You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
So you’re using an LDAP simple bind. This type of authentication generally doesn’t work for cross-domain users because the user’s password doesn’t live in the trusting domain you’re logging into. Also Simple binds often don’t carry domain info
Instead, you’ll want to try either NTLM or Kerberos authentication. With NTLM, the domain controller in the second domain can use passthrough authentication to check up against your user’s primary domain. With kerberos, your client can exchange their TGT for their primary domain to get a ldap service ticket in the second domain at the time of auth
Kerberos requires a bit more client-side configuration, but it is supported (assuming the underlying OS is configured for sasl and kerberos). But that doesn’t support using a password. To use a password, and given your style of username specification, it seems like you might want to try ntlm authentication
When trying to connect to LDAP server in Domain A using a user in Domain B, following error is thrown, even though the credentials are 100% correct:
ldap3.core.exceptions.LDAPBindError: automatic bind not successful - invalidCredentials
Here's the code example:
Same code works when LDAP server and user are in the same domain.
I have found other people facing the same problem in Stack Overflow, but no reply:
https://stackoverflow.com/questions/55971981/python-3-ldap3-connect-to-ad-with-user-from-a-different-domain
Is this not supported by ldap3 at all? Or is it just a bug? I appreciate any support.
Thanks,
Furkan
The text was updated successfully, but these errors were encountered: