Re: SSL and AD

[<gee...@ut...>]

Hi All,

Strange things are happening: It sometimes works. I can sometime make an=20
ssl connection with client authentication,
search for some entries,,,

What could be the reason? some network timeout issues?

Regards,
Geert





Michael Str=F6der <mi...@st...>
Sent by: pyt...@li...
10/17/2006 03:21 PM
=20
        To:     gee...@ut...
        cc:     pyt...@li...
        Subject:        Re: SSL and AD


gee...@ut... wrote:
>
>=20
ldap.set=5Foption(ldap.OPT=5FX=5FTLS=5FCACERTFILE,'/home/gvm/Temp/PYSSL/roo=
tca.pem')

Does rootca.pem contain the cert of
/C=3DBE/L=3DHoogstraten/O=3DCATrust/OU=3DPKI/CN=3DCAS=5FSK?
Or is there also an intermediate CA?

>     ldap.set=5Foption(ldap.OPT=5FX=5FTLS=5FCERTFILE,
> '/home/gvm/Temp/PYSSL/endor-crt.pem')
>
>=20
ldap.set=5Foption(ldap.OPT=5FX=5FTLS=5FKEYFILE,'/home/gvm/Temp/PYSSL/endor-=
key.pem')

Are you sure AD is configured to allow SSL client authentication?

>     lconn=3Dldap.initialize("ldaps://eowyn.doom.be/")
>     lconn.simple=5Fbind=5Fs ('Adm...@do...','system')
>     lconn.unbind=5Fs()

Seems ok. But I hope you know that using the UPN instead of a bind DB
with simple=5Fbind=5Fs() is proprietary feature of MS AD.

Ciao, Michael.

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job=20
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D1=
21642
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
Python-LDAP-dev mailing list
Pyt...@li...
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev