[python-ldap] ldap + tls + ssf
paulo bruck
paulobruck1 at gmail.com
Mon Mar 5 12:36:31 EST 2018
Hi
I have been using pyhon-ldap with success untill not - Thanks guys for
excellent work on it.
Now I'm tryng to one more step.
Nowadays I use python 2.7 + TLS for all search, add, delete and I would
like to implement SSF.
Using ldapsearch -xLLLZZ works like a charm ( I insert at cn=config.ldif a
line as)
olcSecurity: ssf=1 update_ssf=112 simple_bind=64
and my olcDatabase.mdb has
olcAccess: {0}to attrs=userPassword by self write by anonymous auth by *
none
olcAccess: {1}to attrs=shadowLastChange by self write by * read
olcAccess: {2}to * by self write by anonymous read by * read
#olcAccess: {2}to * by self write by anonymous none by * read
I would like to use as below: anonymous none)
olcAccess: {0}to attrs=userPassword by self write by anonymous auth by *
none
olcAccess: {1}to attrs=shadowLastChange by self write by * read
#olcAccess: {2}to * by self write by anonymous read by * read
olcAccess: {2}to * by self write by anonymous none by * read
But when I use it I receive this error:
Traceback (most recent call last):
File "./ldap_contato.py", line 447, in <module>
l = Ldap_Contato()
File "./ldap_contato.py", line 85, in __init__
conn.simple_bind_s(cn,password)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 223, in
simple_bind_s
resp_type, resp_data, resp_msgid, resp_ctrls =
self.result3(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 514, in
result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 521, in
result4
ldap_result =
self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in
_ldap_call
result = func(*args,**kwargs)
ldap.CONFIDENTIALITY_REQUIRED: {'info': 'confidentiality required', 'desc':
'Confidentiality required'}
and part of my connections userd:
global conn
conn = ldap.initialize('ldap://' + hostnamef)
# nao coloquei o simple_bind_s por causa do ssf
conn.simple_bind_s(cn,password)
conn.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,ldap.OPT_X_TLS_ALLOW)
conn.set_option(ldap.OPT_X_TLS_CACERTFILE,"/etc/ssl/" + hostnamed +
"/cacert.pem")
conn.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3)
conn.set_option(ldap.OPT_REFERRALS, 0)
try:
conn.start_tls_s()
# print(a)
except ldap.LDAPError as e:
with open (log,"a") as f:
f.write("erro na conexão ldap+tls info:" +
e.message['info'] + " desc:" + e.message['desc'] + "\n")
f.close()
I saw at ldapobject.py a sslxssf but I 'm not sure that I can use it
because I'm using TLS instead ssl.
any directions about what is missing?
thank's in advanced
--
Paulo Ricardo Bruck consultor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20180305/019fa6bb/attachment.html>
More information about the python-ldap
mailing list