Ldap over SSL
jens at zope.com
Fri Apr 26 13:53:06 CEST 2002
if the LDAP server listens on a specific SSL-enabled port (meaning a port
that uses the ldaps protocol, the standard port for that being 636) then
that is much easier to work with then StartTLS.
conn = ldap.initialize( 'ldaps://my.ldap.server' )
granted, this is not the "standard track", but it is very easy to use and
works reliably. i have once or twice tried to use StartTLS but all i ever
got were error messages that don't say anything about the actual error, and
my need to use StartTLS instead of ldaps was never great enough for me to
On Friday, April 26, 2002, at 05:58 , Michael Ströder wrote:
> Sylvain Pereira wrote:
>>>> I am developping a python cgi application to administrate an ldap
>>> server for
>>>> a customer.
>>> What's the LDAP server product and OS?
>> Well it's iPlanet Directory Server 5.1 on SunOS 8, and I already checked
>> the SSL connection with a Java program (I am new to python).
>> The python cgi runs on an Irix 6.5
> If it's running on a Unix platform iDS 5.1 should also support StartTLS
> extended operation (not available with Win32 version) which is the
> standard track (see RFC2830).
>>>>> import ldap
>>>>> print ldap.__version__
> That's a Netscape certificate DB for Netscape's NSS lib. Something
> completely different.
> OpenLDAP2 uses OpenSSL as SSL lib. Therefore just use a "PEM file"
> containing the certificate. The same for the cert/key when using client
> certs for authentication.
> Ciao, Michael.
More information about the python-ldap