SSL and AD

geert.van.muylem at geert.van.muylem at
Tue Oct 17 16:03:19 CEST 2006


- rootca.pem contains the self-signed root certificate

- I'm not 100% sure if the AD allows client authentication (didn't find a 
place where 
to configure it....) but I made a small test app based on the platform sdk
and I had to import a client key first into windows...When I didn't do 
that, I also 
got the server down error. So I supposed that client authentication was 

thanks and regards,

PS My test environment:
SuSE 10.1
python: 2.4.2-18
python-ldap: 2.0.11-14

Michael Ströder <michael at>
10/17/2006 03:21 PM
        To:     geert.van.muylem at
        cc:     python-ldap-dev at
        Subject:        Re: SSL and AD

geert.van.muylem at wrote:

Does rootca.pem contain the cert of
Or is there also an intermediate CA?

>     ldap.set_option(ldap.OPT_X_TLS_CERTFILE,
> '/home/gvm/Temp/PYSSL/endor-crt.pem')

Are you sure AD is configured to allow SSL client authentication?

>     lconn=ldap.initialize("ldaps://")
>     lconn.simple_bind_s ('Administrator at','system')
>     lconn.unbind_s()

Seems ok. But I hope you know that using the UPN instead of a bind DB
with simple_bind_s() is proprietary feature of MS AD.

Ciao, Michael.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the python-ldap mailing list