[python-ldap] ValueError: option error on trying to set OPT_X_TLS_CACERTFILE

Peter Bengtsson pbengtsson at mozilla.com
Mon Feb 8 08:49:54 EST 2016


On Sun, Feb 7, 2016 at 10:31 AM, Michael Ströder <michael at stroeder.com>
wrote:

> Peter Bengtsson wrote:
> >>
> "/Users/peterbe/virtualenvs/medlem/lib/python2.7/site-packages/python_ldap-2.4.25-py2.7-macosx-10.11-x86_64.egg/ldap/functions.py",
> >>> line 64, in _ldap_function_call
> >>>     result = func(*args,**kwargs)
> >>> ValueError: option error
> >>
> >> Most times this happens if the cert file does not exist.
> >
> > Wouldn't/Shouldn't that yield a IOError then if it tries to read a file
> > that doesn't exist?
>
> The option values are all directly passed to OpenLDAP's libldap which does
> not
> know about Python's IOError exception. Also actual use of the options
> within
> libldap is lazy. Which means the error occurs when you send the first real
> LDAP
> operation through a LDAPObject instance.
>
>
I can set other options. For example,

>>> import ldap
>>> ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
>>> ldap.set_option(ldap.OPT_DEBUG_LEVEL, 4095)
>>>


> >>>> import os
> >>>> assert os.path.isfile('ldapproxy-medlem.crt')
> >>>> import ldap
> >>>> ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, 'ldapproxy-medlem.crt')
> > Traceback (most recent call last):
> >   File "<stdin>", line 1, in <module>
> >   File
> >
> "/Users/peterbe/virtualenvs/medlem/lib/python2.7/site-packages/python_ldap-2.4.25-py2.7-macosx-10.11-x86_64.egg/ldap/functions.py",
> > line 133, in set_option
> >     return _ldap_function_call(None,_ldap.set_option,option,invalue)
> >   File
> >
> "/Users/peterbe/virtualenvs/medlem/lib/python2.7/site-packages/python_ldap-2.4.25-py2.7-macosx-10.11-x86_64.egg/ldap/functions.py",
> > line 64, in _ldap_function_call
> >     result = func(*args,**kwargs)
> > ValueError: option error
> >
> > The file clearly exists.
>
> Hmm, did you also try the same with the full path name?
>
>
>>> import os
>>> os.path.isfile('ldapproxy-medlem.crt')
True
>>> os.path.abspath('ldapproxy-medlem.crt')
'/Users/peterbe/dev/MOZILLA/MEDLEM/ldap-bind/medlem/ldapproxy-medlem.crt'
>>> import ldap
>>> ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,
'/Users/peterbe/dev/MOZILLA/MEDLEM/ldap-bind/medlem/ldapproxy-medlem.crt')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File
"/Users/peterbe/virtualenvs/medlem/lib/python2.7/site-packages/python_ldap-2.4.25-py2.7-macosx-10.11-x86_64.egg/ldap/functions.py",
line 133, in set_option
    return _ldap_function_call(None,_ldap.set_option,option,invalue)
  File
"/Users/peterbe/virtualenvs/medlem/lib/python2.7/site-packages/python_ldap-2.4.25-py2.7-macosx-10.11-x86_64.egg/ldap/functions.py",
line 64, in _ldap_function_call
    result = func(*args,**kwargs)
ValueError: option error
>>>



> Anyway I'm on Linux and therefore cannot comment on any specific things
> regarding the Mac OS X installations.
>
>
I wonder if there's a way to enable more debug or tracing to get a more
descriptive error. It could very well be that the there's something wrong
with the file. For example, its chmod. Or the fact that it starts with...:
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9 (0x9)
    Signature Algorithm: sha1WithRSAEncryption
  ...

and not...:
-----BEGIN CERTIFICATE-----
MIIEETCCAvmgAwIBAgIBCTANBgkq...



-- 
Peter Bengtsson
Mozilla Tools & Services
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20160208/992ce53a/attachment.html>


More information about the python-ldap mailing list