Re: SSL and AD

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

gee...@ut... wrote:
>    
> ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,'/home/gvm/Temp/PYSSL/rootca.pem')

Does rootca.pem contain the cert of
/C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=CAS_SK?
Or is there also an intermediate CA?

>     ldap.set_option(ldap.OPT_X_TLS_CERTFILE,
> '/home/gvm/Temp/PYSSL/endor-crt.pem')
>    
> ldap.set_option(ldap.OPT_X_TLS_KEYFILE,'/home/gvm/Temp/PYSSL/endor-key.pem')

Are you sure AD is configured to allow SSL client authentication?

>     lconn=ldap.initialize("ldaps://eowyn.doom.be/")
>     lconn.simple_bind_s ('Adm...@do...','system')
>     lconn.unbind_s()

Seems ok. But I hope you know that using the UPN instead of a bind DB
with simple_bind_s() is proprietary feature of MS AD.

Ciao, Michael.