469,332 Members | 6,650 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,332 developers. It's quick & easy.

ldap.set_option(ldap.OPT_X_TLS_CACERTFILE...) error

3
Hi,

I have a simple LDAPS script:

Expand|Select|Wrap|Line Numbers
  1. #!/usr/bin/python2.3
  2. import sys
  3. import ldap
  4.  
  5. if __name__ == '__main__':
  6.         ldap.set_option(ldap.OPT_DEBUG_LEVEL,255)
  7.         ldapmodule_trace_level = 1
  8.         ldapmodule_trace_file = sys.stdout
  9.         ldap.set_option(ldap.OPT_X_TLS_ALLOW,1)
  10.         ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, "/etc/ssl/certs/f64d9715.0")
  11.  
executing fine on one server, however having it on another server throws the following error:
Expand|Select|Wrap|Line Numbers
  1.  
  2.   File "./test2.py", line 12, in ?
  3.     ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, "/etc/ssl/certs/f64d9715.0")
  4.   File "/usr/lib/python2.3/site-packages/ldap/functions.py", line 104, in set_option
  5.     _ldap_function_call(_ldap.set_option,option,invalue)
  6.   File "/usr/lib/python2.3/site-packages/ldap/__init__.py", line 62, in _ldap_function_call
  7.     result = apply(func,args,kwargs)
  8. ldap.LDAPError: {'errnum': -1}
I have validated the certificate is correct using an openSSL command (get a "Verify return code: 0 (ok)"). The only difference I can see is that the one that is working is using openSSL 0.9.7e and Python 2.3.5, while the one not working is using openSSL 0.9.6c and Python 2.3.4. Is this enough to cause an error? I have been unable to find any requirements for ldap.OPT_X_TLS_CACERTFILE. Unfortunately upgrading the openSSL and Python is a big job considering the amount of testing of existing python scripts on the server, so I need to make sure this is the issue.
TIA.
May 18 '07 #1
3 5149
bartonc
6,596 Expert 4TB
Hi,

I have a simple LDAPS script:

Expand|Select|Wrap|Line Numbers
  1. #!/usr/bin/python2.3
  2. import sys
  3. import ldap
  4.  
  5. if __name__ == '__main__':
  6.         ldap.set_option(ldap.OPT_DEBUG_LEVEL,255)
  7.         ldapmodule_trace_level = 1
  8.         ldapmodule_trace_file = sys.stdout
  9.         ldap.set_option(ldap.OPT_X_TLS_ALLOW,1)
  10.         ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, "/etc/ssl/certs/f64d9715.0")
  11.  
executing fine on one server, however having it on another server throws the following error:
Expand|Select|Wrap|Line Numbers
  1.  
  2.   File "./test2.py", line 12, in ?
  3.     ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, "/etc/ssl/certs/f64d9715.0")
  4.   File "/usr/lib/python2.3/site-packages/ldap/functions.py", line 104, in set_option
  5.     _ldap_function_call(_ldap.set_option,option,invalue)
  6.   File "/usr/lib/python2.3/site-packages/ldap/__init__.py", line 62, in _ldap_function_call
  7.     result = apply(func,args,kwargs)
  8. ldap.LDAPError: {'errnum': -1}
I have validated the certificate is correct using an openSSL command (get a "Verify return code: 0 (ok)"). The only difference I can see is that the one that is working is using openSSL 0.9.7e and Python 2.3.5, while the one not working is using openSSL 0.9.6c and Python 2.3.4. Is this enough to cause an error? I have been unable to find any requirements for ldap.OPT_X_TLS_CACERTFILE. Unfortunately upgrading the openSSL and Python is a big job considering the amount of testing of existing python scripts on the server, so I need to make sure this is the issue.
TIA.
That's not a very friendly error message.
The current version of ldap installs as a package and is probably available for 2.3.
In 2.4, using this (not so clean, but quick test):
Expand|Select|Wrap|Line Numbers
  1. #!/usr/bin/python2.4
  2. import sys
  3. from ldap import *
  4.  
  5. if __name__ == '__main__':
  6.     set_option(OPT_DEBUG_LEVEL,255)
  7.     ldapmodule_trace_level = 1
  8.     ldapmodule_trace_file = sys.stdout
  9.     set_option(OPT_X_TLS_ALLOW,1)
  10.     set_option(OPT_X_TLS_CACERTFILE, "/etc/ssl/certs/f64d9715.0")
  11.  
I received no errors.
I believe that keeping your software up-to-date is worth the work (that way, things like this are less likely to occure.
May 18 '07 #2
sallas
3
Thanks Bartonc, I may have to set up a Test machine so as to trial with the 'old' library versions to prove this is the issue.
Yes, it would be best to keep all software libraries up to date. Unfortunately I'm not the UNIX programmer/owner of this server (am doing their job of modifying scripts to connect to my MS Active Directory) and have been informed that there have been no system upgrades as they cause issues with other applications on the server (sigh).
May 22 '07 #3
bartonc
6,596 Expert 4TB
Thanks Bartonc, I may have to set up a Test machine so as to trial with the 'old' library versions to prove this is the issue.
Yes, it would be best to keep all software libraries up to date. Unfortunately I'm not the UNIX programmer/owner of this server (am doing their job of modifying scripts to connect to my MS Active Directory) and have been informed that there have been no system upgrades as they cause issues with other applications on the server (sigh).
You are welcome. You can call me "Barton".
May 22 '07 #4

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

reply views Thread by Durairaj Avasi | last post: by
7 posts views Thread by Amar | last post: by
1 post views Thread by Andrew | last post: by
2 posts views Thread by theiviaxx | last post: by
reply views Thread by Sells, Fred | last post: by
1 post views Thread by CARIGAR | last post: by
reply views Thread by suresh191 | last post: by
1 post views Thread by haryvincent176 | last post: by
reply views Thread by Marylou17 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.