ldap.OPT_X_TLS_REQUIRE_CERT设置为ldap.OPT_X_TLS_NEVER时出现Python LDAP TLS错误

时间:2016-06-30 18:31:16

标签: python ssl ldap

使用python-ldap时我将ldap.OPT_X_TLS_REQUIRE_CERT设置为ldap.OPT_X_TLS_NEVER,但我仍然收到TLS错误。我已经尝试了ldap.set_option以及您在下面看到的版本。两者都产生相同的错误。

class adldap_connection:
    def __init__(self, configuration, secure):
        self.configuration = configuration
        self.secure = secure
        self.ldap_host_template = string.Template(self.configuration['host'])
        if self.secure:
            self.ldap_host = self.ldap_host_template.substitute(port=self.configuration['secure_port'])
        else:
            self.ldap_host = self.ldap_host_template.substitute(port=self.configuration['standard_port'])

    def __enter__(self):
        try:
            self.ld = ldap.initialize(self.ldap_host)
            if self.configuration['verify_ssl']['verify']:
                self.ld.set_option(ldap.OPT_X_TLS_CACERTFILE, self.configuration['verify_ssl']['use'])
                print "ldap.OPT_X_TLS_CACERTFILE = %d" % ldap.OPT_X_TLS_CACERTFILE
            else:
                self.ld.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
                print "ldap.OPT_X_TLS_REQUIRE_CERT = %d" % ldap.OPT_X_TLS_REQUIRE_CERT
                print "ldap.OPT_X_TLS_NEVER = %d" % ldap.OPT_X_TLS_NEVER
                #ldap.set_option(ldap.OPT_X_TLS_NEWCTX, 0)

            self.ld.simple_bind_s(self.configuration['binduser'], self.configuration['bindpassword'])
        except ldap.LDAPError, error_message:
            print "Couldn't Connect. %s " % error_message
            print "Using CA: %s" % self.configuration['verify_ssl']['use']
            if (self.configuration['verify_ssl']['use']):
                print "File exists: %s" % os.path.exists(self.configuration['verify_ssl']['use'])
        return self.ld

    def __exit__(self, exc_type, exc_value, traceback):
        self.ld.unbind_s()

我得到了这个例外

ldap.OPT_X_TLS_REQUIRE_CERT = 24582
ldap.OPT_X_TLS_NEVER = 0
Couldn't Connect. {'info': "TLS error -8179:Peer's Certificate issuer is not recognized.", 'desc': "Can't contact LDAP server"}

1 个答案:

答案 0 :(得分:2)

来自python-ldap邮件列表:

  

如果要设置特定于连接的TLS参数,则必须使用

     

self.ld.set_option(ldap.OPT_X_TLS_NEWCTX, 0)

     

最后一次使用TLS参数调用setoption()。

我最终得到了这个,这适用于两种情况

    try:
        self.ld = ldap.initialize(self.ldap_host)
        if self.configuration['verify_ssl']['verify']:
            self.ld.set_option(ldap.OPT_X_TLS_CACERTFILE, self.configuration['verify_ssl']['use'])
        else:
            self.ld.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
        self.ld.ldap.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
相关问题
最新问题