
    res = l.authenticate(od['u'],od['p'])
    if res:
    print "Right credentials"
    else:
    print "Wrong credentials"
    else: print helpmsg
  • Robert Brewer at Nov 25, 2003 at 5:36 pm
    I haven't tried *writing* that myself, but I've *used* samba's winbindd
    daemon to good effect. You might check their approach and see if that
    would work for you.

    http://us2.samba.org/samba/docs/man/winbindd.8.html


    Robert Brewer
    MIS
    Amor Ministries
    fumanchu at amor.org
    -----Original Message-----
    From: Jason Tesser [mailto:JTesser at nbbc.edu]
    Sent: Tuesday, November 25, 2003 4:10 AM
    To: Python List (E-mail)
    Subject: RE: Web Authentication to AD


    Has nobody tried to do this kind of thing?

    -----Original Message-----
    From: python-list-bounces+jtesser=nbbc.edu at python.org
    [mailto:python-list-bounces+jtesser=nbbc.edu at python.org]On Behalf Of
    Jason Tesser
    Sent: Monday, November 24, 2003 7:00 AM
    To: Python List (E-mail)
    Subject: Web Authentication to AD


    I would like to write a python web service that would take a
    username and password entered on a
    web form and authenticate to Active directory. A few
    questions about this.

    1. How can I do it :-)
    2. I would like the script to be in the same server as the
    websites which is a linux box. So I need it to call active
    directory on a M$ box. If this is too hard could someone at
    least explain the process if I make this a service
    on the M$ box. Which I guess I can do if keeping it on the
    Linux box is too much.
    3. I would like to expand the service so that I could check
    the computer the user is on and not make them enter a
    username and password if they are already logged in to the
    domain. I huess I would have to use Java Script for
    this. Any ideas here?

    Thank you in advance.

    Jason Tesser
    Web/Multimedia Programmer
    Northland Ministries Inc.
    (715)324-6900 x3050


    --
    http://mail.python.org/mailman/listinfo/python-list

    --
    http://mail.python.org/mailman/listinfo/python-list

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppython-list @
categoriespython
postedNov 24, '03 at 1:00p
activeNov 25, '03 at 5:36p
posts7
users4
websitepython.org

People

Translate

site design / logo © 2022 Grokbase