Menu
▾
▴
Re: Ldap over SSL
|
From: Jens V. <je...@zo...> - 2002-04-26 11:53:22
|
if the LDAP server listens on a specific SSL-enabled port (meaning a = port=20 that uses the ldaps protocol, the standard port for that being 636) then=20= that is much easier to work with then StartTLS. conn =3D ldap.initialize( 'ldaps://my.ldap.server' ) etc. granted, this is not the "standard track", but it is very easy to use = and=20 works reliably. i have once or twice tried to use StartTLS but all i = ever=20 got were error messages that don't say anything about the actual error, = and=20 my need to use StartTLS instead of ldaps was never great enough for me = to=20 investigate further. jens On Friday, April 26, 2002, at 05:58 , Michael Str=F6der wrote: > Sylvain Pereira wrote: >>>> I am developping a python cgi application to administrate an ldap >>> >>> server for >>> >>>> a customer. >>> >>> What's the LDAP server product and OS? >> Well it's iPlanet Directory Server 5.1 on SunOS 8, and I already = checked=20 >> the SSL connection with a Java program (I am new to python). >> The python cgi runs on an Irix 6.5 > > If it's running on a Unix platform iDS 5.1 should also support = StartTLS=20 > extended operation (not available with Win32 version) which is the=20 > standard track (see RFC2830). > >>>>> import ldap >>>>> print ldap.__version__ >>>> >> 2.0.0pre04 >>>>> ldap.set_option >>>> >> (ldap.OPT_X_TLS_CACERTFILE,'/usr/freeware/apache/conf/cert7.db') > > That's a Netscape certificate DB for Netscape's NSS lib. Something=20 > completely different. > > OpenLDAP2 uses OpenSSL as SSL lib. Therefore just use a "PEM file"=20 > containing the certificate. The same for the cert/key when using = client=20 > certs for authentication. > > Ciao, Michael. > |
