I am pulling my hair out trying to connect via ldaps to one of our AD
controllers.
Everything works just fine with ldap:389, but as soon as I try to use
ldaps:636, I get this:
ldap.SERVER_DOWN: {'info': '(unknown error code)', 'desc': Can't
contact LDAP server}
My code is exactly as in Demo/initialize.py:
import sys
import ldap
ldap.set_option(ldap.OPT_REFERRALS, 0)
ldap.set_option(ldap.OPT_DEBUG_LEVEL,0)
ldapmodule_trace_level = 1
ldapmodule_trace_file = sys.stderr
host = ldaps://ad_host:636
con =
ldap.initialize(host,trace_level=ldapmodule_trace_level,trace_file=ldapmodule_trace_file)
con.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
con.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,ldap.OPT_X_TLS_DEMAND)
con.set_option(ldap.OPT_X_TLS_CACERTFILE, 'path/to/cert.crt')
con.set_option(ldap.OPT_DEBUG_LEVEL, 255)
con.bind_s(full_dn, pass)
#openssl s_client -CAfile path/to/cert.crt -connect ad_host:636 returns
a successful connection and I am also able to connect with other ldap
clients (jxplorer) with SSL and the same CA cert.
What am I missing?
Thank you,
Patrick
--
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
___
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev