How do do strong authentication on LDAP connection?
Michael Strder
michael at stroeder.com
Sun Mar 31 14:36:03 CEST 2002
Dirksen Lau wrote:
>
> When I try the bind operation against our department LDAP server,
> I got this
> error: ldap.STRONG_AUTH_REQUIRED: {'desc': 'Strong authentication
> required',
> 'info': 'This LDAP server does not accept cleartext passwords'}
This means you have to authenticate by presenting a client certificate which
is done during establishing the SSL connection.
> How to do the strong authentication?
1. Make yourself familiar with concepts of SSL and client certificates.
2. Ask your LDAP server admin whether you have to use LDAP over SSL to
separate port or using StartTLS extended operation.
3. Look at Demo/initialize.py to get a idea of how to connect with
python-ldap using either one of the methods.
4. Have a client certificate and matching private key at
hand as "PEM files". You have to get a client certificate which validates
against a trusted root CA cert at the LDAP server. Ask your admin.
5. Use
ldap.set_option(ldap.OPT_X_TLS_CERTFILE,client_cert_file)
ldap.set_option(ldap.OPT_X_TLS_KEYFILE,client_key_file)
to point the python-ldap and OpenLDAP libs to the files to use for strong
authentication during opening the SSL connection.
Ciao, Michael.
More information about the python-ldap
mailing list