ldaps and Active Directory

Michael Ströder michael at stroeder.com
Tue Feb 2 00:41:03 CET 2010

Patrick A. Treptau wrote:
> I am pulling my hair out trying to connect via ldaps to one of our AD 
> controllers.
> host = "ldaps://ad_host:636"

You should always use the fully-qualified which is in the CN of the server
certificate's subject DN.

> #openssl s_client -CAfile path/to/cert.crt -connect ad_host:636 returns 
> a successful connection

With -verify?

Ciao, Michael.

More information about the python-ldap mailing list