[Moin-user] Does LDAPAuth support ldaps? (with self-signed certs)
Matthew Franz
mdfranz at gmail.com
Sun Dec 7 22:35:52 EST 2008
I have successfully configured moin to use ldap (but not ldaps) to
authenticate to our AD server.
I took a tcpdump and seen the connection attempt (3 way handshake) to
the ldap server on port 636 but the client is gracefully terminating
the connection (with a FIN) to the LDAP server prior to bind and
search. No application layer data is sent to the server.
I get this error message
2008-12-07 22:15:06,409 ERROR MoinMoin.auth.ldap_login:244 LDAP server
ldaps://x.x.x failed ({'desc': "Can't contact LDAP server"}). Trying
to authenticate with next auth list entry.
These are the SSL relevant fields
start_tls=0, # usage of Transport Layer Security 0 = No, 1 =
Try, 2 = Required
tls_cacertdir='',
tls_cacertfile='',
tls_certfile='',
tls_keyfile='',
tls_require_cert=0, # 0 == ldap.OPT_X_TLS_NEVER (needed for
self-signed certs)
bind_once=False, # set to True to only do one bind - useful if
configured to bind as the user on the first attempt
autocreate=True, # set to True to automatically create/update
user profiles
the value of start_tls (0,1,2) does not seem to make any difference.
I have seen the following pages
http://moinmoin.wikiwikiweb.de/MoinMoinBugs/MissingLdapsSupport
http://moinmoin.wikiwikiweb.de/FeatureRequests/AuthLDAP
http://moinmo.in/MoinMoinQuestions/Authentication#Notesforldaps with
the guidance
Before I start digging into python-ldap code, does anybody have
moinmoin authenticating to an LDAP server over ldaps?
Details
-----------
CentOS5.2 - Python 2.4.3
MoinMoin 1.8.0
[root at content1 httpd]# rpm -qa | grep python-ldap
python-ldap-2.2.0-2.1
Thanks,
- mdf
--
Matthew Franz
mdfranz at gmail.com
More information about the Moin-user
mailing list