ldaps and Active Directory
Michael Ströder
michael at stroeder.com
Fri Sep 3 23:23:53 CEST 2010
Josh wrote:
>> Patrick A. Treptau wrote:
>>> I am pulling my hair out trying to connect via ldaps to one of our AD
>>> controllers.
>>>
>>> host = "ldaps://ad_host:636"
>>
>> You should always use the fully-qualified which is in the CN of the server
>> certificate's subject DN.
>
> Patrick isn't the only one running into the issue by the way, I see if appearing
> for me as well. Windows 2008 server, getting ldap.SERVER_DOWN: {'info':
> '(unknown error code)', 'desc': "Can't contact LDAP server"} When I try to
> connect with ldaps:// to our host using it's FQDN.
As said try to debug with
openssl s_client -connect ad_host:636 -verify
(use -CApath or -CAfile options)
preferrably using the OpenSSL command-line tool linked to the same libs like
python-ldap.
Ciao, Michael.
More information about the python-ldap
mailing list