Why do I get a failed to connect to LDAP URL when using Samba's Ldb Python module?

Andrew Bartlett abartlet at samba.org
Sat Aug 15 06:01:01 UTC 2015 

On Fri, 2015-08-14 at 15:36 -0700, Richard Sharpe wrote:
> On Fri, Aug 14, 2015 at 1:59 PM, Richard Sharpe
> <realrichardsharpe at gmail.com> wrote:
> > Hi folks,
> > 
> > I just got this:
> > 
> >    >>> from samba import Ldb
> >    >>> ldb_obj =
> > Ldb('ldap://drtnasdcprod01.xxxx.yyyy.eng.someorg.com',
> > credentials=creds)
> >    Failed to connect to ldap URL
> > 'ldap://drtnasdcprod01.xxxx.yyyy.eng.someorg.com' - LDAP client
> > internal error: NT_STATUS_BAD_NETWORK_NAME
> >    Failed to connect to
> > 'ldap://drtnasdcprod01.xxxx.yyyy.eng.someorg.com' with backend
> > 'ldap':(null)
> >    Traceback (most recent call last):
> >      File "<stdin>", line 1, in <module>
> >      File "/usr/lib64/python2.6/site-packages/samba/__init__.py", 
> > line
> > 114, in __init__
> >         self.connect(url, flags, options)
> >    _ldb.LdbError: (1, None)
> > 
> > It looked so easy ... but wasn't.
> > 
> > What have I done wrong?
> 
> OK, I seem to have made some progress on this:
> 
>    >>> from samba.credentials import DONT_USE_KERBEROS
>    >>> creds = Credentials()
>    >>> creds.set_kerberos_state(DONT_USE_KERBEROS)
>    >>> creds.set_username('administrator')
>    >>> creds.set_password("some-pass")
>    >>> creds.set_forced_sasl_mech("EXTERNAL")

You probably don't want this line.

>    >>> ldb_obj = Ldb("ldap://10.4.45.1", credentials=creds)
>    Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS -
> <80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext
> error, data 52e, v1db1> <>
>    Failed to connect to 'ldap://10.4.45.1' with backend 'ldap': 
> (null)
>    Traceback (most recent call last):
>      File "<stdin>", line 1, in <module>
>      File "/usr/lib64/python2.6/site-packages/samba/__init__.py", 
> line
> 114, in __init__
>        self.connect(url, flags, options)
>    _ldb.LdbError: (49, None)
> 
> However, it always tries to use simple auth and fails as above. I do
> see LDAP bind requests now, however.
> 
> Any ideas as to what I am doing wrong?
> 
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list