Alberto Lopes wrote:
> ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,'/path/to/my/CAcert')
> l =
> ldap.initialize('ldaps://<server>:<port>',trace_level=ldapmodule_trace_level,trace_file=ldapmodule_trace_file)
>
> l.protocol_version=ldap.VERSION3
> l.bind_s('','',ldap.AUTH_SIMPLE)
>
> Here, I got the following message:
> ldap.SERVER_DOWN: {'info': 'TLS: unable to get CN from peer
> certificate', 'desc' : "Can't contact LDAP server"}
This is rather an OpenSSL issue maybe depending on the OpenSSL version
used to build OpenLDAP libs. I'd test that with
openssl s_client first:
openssl s_client -connect <server>:<port> -CAfile /path/to/my/CAcert
> Point is, the LDAP server certificate doesn't have the "Subject" field;
> instead, it uses the "Subject Alternate Name" field in the V3 Extensions.
Well, a cert MUST have a subject DN. It might be the case that it does
not have a CN attribute. IMHO it should.
Ciao, Michael.
------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you. Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
