-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add LDAP Channel Binding to GetUserSPNs.py #1652
base: master
Are you sure you want to change the base?
Conversation
Working as of Feb 2024. Nice work @deadjakk , hopefully they merge it soon? |
I've installed this code in a
Lab environment consists of a Windows 2016 DC. I'll attempt to debug the cause of the issue, but for now I believe it has something to do with ldap3 returning a different style of parameters than expected by GetUserSPNs.py. |
Apologies, I did not see this, I guess the notification from GitHub slipped by me. I just pushed another commit that filters these out (and handles null group membership). |
Setting this PR on-hold as we are not linking either through requirements or code, against dev version of our dependencies. Let's hope ldap3 new version gets released soon. Thanks |
I made this for myself and thought I'd throw it up here in case anyone else wanted it.
It should fix this issue by adding LDAP channel binding support via ly4k's ldap3 fork.
I will say the solution is a little less than elegant given it uses ldap3 for all connection attempts except Kerberos which still uses the old python-ldap and SPN processing logic.
It will automagically end up using LDAP channel binding by running through the bind failures or you can force it with
-ldap-channel-binding
Tested working.