[python-ldap] ldap + tls + ssf

paulo bruck paulobruck1 at gmail.com
Mon Mar 5 12:36:31 EST 2018 

Hi

I have been using pyhon-ldap with success untill not - Thanks guys for
excellent work on it.

Now I'm tryng to one more step.

Nowadays I use python 2.7 + TLS for all search, add, delete and I would
like to implement SSF.

Using ldapsearch -xLLLZZ works like a charm ( I insert at cn=config.ldif a
line as)

olcSecurity: ssf=1 update_ssf=112 simple_bind=64

and my olcDatabase.mdb has

olcAccess: {0}to attrs=userPassword by self write by anonymous auth by *
none
olcAccess: {1}to attrs=shadowLastChange by self write by * read
olcAccess: {2}to * by self write by anonymous read by * read
#olcAccess: {2}to * by self write by anonymous none by * read

I would like to use as below: anonymous none)

olcAccess: {0}to attrs=userPassword by self write by anonymous auth by *
none
olcAccess: {1}to attrs=shadowLastChange by self write by * read
#olcAccess: {2}to * by self write by anonymous read by * read
olcAccess: {2}to * by self write by anonymous none by * read


But when I use it I receive this error:

Traceback (most recent call last):
  File "./ldap_contato.py", line 447, in <module>
    l = Ldap_Contato()
  File "./ldap_contato.py", line 85, in __init__
    conn.simple_bind_s(cn,password)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 223, in
simple_bind_s
    resp_type, resp_data, resp_msgid, resp_ctrls =
self.result3(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 514, in
result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 521, in
result4
    ldap_result =
self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in
_ldap_call
    result = func(*args,**kwargs)
ldap.CONFIDENTIALITY_REQUIRED: {'info': 'confidentiality required', 'desc':
'Confidentiality required'}


and part of my connections userd:

        global conn
        conn = ldap.initialize('ldap://' + hostnamef)

        # nao coloquei o simple_bind_s por causa do ssf
        conn.simple_bind_s(cn,password)
        conn.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,ldap.OPT_X_TLS_ALLOW)
        conn.set_option(ldap.OPT_X_TLS_CACERTFILE,"/etc/ssl/" + hostnamed +
"/cacert.pem")
        conn.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3)
        conn.set_option(ldap.OPT_REFERRALS, 0)

        try:
            conn.start_tls_s()
        #   print(a)
        except ldap.LDAPError as e:
            with open (log,"a") as f:
                f.write("erro na conexão ldap+tls info:" +
e.message['info'] + " desc:"  + e.message['desc'] + "\n")
            f.close()


I saw at ldapobject.py a sslxssf but I 'm not sure that I can use it
because I'm using TLS instead ssl.

any directions about what is missing?

thank's in advanced





-- 
Paulo Ricardo Bruck consultor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20180305/019fa6bb/attachment.html>

More information about the python-ldap mailing list