SSL and AD
Michael Ströder
michael at stroeder.com
Tue Oct 17 15:21:39 CEST 2006
geert.van.muylem at utimaco.be wrote:
>
> ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,'/home/gvm/Temp/PYSSL/rootca.pem')
Does rootca.pem contain the cert of
/C=BE/L=Hoogstraten/O=CATrust/OU=PKI/CN=CAS_SK?
Or is there also an intermediate CA?
> ldap.set_option(ldap.OPT_X_TLS_CERTFILE,
> '/home/gvm/Temp/PYSSL/endor-crt.pem')
>
> ldap.set_option(ldap.OPT_X_TLS_KEYFILE,'/home/gvm/Temp/PYSSL/endor-key.pem')
Are you sure AD is configured to allow SSL client authentication?
> lconn=ldap.initialize("ldaps://eowyn.doom.be/")
> lconn.simple_bind_s ('Administrator at doom.be','system')
> lconn.unbind_s()
Seems ok. But I hope you know that using the UPN instead of a bind DB
with simple_bind_s() is proprietary feature of MS AD.
Ciao, Michael.
More information about the python-ldap
mailing list