ldap3.protocol.sasl package¶
Submodules¶
ldap3.protocol.sasl.digestMd5 module¶
ldap3.protocol.sasl.external module¶
ldap3.protocol.sasl.kerberos module¶
-
ldap3.protocol.sasl.kerberos.
sasl_gssapi
(connection, controls)[source]¶ Performs a bind using the Kerberos v5 (“GSSAPI”) SASL mechanism from RFC 4752. Does not support any security layers, only authentication!
sasl_credentials can be empty or a tuple with one or two elements. The first element determines which service principal to request a ticket for and can be one of the following:
- None or False, to use the hostname from the Server object
- True to perform a reverse DNS lookup to retrieve the canonical hostname for the hosts IP address
- A string containing the hostname
The optional second element is what authorization ID to request.
- If omitted or None, the authentication ID is used as the authorization ID
- If a string, the authorization ID to use. Should start with “dn:” or “user:”.
The optional third element is a raw gssapi credentials structure which can be used over the implicit use of a krb ccache.
ldap3.protocol.sasl.sasl module¶
-
ldap3.protocol.sasl.sasl.
sasl_prep
(data)[source]¶ implement SASLPrep profile as per RFC4013: it defines the “SASLprep” profile of the “stringprep” algorithm [StringPrep]. The profile is designed for use in Simple Authentication and Security Layer ([SASL]) mechanisms, such as [PLAIN], [CRAM-MD5], and [DIGEST-MD5]. It may be applicable where simple user names and passwords are used. This profile is not intended for use in preparing identity strings that are not simple user names (e.g., email addresses, domain names, distinguished names), or where identity or password strings that are not character data, or require different handling (e.g., case folding).