title: Connecting to LDAP over self-signed TLS with Python link: https://onemoretech.wordpress.com/2015/06/25/connecting-to-ldap-over-self-signed-tls-with-python/ author: phil2nc description: post_id: 9866 created: 2015/06/25 15:16:22 created_gmt: 2015/06/25 19:16:22 comment_status: closed post_name: connecting-to-ldap-over-self-signed-tls-with-python status: publish post_type: post

Connecting to LDAP over self-signed TLS with Python

Needed to figure out how to do this. The documentation for python's ldap module was worse than useless, it is actually misleading. Not much help from other sources either. Until I came across this post from 2013 by Bram Neijt. Thank you Bram! Like Bram I tried importing the certificate, but the OpenLDAP libraries that python ldap is based on wouldn't have that. This is the same problem you'll see in php-ldap, which is also based on the same OpenLDAP libraries. The answer in the case of either OpenLDAP's own utilities or php is to modify or create an /etc/openldap/ldap.conf file and insert "LDAPTLS_REQCERT=never" into it. For the python module the answer wasn't too difficult, once you have someone demonstrate it to you as Bram does. Basically you need to set an option on the python ldap library, as distinct from methods you might use to make the connection. As a result you'll wind up writing something like this: [code language="python" highlight="8"] #!/usr/bin/python # Test LDAP operations with python import ldap import sys server = 'ldap://ldap.example.com:1389' # LDAPTLS_REQCERT=never ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) l = ldap.initialize(server) try: l.start_tls_s() except ldap.LDAPError, e: print e.message['info'] sys.exit() [/code]

Copyright 2004-2019 Phil Lembo