当 ldap.OPT_X_TLS_REQUIRE_CERT 设置为 ldap.OPT_X_TLS_NEVER 时出现 Python LDAP TLS 错误

标签 python ssl ldap

使用 python-ldap 时,我将 ldap.OPT_X_TLS_REQUIRE_CERT 设置为 ldap.OPT_X_TLS_NEVER,但我仍然收到 TLS 错误。我试过 ldap.set_option 和你在下面看到的版本。两者都会产生相同的错误。

class adldap_connection:
    def __init__(self, configuration, secure):
        self.configuration = configuration
        self.secure = secure
        self.ldap_host_template = string.Template(self.configuration['host'])
        if self.secure:
            self.ldap_host = self.ldap_host_template.substitute(port=self.configuration['secure_port'])
        else:
            self.ldap_host = self.ldap_host_template.substitute(port=self.configuration['standard_port'])

    def __enter__(self):
        try:
            self.ld = ldap.initialize(self.ldap_host)
            if self.configuration['verify_ssl']['verify']:
                self.ld.set_option(ldap.OPT_X_TLS_CACERTFILE, self.configuration['verify_ssl']['use'])
                print "ldap.OPT_X_TLS_CACERTFILE = %d" % ldap.OPT_X_TLS_CACERTFILE
            else:
                self.ld.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
                print "ldap.OPT_X_TLS_REQUIRE_CERT = %d" % ldap.OPT_X_TLS_REQUIRE_CERT
                print "ldap.OPT_X_TLS_NEVER = %d" % ldap.OPT_X_TLS_NEVER
                #ldap.set_option(ldap.OPT_X_TLS_NEWCTX, 0)

            self.ld.simple_bind_s(self.configuration['binduser'], self.configuration['bindpassword'])
        except ldap.LDAPError, error_message:
            print "Couldn't Connect. %s " % error_message
            print "Using CA: %s" % self.configuration['verify_ssl']['use']
            if (self.configuration['verify_ssl']['use']):
                print "File exists: %s" % os.path.exists(self.configuration['verify_ssl']['use'])
        return self.ld

    def __exit__(self, exc_type, exc_value, traceback):
        self.ld.unbind_s()

我得到这个异常

ldap.OPT_X_TLS_REQUIRE_CERT = 24582
ldap.OPT_X_TLS_NEVER = 0
Couldn't Connect. {'info': "TLS error -8179:Peer's Certificate issuer is not recognized.", 'desc': "Can't contact LDAP server"}

最佳答案

来自 python-ldap 邮件列表:

If you want to set connection-specific TLS parameters you must use

self.ld.set_option(ldap.OPT_X_TLS_NEWCTX, 0)

as last call to setoption() with TLS parameter.

我最终得到了这个,它适用于这两种情况

    try:
        self.ld = ldap.initialize(self.ldap_host)
        if self.configuration['verify_ssl']['verify']:
            self.ld.set_option(ldap.OPT_X_TLS_CACERTFILE, self.configuration['verify_ssl']['use'])
        else:
            self.ld.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
        self.ld.ldap.set_option(ldap.OPT_X_TLS_NEWCTX, 0)

关于当 ldap.OPT_X_TLS_REQUIRE_CERT 设置为 ldap.OPT_X_TLS_NEVER 时出现 Python LDAP TLS 错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/38130767/

上一篇:apache - 无法加载 'C:/Apache/Perl/site/lib/auto/Apache2/ModSSL/ModSSL.dll'

下一篇:c# - 服务器错误 : The request was aborted: Could not create SSL/TLS secure channel

相关文章:

python - 带有 gRPC 的 Django REST

python - googletrans 未完全从英语翻译成意大利语

ubuntu - 如何在 Ubuntu 的本地主机上安装 SSL?

ssl - 证书链的最大长度是多少?

asp.net - 通过主域登录子域

linux - Apache Directory Studio Replication 仅连接到树的第一层

python - 如何通过调用其他函数的函数传递参数?

python - 使用 Python 从 Azure Monitor 获取特定警报

python - 解析列表以获取精确值

security - 既然可以通过 ldap 进行身份验证和授权,为什么还要使用 kerberos?

©2024 IT工具网  联系我们