ActiveDirectory Class
Properties Methods Events Configuration Settings Errors
The ActiveDirectory class can be used to authenticate users against Active Directory using Kerberos 5.0.
Syntax
class ipworksauth.ActiveDirectory
Remarks
The ActiveDirectory class authenticates users against Active Directory. Authentication is performed using the Kerberos protocol defined in RFC 1510 and RFC 4120.
Authentication
When authenticate is called the class will attempt to authenticate the user with the Active Directory server. The class will communicate with the ad_host to obtain a service ticket and populate auth_token. The following properties are required when calling this method:
A typical sequence of messages would be:
- KRB_AS_REQ -> KDC
- KRB_AS_REP <- KDC
- KRB_TGS_REQ -> KDC
- KRB_TGS_REP <- KDC
- auth_token is populated with the constructed KRB_AP_REP message.
Communication with the ad_host can be seen through the on_pi_trail event.
Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
| ad_host | The domain name or IP address of the Active Directory server. |
| ad_port | The port for the Active Directory server. |
| auth_mechanism | The authentication mechanism to be used when connecting to the Active Directory server. |
| auth_token | The authentication token. |
| password | The user's password. |
| spn | The Service Principal Name (SPN). |
| timeout | A timeout for the class. |
| user | The name and domain of the user to authenticate. |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
| authenticate | Authenticates the user. |
| change_password | Changes the password for the specified user. |
| config | Sets or retrieves a configuration setting. |
| do_events | Processes events from the internal message queue. |
| interrupt | Interrupt the current method. |
| list_computers | Lists all computers in the directory. |
| list_group_members | List all members of a group. |
| list_groups | List all groups in the directory. |
| list_user_groups | Lists all groups a user is a part of. |
| reset | Resets the class properties to their default values. |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
| on_computer_list | Fired for each computer entry returned. |
| on_error | Information about errors during data delivery. |
| on_group_list | Fired for each group entry returned. |
| on_log | Fires once for each log message. |
| on_pi_trail | Traces the messages sent to the server, and the respective replies. |
| on_user_list | Fired once for each user entry returned. |
Configuration Settings
The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.
| CredentialsCacheFile | The credentials cache file. |
| EncodeAuthToken | Whether to Base64 encode the AuthToken. |
| EncryptionTypes | The encryption types used during authentication. |
| KeytabFile | The Kerberos Keytab file. |
| LogKerberosPackets | Whether to include the raw Kerberos packets in PITrail output. |
| LogLevel | The level of detail that is logged. |
| UsePlatformKerberosAPI | Whether to use the platform Kerberos API. |
| ConnectionTimeout | Sets a separate timeout value for establishing a connection. |
| FirewallAutoDetect | Tells the class whether or not to automatically detect and use firewall system settings, if available. |
| FirewallHost | Name or IP address of firewall (optional). |
| FirewallPassword | Password to be used if authentication is to be used when connecting through the firewall. |
| FirewallPort | The TCP port for the FirewallHost;. |
| FirewallType | Determines the type of firewall to connect through. |
| FirewallUser | A user name if authentication is to be used connecting through a firewall. |
| KeepAliveInterval | The retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received. |
| KeepAliveTime | The inactivity time in milliseconds before a TCP keep-alive packet is sent. |
| Linger | When set to True, connections are terminated gracefully. |
| LingerTime | Time in seconds to have the connection linger. |
| LocalHost | The name of the local host through which connections are initiated or accepted. |
| LocalPort | The port in the local host where the class binds. |
| MaxLineLength | The maximum amount of data to accumulate when no EOL is found. |
| MaxTransferRate | The transfer rate limit in bytes per second. |
| ProxyExceptionsList | A semicolon separated list of hosts and IPs to bypass when using a proxy. |
| TCPKeepAlive | Determines whether or not the keep alive socket option is enabled. |
| TcpNoDelay | Whether or not to delay when sending packets. |
| UseIPv6 | Whether to use IPv6. |
| AbsoluteTimeout | Determines whether timeouts are inactivity timeouts or absolute timeouts. |
| FirewallData | Used to send extra data to the firewall. |
| InBufferSize | The size in bytes of the incoming queue of the socket. |
| OutBufferSize | The size in bytes of the outgoing queue of the socket. |
| BuildInfo | Information about the product's build. |
| CodePage | The system code page used for Unicode to Multibyte translations. |
| LicenseInfo | Information about the current license. |
| ProcessIdleEvents | Whether the class uses its internal event loop to process events when the main thread is idle. |
| SelectWaitMillis | The length of time in milliseconds the class will wait when DoEvents is called if there are no events to process. |
| UseInternalSecurityAPI | Tells the class whether or not to use the system security libraries or an internal implementation. |