ldap.open() SSL patch

Michael Ströder michael at stroeder.com
Sat Apr 17 18:02:56 CEST 2010

ygormutti at dcc.ufba.br wrote:
> I'm a member of GrudeSL (Free Software Development Group) at UFBA  
> (Federal University of Bahia). We were trying to integrate our new  
> Django site authentication with the existing LDAP server, so we ran  
> for python-ldap and I can say it does its job very well (thank you  
> very much! :D).
> But, we are unable to connect using ldap.open() because our server use  
> the non-standardized LDAP over SSL scheme "ldaps", along with LDAPv3.  
> Although it worked when we used ldap.initialize(). So I wrote a patch  
> [1] that fix this tiny little issue, while mantaining backward  
> compatibility.

Using ldap.open() is deprecated for quite a while now. python-ldap
applications still using this function should be fixed.

Frankly I fail to see the benefit of avoiding the use of ldap.initialize(). In
both cases you have to change the application (Django in your case) to make
proper use of either ldap.open(...,ssl=True) or
ldap.initialize('ldaps://...'). In the first case it won't work with unpatched
=> I reject this patch.

Maybe I've overlooked something though.

(Hopefully this does not discourage to submit patches in the future though.)

> [1] - http://pastebin.com/HxtgRAzg

Feel free to submit patches as attachments to the mailing list next time.
Since then they get properly archived.

Ciao, Michael.

More information about the python-ldap mailing list