Certificate checking on LDAP over SSL connection
Michael Ströder
michael at stroeder.com
Tue Dec 9 12:54:32 CET 2008
Alberto Lopes wrote:
>
> From what I understood from the LDAPUserFolder code, it delegates the
> SSL negotiation to the python-ldap library.
And further down the delegation path:
python-ldap -> OpenLDAP lib -> OpenSSL lib
> How can I pass the
> CAcertificate to the python-ldap layer in order to have it accepting the
> server certificate?
See Demo/initialize.py in python-ldap's source distribution.
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,'/etc/httpd/ssl.crt/myCA-cacerts.pem')
or
ldap.set_option(ldap.OPT_X_TLS_CACERTDIR,'/etc/httpd/ssl.crt')
In older versions of the OpenLDAP libs you can only set these options
globally. Not sure about 2.4.8.
I have no clue whether LDAPUserFolder makes it possible to set these
options though.
Ciao, Michael.
More information about the python-ldap
mailing list