ldaps and Active Directory

Michael Ströder michael at stroeder.com
Fri Sep 3 23:23:53 CEST 2010

Josh wrote:
>> Patrick A. Treptau wrote:
>>> I am pulling my hair out trying to connect via ldaps to one of our AD 
>>> controllers.
>>> host = "ldaps://ad_host:636"
>> You should always use the fully-qualified which is in the CN of the server
>> certificate's subject DN.
> Patrick isn't the only one running into the issue by the way, I see if appearing 
> for me as well. Windows 2008 server, getting ldap.SERVER_DOWN: {'info': 
> '(unknown error code)', 'desc': "Can't contact LDAP server"} When I try to 
> connect with ldaps:// to our host using it's FQDN.

As said try to debug with

openssl s_client -connect ad_host:636 -verify

(use -CApath or -CAfile options)

preferrably using the OpenSSL command-line tool linked to the same libs like

Ciao, Michael.

More information about the python-ldap mailing list