TLS context
Jacek Konieczny
jajcus at bnet.pl
Sun Nov 11 10:18:45 CET 2001
Hi,
I was looking at the code to see how should make the support for TLS
context.
IMHO using the areguments for ldap_start_tls_s would be quite
complicated, and would probably require some low-level SSL coding.
But it seems it can be done using OpenLDAP options such as:
LDAP_OPT_X_TLS_CTX
LDAP_OPT_X_TLS_CACERTFILE
LDAP_OPT_X_TLS_CACERTDIR
LDAP_OPT_X_TLS_CERTFILE
LDAP_OPT_X_TLS_KEYFILE
LDAP_OPT_X_TLS_REQUIRE_CERT
LDAP_OPT_X_TLS_CIPHER_SUITE
LDAP_OPT_X_TLS_RANDOM_FILE
LDAP_OPT_X_TLS_NEVER
LDAP_OPT_X_TLS_HARD
LDAP_OPT_X_TLS_DEMAND
LDAP_OPT_X_TLS_ALLOW
LDAP_OPT_X_TLS_TRY
This can be done by extending getattr/setattr functions.
Of course many not TLS-related options can (and IMHO should) be added.
One more thing, which IMHO should be added is ldap_initialize()
function, which can be used to connect to LDAP server using its URI.
It would also handle ldaps:// URIs.
Should I do all/part of these?
Greets,
Jacek
More information about the python-ldap
mailing list