[python-ldap] Modifying user attributes
Ziad Badawi
ziadbad at gmail.com
Wed Feb 25 08:21:52 CET 2015
On Tue, Feb 24, 2015 at 6:32 PM, Michael Ströder <michael at stroeder.com>
wrote:
> Ziad Badawi wrote:
> > l = ldap.initialize('ldaps://domain.local:636')
> >
> > l.simple_bind_s('user', 'passwd')
> > [..]
> > When I execute this, I get
> > ldap.SERVER_DOWN: {'info': 'TLS error -5939:No more entries in the
> > directory', 'desc': "Can't contact LDAP server"}
>
> This is a TLS related error probably occuring at l.simple_bind_s(). Use
> ldap.initialize('ldaps://domain.local:636',trace_level=1) (or higher trace
> level) to see details. Beware that password is sent to trace output.
>
> After checking the trace, it does fail on simple_bind_s.
> I don't see where you set the CA cert(s) used to validate the server cert.
I do not know how to use that and I used
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) to avoid
using TLS as I learned.
> > and I am not sure what it means, but the strange thing is when I execute
> > this another time, it works fine and the attribute is modified
> >
> > Any idea what is going on here? and what is the solution?
>
> Is there a load balancer in front of ldaps://domain.local:636 and your
> requests are passed to different replicas/instances?
>
> No load balancers
> Ciao, Michael.
>
>
>
--
Z
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20150225/5e0bf3dc/attachment-0001.html>
More information about the python-ldap
mailing list