Re: problem with set_option and tls

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Mike Lovell wrote:
> First off, hello everyone.
> I am working on some software that uses python-ldap that is trying to 
> connect to an ldaps server. If I do this sequence
> 
> import ldap
> ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/path/to/cert')
> conn = ldap.initialize('ldaps://server')
> conn.simple_bind_s('uid', 'pass')
> 
> things work fine. But if I do it like this
> 
> import ldap
> conn = ldap.initialize('ldaps://server')
> conn.set_option(ldap.OPT_X_TLS_CACERTFILE, '/path/to/cert')
> conn.simple_bind_s('uid', 'pass')
> 
> then I get an error saying that it can't contact the server. I am 
> guessing it just can't verify the server's ssl certificate and just 
> saying it can't contact the server.

I guess you're using python-ldap built against OpenLDAP 2.3 client libs.
With OpenLDAP 2.4 connection-specific TLS options should be supported.

> Is this expected behavior? Is this a restriction of the underlying 
> openldap client libraries?

Yupp. Version-specific.

Ciao, Michael.