Ldap over SSL

Jens Vagelpohl jens at zope.com
Fri Apr 26 13:53:06 CEST 2002


if the LDAP server listens on a specific SSL-enabled port (meaning a port 
that uses the ldaps protocol, the standard port for that being 636) then 
that is much easier to work with then StartTLS.

conn = ldap.initialize( 'ldaps://my.ldap.server' )
etc.

granted, this is not the "standard track", but it is very easy to use and 
works reliably. i have once or twice tried to use StartTLS but all i ever 
got were error messages that don't say anything about the actual error, and 
my need to use StartTLS instead of ldaps was never great enough for me to 
investigate further.

jens


On Friday, April 26, 2002, at 05:58 , Michael Ströder wrote:

> Sylvain Pereira wrote:
>>>> I am developping a python cgi application to administrate an ldap
>>>
>>> server for
>>>
>>>> a customer.
>>>
>>> What's the LDAP server product and OS?
>> Well it's iPlanet Directory Server 5.1 on SunOS 8, and I already checked 
>> the SSL connection with a Java program (I am new to python).
>> The python cgi runs on an Irix 6.5
>
> If it's running on a Unix platform iDS 5.1 should also support StartTLS 
> extended operation (not available with Win32 version) which is the 
> standard track (see RFC2830).
>
>>>>> import ldap
>>>>> print ldap.__version__
>>>>
>> 2.0.0pre04
>>>>> ldap.set_option
>>>>
>> (ldap.OPT_X_TLS_CACERTFILE,'/usr/freeware/apache/conf/cert7.db')
>
> That's a Netscape certificate DB for Netscape's NSS lib. Something 
> completely different.
>
> OpenLDAP2 uses OpenSSL as SSL lib. Therefore just use a "PEM file" 
> containing the certificate. The same for the cert/key when using client 
> certs for authentication.
>
> Ciao, Michael.
>





More information about the python-ldap mailing list