The following code does not work in a couple of different places:
import sys
import ldap, ldap.ldapobject
ldap.set_option(ldap.OPT_DEBUG_LEVEL, 255)
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/path/to/ca1.pem')
conn1 = ldap.ldapobject.LDAPObject('ldaps://server1.domain:636')
#conn1.set_option(ldap.OPT_DEBUG_LEVEL, 255)
# NOTE: 1 - setting conn specific cacertfile doesn't work - only the
# module level setting seems to work
#conn1.set_option(ldap.OPT_X_TLS_CACERTFILE, '/path/to/ca1.pem')
conn1.simple_bind('mybinddn','password')
print "conn1 set up correctly"
conn1.unbind_s()
# NOTE: 2 - although this appears to work i.e. get_option returns the new
# one, the code never attempts to open /path/to/ca2.pem - I've validated
this via strace
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/path/to/ca2.pem')
print "cacert file =", ldap.get_option(ldap.OPT_X_TLS_CACERTFILE)
ldap.set_option(ldap.OPT_DEBUG_LEVEL, 0) # this works
conn2 = ldap.initialize('ldaps://server2.domain:636')
#conn2.set_option(ldap.OPT_DEBUG_LEVEL, 255)
# again, conn specific setting does not work
conn2.set_option(ldap.OPT_X_TLS_CACERTFILE, '/path/to/ca2.pem')
print "conn2 cacertfile=", conn2.get_option(ldap.OPT_X_TLS_CACERTFILE)
conn2.simple_bind("binddn2","password2") # errors here - cannot verify
peer server ssl cert
print "conn2 set up correctly"
Is it possible to use two different CA certs in a single python-ldap
app? I've tried using both version 2.2.0 on rhel5 and version 2.3.1 on
fedora 9
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
