SSL and AD

Michael Ströder michael at
Tue Oct 17 15:21:39 CEST 2006

geert.van.muylem at wrote:
> ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,'/home/gvm/Temp/PYSSL/rootca.pem')

Does rootca.pem contain the cert of
Or is there also an intermediate CA?

>     ldap.set_option(ldap.OPT_X_TLS_CERTFILE,
> '/home/gvm/Temp/PYSSL/endor-crt.pem')
> ldap.set_option(ldap.OPT_X_TLS_KEYFILE,'/home/gvm/Temp/PYSSL/endor-key.pem')

Are you sure AD is configured to allow SSL client authentication?

>     lconn=ldap.initialize("ldaps://")
>     lconn.simple_bind_s ('Administrator at','system')
>     lconn.unbind_s()

Seems ok. But I hope you know that using the UPN instead of a bind DB
with simple_bind_s() is proprietary feature of MS AD.

Ciao, Michael.

More information about the python-ldap mailing list