AuthenticationError when connecting with user having attribute 'pwdLastSet = 0'
Closed this issue · 2 comments
When connecting to an Active Directory LDAP server with a user having the attribute 'pwdLastSet = 0', bonsai throws an AuthenticationError.
This behaviour is different from the ldap3 library where the bind succeeds.
The attribute 'pwdLastSet = 0' indicates that the user must change their password upon the next succesfull login, so the currently entered credentials should still be valid when connecting.
More info on pwdLastSet: https://ldapwiki.com/wiki/Pwd-Last-Set%20attribute
Minimal code snippet with ldap3:
import ldap3
if __name__ == "__main__":
server = ldap3.Server("localhost", use_ssl=True)
conn = ldap3.Connection(server, user="username", password="password", read_only=False)
conn.bind()
print("ldap3 ok")Minimal code snippet with bonsai:
import bonsai
if __name__ == "__main__":
client = bonsai.LDAPClient("ldaps://localhost")
client.set_credentials("SIMPLE", "username", "password")
conn = client.connect()
print("bonsai ok")Resulting stack trace:
Traceback (most recent call last):
File "D:\tmp.py", line 7, in <module>
conn = client.connect()
File "C:\Python\Python310\lib\site-packages\bonsai\ldapclient.py", line 675, in connect
return LDAPConnection(self).open(timeout)
File "C:\Python\Python310\lib\site-packages\bonsai\ldapconnection.py", line 297, in open
return super().open(timeout)
File "C:\Python\Python310\lib\site-packages\bonsai\ldapconnection.py", line 53, in open
return self._evaluate(super().open(), timeout)
File "C:\Python\Python310\lib\site-packages\bonsai\ldapconnection.py", line 246, in _evaluate
return self.get_result(msg_id, timeout)
bonsai.errors.AuthenticationError: Invalid Credentials. (0x0031 [49])
Are you sure that the bind with ldap3 is successful?
When I tried to run your ldap3 example code the conn.result property also contained an authentication error for me.
You're right, my bad. The ldap3 code just didn't raise an exception, but the result contains the same error.