[Moin-user] Does LDAPAuth support ldaps? (with self-signed certs)

Matthew Franz mdfranz at gmail.com
Sun Dec 7 22:35:52 EST 2008

I have successfully configured moin to use ldap (but not ldaps) to
authenticate to our AD server.

I took a tcpdump and seen the connection attempt (3 way handshake) to
the ldap server on port 636 but the client is gracefully terminating
the connection (with a FIN) to the LDAP server prior to bind and
search. No application layer data is sent to the server.

I get this error message

2008-12-07 22:15:06,409 ERROR MoinMoin.auth.ldap_login:244 LDAP server
ldaps://x.x.x failed ({'desc': "Can't contact LDAP server"}). Trying
to authenticate with next auth list entry.

These are the SSL relevant fields

       start_tls=0, # usage of Transport Layer Security 0 = No, 1 =
Try, 2 = Required
        tls_require_cert=0, # 0 == ldap.OPT_X_TLS_NEVER (needed for
self-signed certs)
        bind_once=False, # set to True to only do one bind - useful if
configured to bind as the user on the first attempt
        autocreate=True, # set to True to automatically create/update
user profiles

the value of start_tls (0,1,2) does not seem to make any difference.

I have seen the following pages

http://moinmo.in/MoinMoinQuestions/Authentication#Notesforldaps with
the guidance

Before I start digging into python-ldap code, does anybody have
moinmoin authenticating to an LDAP server over ldaps?

CentOS5.2 - Python 2.4.3

MoinMoin 1.8.0

[root at content1 httpd]# rpm -qa | grep python-ldap


- mdf

Matthew Franz
mdfranz at gmail.com

More information about the Moin-user mailing list