Hanging during ldaps

Mauro Cicognini mcicogni at libero.it
Mon Jan 5 19:51:59 CET 2004 

Goucher, Adam wrote:

>I'm trying to use python-ldap to connect to an iplanet 5.1 ldap.
>Connecting via ldap:// works, but the script is hanging when connecting
>through ldaps://. Can anyone see what I am doing wrong?
>
><script>
>import ldap
>ldap.set_option(ldap.OPT_DEBUG_LEVEL, 5)
>
># build our uri
>uri = "ldaps://ldap_host:6360"
>
># connect to the ldap server
>p_handle = ldap.initialize(uri)
>p_handle.protocol_version = ldap.VERSION3
>
># bind
>p_handle.simple_bind("cn=directory manager", "*****")
>
># search so we know we are connected
>p_search = p_handle.search("", ldap.SCOPE_BASE, "objectclass=*")
>  
>
This call looks strange to me: iPlanet has always wanted a real base 
there (i.e., no "" as you possibly could using Active Directory, but a 
correct search base for your server like "dc=ldapserver, dc=acme, 
dc=com" or similar).

If you say it does work using plain LDAP, however, this cannot be the 
reason for your script hanging, still I'm amazed it does, the RFC 
clearly states that you must explicitly set the search base and iPlanet 
have always prided themselves in being standards compliant (not like 
that other major software vendor ;-)

>p_return = p_handle.result(p_search)
>res_type, res_values = p_return
>print res_values
></script>
>
><output>
>ldap_create
>ldap_url_parse_ext(ldaps://ldap_host:6360)
>ldap_bind
>ldap_simple_bind
>ldap_sasl_bind
>ldap_send_initial_request
>ldap_new_connection
>ldap_int_open_connection
>ldap_connect_to_host: TCP ldap_host:6360
>ldap_new_socket: 1904
>ldap_prepare_socket: 1904
>ldap_connect_to_host: Trying ldap_ip:6360
>ldap_connect_timeout: fd: 1904 tm: -1 async: 0
>ldap_ndelay_on: 1904
>ldap_ndelay_off: 1904
>ldap_open_defconn: successful
>ldap_send_server_request
>ldap_search_ext
>put_filter: "objectclass=*"
>put_filter: default
>put_simple_filter: "objectclass=*"
>ldap_send_initial_request
>ldap_send_server_request
>ldap_result msgid 2
>ldap_chkResponseList for msgid=2, all=1
>ldap_chkResponseList for msgid=2, all=1
>ldap_int_select
></ouput>
>
>I am using python 2.3.2 for windows, and the python-ldap module found at
>http://www.zope.org/Members/volkerw/LdapWin32.dsdfs 
>  
>
I don't know this module, however you might want to give a try to my 
Win32 binary of Python-LDAP, you can find it at 
http://www.siosistemi.it/~mcicogni/ at the beginning of the page under 
"Python stuff".
Beware, your mileage may vary.

If this doesn't work, either, it *might* be that your server isn't 
configured correctly (i.e., TLS Certificates and such): do other LDAPS 
client work?

Mauro

More information about the python-ldap mailing list