problem with set_option and tls
Michael Ströder
michael at stroeder.com
Thu May 28 22:03:54 CEST 2009
Mike Lovell wrote:
> First off, hello everyone.
> I am working on some software that uses python-ldap that is trying to
> connect to an ldaps server. If I do this sequence
>
> import ldap
> ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/path/to/cert')
> conn = ldap.initialize('ldaps://server')
> conn.simple_bind_s('uid', 'pass')
>
> things work fine. But if I do it like this
>
> import ldap
> conn = ldap.initialize('ldaps://server')
> conn.set_option(ldap.OPT_X_TLS_CACERTFILE, '/path/to/cert')
> conn.simple_bind_s('uid', 'pass')
>
> then I get an error saying that it can't contact the server. I am
> guessing it just can't verify the server's ssl certificate and just
> saying it can't contact the server.
I guess you're using python-ldap built against OpenLDAP 2.3 client libs.
With OpenLDAP 2.4 connection-specific TLS options should be supported.
> Is this expected behavior? Is this a restriction of the underlying
> openldap client libraries?
Yupp. Version-specific.
Ciao, Michael.
More information about the python-ldap
mailing list