[python3-ldap] TLS issue

python3ldap python3ldap at gmail.com
Fri Jun 13 00:24:11 CEST 2014 

Hi David,
are you sure that you must connect to the 389 port? Usually tls is on
636 port. If 389 is right probably the ca file is wrong. In that case
i need some more info. You should try to connect without CA and
without verifying the certificate chain.

Let me know.
Bye,
Giovanni


Il giovedì 12 giugno 2014, David Noriega <tsk133 at my.utsa.edu> ha scritto:

> On Windows 7 with Python 3.4.1 and python3-ldap 0.9.3.3
>
> I'm trying to create a TLS connection to an ldap server over port 389 and
> I provide the CA cert file(in pem format) but I get the following:
>
> Traceback (most recent call last):
>   File "C:\Python34\lib\site-packages\ldap3\strategy\baseStrategy.py",
> line 134,
>  in _open_socket
>     self.connection.socket =
> self.connection.server.tls.wrap_socket(self.connect
> ion, do_handshake=True)
>   File "C:\Python34\lib\site-packages\ldap3\core\tls.py", line 89, in
> wrap_socke
> t
>     wrapped_socket = ssl.wrap_socket(connection.socket,
> keyfile=self.private_key
> _file, certfile=self.certificate_file, server_side=False,
> cert_reqs=self.validat
> e, ssl_version=self.version, ca_certs=self.ca_certs_file,
> do_handshake_on_connec
> t=do_handshake)
>   File "C:\Python34\lib\ssl.py", line 888, in wrap_socket
>     ciphers=ciphers)
>   File "C:\Python34\lib\ssl.py", line 511, in __init__
>     self._context.load_verify_locations(ca_certs)
> ssl.SSLError: unknown error (_ssl.c:2734)
>
> During handling of the above exception, another exception occurred:
>
> Traceback (most recent call last):
>   File "<stdin>", line 1, in <module>
>   File "C:\Python34\lib\site-packages\ldap3\core\connection.py", line 174,
> in __
> init__
>     self.open()
>   File "C:\Python34\lib\site-packages\ldap3\strategy\syncWait.py", line
> 49, in o
> pen
>     BaseStrategy.open(self, reset_usage)
>   File "C:\Python34\lib\site-packages\ldap3\strategy\baseStrategy.py",
> line 88,
> in open
>     self._open_socket(self.connection.server.ssl)
>   File "C:\Python34\lib\site-packages\ldap3\strategy\baseStrategy.py",
> line 139,
>  in _open_socket
>     raise communication_exception_factory(LDAPSocketOpenError,
> e)(self.connectio
> n.last_error)
> ldap3.core.exceptions.LDAPSocketOpenError: ('socket ssl wrapping error:
> unknown
> error (_ssl.c:2734)',)
>


-- 
Have fun,
gc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python3-ldap/attachments/20140613/10970e00/attachment.html>

More information about the python3-ldap mailing list