[python-ldap] python ldap windows OPT_X_TLS_CACERTFILE not working

Daniel Watrous dwmaillist at gmail.com
Thu Mar 17 15:40:26 EDT 2016


Hi,

I am able to make a connection to my LDAPS server with my own certificate
setting the following option on Linux
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, CACERTFILE)

However, on Windows the same approach fails with
SERVER_DOWN: {'info': 'error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed (unable to
get issuer certificate)', 'desc': "Can't contact LDAP server"}

It seems that either python-ldap can't follow the Windows based path to the
certificate OR python-ldap has a hard dependency on a Linux library that
isn't available on Windows.

Any help getting this working on Windows is appreciated. Here's a larger
snippet from my script

try:
    ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, pathtocacertfile)
    ld = ldap.initialize(host)
    ld.simple_bind_s(binduser,bindpw)
except ldap.LDAPError, error_message:
    print "Couldn't Connect. %s " % error_message

filter = ('(userPrincipalName=aperson at example.com)')
attrs = ['cn']

r = ld.search_s(base, scope, filter, attrs)


Couldn't Connect. {'info': 'error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed (unable to
get issuer certificate)', 'desc': "Can't contact LDAP server"}
Traceback (most recent call last):
  File
"C:\Users\watrous\Documents\GitHub\helion-onboarding-automation\test-ad.py",
line 23, in <module>
    r = ld.search_s(base, scope, filter, attrs)
  File "C:\Python27\lib\site-packages\ldap\ldapobject.py", line 597, in
search_s
    return
self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
  File "C:\Python27\lib\site-packages\ldap\ldapobject.py", line 590, in
search_ext_s
    msgid =
self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
  File "C:\Python27\lib\site-packages\ldap\ldapobject.py", line 586, in
search_ext
    timeout,sizelimit,
  File "C:\Python27\lib\site-packages\ldap\ldapobject.py", line 106, in
_ldap_call
    result = func(*args,**kwargs)
SERVER_DOWN: {'info': 'error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed (unable to
get issuer certificate)', 'desc': "Can't contact LDAP server"}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20160317/0816cea0/attachment.html>


More information about the python-ldap mailing list