[Samba] "00002020: Operation unavailable without authentication" using python-ldap
Rowland Penny
rpenny at samba.org
Sun Apr 7 08:24:20 UTC 2019
On Sun, 7 Apr 2019 00:41:23 -0400
Jonathon Reinhart <jonathon.reinhart at gmail.com> wrote:
> Thanks for the example, Rowland.
Whilst it was an example, it was actual code lifted from Samba's user.py
If you run 'samba-tool user list' on a DC, it is the actual code that
is run.
>
> Does ldb work against remote servers as well? I thought it was only
> for local, file-based access.
Yes it does work on the wire, you can use samba-tool with the '-H' or
'--URL=url' options.
For instance 'sudo samba-tool user list -H ldap://dc4' run on a Unix
domain member will list all users in AD.
>
> In general, I just wanted to use my Samba AD as an environment to
> learn more about writing software against using LDAP. There are a few
> applications I'm planning to develop, and I'd like to use actual LDAP
> so they could be applicable to Samba or Microsoft AD servers.
Can I suggest you examine the Samba source code, if you download the
latest tarball:
https://download.samba.org/pub/samba/stable/samba-4.10.1.tar.gz
Extract and open it, you will find a directory called 'python'
>
> I added some more information on the GitHub issue (
> https://github.com/python-ldap/python-ldap/issues/275); it looks like
> there is some sort of nasty race condition, because while the LDAP
> search usually fails, it will work if I start an asynchronous search
> without waiting on it.
>
> I'm not sure if the problem lies in Samba's LDAP server, the
> python-gitlab library, or somewhere in between (possibly in the SASL
> or GSSAPI code). I'm still looking into it, but I wanted to see if
> anyone here had ever seen anything similar.
This is probably a python-ldap problem, but if you use ldbsearch etc,
kerberos does work. The syntax is slightly different from ldapsearch,
see 'ldbsearch --help' and:
https://wiki.samba.org/index.php/LDB
Rowland
More information about the samba
mailing list