[Moin-user] Does LDAPAuth support ldaps? (with self-signed certs)

Sun, 07 Dec 2008 19:37:23 -0800 

I have successfully configured moin to use ldap (but not ldaps) to
authenticate to our AD server.

I took a tcpdump and seen the connection attempt (3 way handshake) to
the ldap server on port 636 but the client is gracefully terminating
the connection (with a FIN) to the LDAP server prior to bind and
search. No application layer data is sent to the server.

I get this error message

2008-12-07 22:15:06,409 ERROR MoinMoin.auth.ldap_login:244 LDAP server
ldaps://x.x.x failed ({'desc': "Can't contact LDAP server"}). Trying
to authenticate with next auth list entry.

These are the SSL relevant fields

       start_tls=0, # usage of Transport Layer Security 0 = No, 1 =
Try, 2 = Required
        tls_cacertdir='',
        tls_cacertfile='',
        tls_certfile='',
        tls_keyfile='',
        tls_require_cert=0, # 0 == ldap.OPT_X_TLS_NEVER (needed for
self-signed certs)
        bind_once=False, # set to True to only do one bind - useful if
configured to bind as the user on the first attempt
        autocreate=True, # set to True to automatically create/update
user profiles

the value of start_tls (0,1,2) does not seem to make any difference.

I have seen the following pages

http://moinmoin.wikiwikiweb.de/MoinMoinBugs/MissingLdapsSupport
http://moinmoin.wikiwikiweb.de/FeatureRequests/AuthLDAP
http://moinmo.in/MoinMoinQuestions/Authentication#Notesforldaps with
the guidance

Before I start digging into python-ldap code, does anybody have
moinmoin authenticating to an LDAP server over ldaps?


Details
-----------
CentOS5.2 - Python 2.4.3

MoinMoin 1.8.0

[EMAIL PROTECTED] httpd]# rpm -qa | grep python-ldap
python-ldap-2.2.0-2.1


Thanks,

- mdf

--
Matthew Franz
[EMAIL PROTECTED]

------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
Moin-user mailing list
Moin-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/moin-user

Reply via email to