Re: python-ldap and SSL?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

David Casti wrote:
> 
> import ldap
> l = ldap.initialize( 'ldaps://target:636' )
> [..]
> ldap.SERVER_DOWN: {'info': 'error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed', 'desc':
> "Can't contact LDAP server"}

The message is pretty clear. The server's certificate cannot be verified.

> ldap.set_option( ldap.OPT_X_TLS_CACERTFILE, '/path/ca.crt' )

This is the right thing to do.

Can you please try something like

openssl s_client -connect target:636 -CAfile /path/ca.crt

and carefully examime its output?

Ciao, Michael.