[python-ldap] stop tls without ldap unbind
dipti Burli
diptiburli21 at gmail.com
Wed May 24 05:25:01 EDT 2017
According to RFC I thought it was possible.
Below is what am referring. by ldap association being intact when TLS is
closed down.
4. Closing a TLS Connection
4.1. Graceful Closure
*Either the client or server MAY terminate the TLS connection on an
LDAP association by sending a TLS closure alert. This will leave the
LDAP association intact.
*
Before closing a TLS connection, the client MUST either wait for any
outstanding LDAP operations to complete, or explicitly abandon them
[LDAPv3].
After the initiator of a close has sent a closure alert, it MUST
discard any TLS messages until it has received an alert from the
other party. It will cease to send TLS Record Protocol PDUs, and
following the receipt of the alert, MAY send and receive LDAP PDUs.
The other party, if it receives a closure alert, MUST immediately
transmit a TLS closure alert. It will subsequently cease to send TLS
Record Protocol PDUs, and MAY send and receive LDAP PDUs.
Thanks,
Dipti
On Tue, May 23, 2017 at 12:46 PM, Michael Ströder <michael at stroeder.com>
wrote:
> dipti Burli wrote:
> > I do
> > conn = ldap.initialize('ldap://localhost:16611')
> > conn.start_tls_s()
> > print '\nBinding\n'
> > conn.simple_bind_s("cn=sdfrun", "sdfrun1")
> >
> > At this point i want to do something like
> >
> > #conn.stop_tls_s()
> >
> > so that the messages on this connection go as plain ldap messgaes (
> search/modify
> > etc) and not encrypted.
> >
> > How can I do that?
>
> You can't without opening a new connection (see RFC 2830).
>
> Why do you want that?
>
> Ciao, Michael.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20170524/3716c011/attachment.html>
More information about the python-ldap
mailing list