Hi,
I have a simple LDAPS script: - #!/usr/bin/python2.3
-
import sys
-
import ldap
-
-
if __name__ == '__main__':
-
ldap.set_option(ldap.OPT_DEBUG_LEVEL,255)
-
ldapmodule_trace_level = 1
-
ldapmodule_trace_file = sys.stdout
-
ldap.set_option(ldap.OPT_X_TLS_ALLOW,1)
-
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, "/etc/ssl/certs/f64d9715.0")
-
executing fine on one server, however having it on another server throws the following error: -
-
File "./test2.py", line 12, in ?
-
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, "/etc/ssl/certs/f64d9715.0")
-
File "/usr/lib/python2.3/site-packages/ldap/functions.py", line 104, in set_option
-
_ldap_function_call(_ldap.set_option,option,invalue)
-
File "/usr/lib/python2.3/site-packages/ldap/__init__.py", line 62, in _ldap_function_call
-
result = apply(func,args,kwargs)
-
ldap.LDAPError: {'errnum': -1}
I have validated the certificate is correct using an openSSL command (get a "Verify return code: 0 (ok)"). The only difference I can see is that the one that is working is using openSSL 0.9.7e and Python 2.3.5, while the one not working is using openSSL 0.9.6c and Python 2.3.4. Is this enough to cause an error? I have been unable to find any requirements for ldap.OPT_X_TLS_CACERTFILE. Unfortunately upgrading the openSSL and Python is a big job considering the amount of testing of existing python scripts on the server, so I need to make sure this is the issue.
TIA.
3  5458  
Hi,
I have a simple LDAPS script:
- #!/usr/bin/python2.3
-
import sys
-
import ldap
-
-
if __name__ == '__main__':
-
ldap.set_option(ldap.OPT_DEBUG_LEVEL,255)
-
ldapmodule_trace_level = 1
-
ldapmodule_trace_file = sys.stdout
-
ldap.set_option(ldap.OPT_X_TLS_ALLOW,1)
-
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, "/etc/ssl/certs/f64d9715.0")
-
executing fine on one server, however having it on another server throws the following error:
-
-
File "./test2.py", line 12, in ?
-
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, "/etc/ssl/certs/f64d9715.0")
-
File "/usr/lib/python2.3/site-packages/ldap/functions.py", line 104, in set_option
-
_ldap_function_call(_ldap.set_option,option,invalue)
-
File "/usr/lib/python2.3/site-packages/ldap/__init__.py", line 62, in _ldap_function_call
-
result = apply(func,args,kwargs)
-
ldap.LDAPError: {'errnum': -1}
I have validated the certificate is correct using an openSSL command (get a "Verify return code: 0 (ok)"). The only difference I can see is that the one that is working is using openSSL 0.9.7e and Python 2.3.5, while the one not working is using openSSL 0.9.6c and Python 2.3.4. Is this enough to cause an error? I have been unable to find any requirements for ldap.OPT_X_TLS_CACERTFILE. Unfortunately upgrading the openSSL and Python is a big job considering the amount of testing of existing python scripts on the server, so I need to make sure this is the issue.
TIA.
That's not a very friendly error message.
The current version of ldap installs as a package and is probably available for 2.3.
In 2.4, using this (not so clean, but quick test): - #!/usr/bin/python2.4
-
import sys
-
from ldap import *
-
-
if __name__ == '__main__':
-
set_option(OPT_DEBUG_LEVEL,255)
-
ldapmodule_trace_level = 1
-
ldapmodule_trace_file = sys.stdout
-
set_option(OPT_X_TLS_ALLOW,1)
-
set_option(OPT_X_TLS_CACERTFILE, "/etc/ssl/certs/f64d9715.0")
-
I received no errors.
I believe that keeping your software up-to-date is worth the work (that way, things like this are less likely to occure.
Thanks Bartonc, I may have to set up a Test machine so as to trial with the 'old' library versions to prove this is the issue.
Yes, it would be best to keep all software libraries up to date. Unfortunately I'm not the UNIX programmer/owner of this server (am doing their job of modifying scripts to connect to my MS Active Directory) and have been informed that there have been no system upgrades as they cause issues with other applications on the server (sigh).
Thanks Bartonc, I may have to set up a Test machine so as to trial with the 'old' library versions to prove this is the issue.
Yes, it would be best to keep all software libraries up to date. Unfortunately I'm not the UNIX programmer/owner of this server (am doing their job of modifying scripts to connect to my MS Active Directory) and have been informed that there have been no system upgrades as they cause issues with other applications on the server (sigh).
You are welcome. You can call me "Barton".
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Durairaj Avasi |
last post by:
Here is my prg::::
use Net::LDAP qw(LDAP_SUCCESS LDAP_PROTOCOL_ERROR);
use Authen::SASL;
use Net::LDAP::Util qw(ldap_error_name ldap_error_text);
sub lConnect {
my $server = shift;
print "...
|
by: Amar |
last post by:
I am trying to connect to my college LDAP directory using ASP.NET. This LDap
does not have security as it returns only user demographic information.
i do not need to bind with a username or...
|
by: Andrew |
last post by:
Hey all,
Working on revamping our Intranet here and making use of the LDPA, Active
Directory, Directory Services, etc. that .Net provides. I am still fairly
new on this subject, so the problem...
|
by: jjeanj1 |
last post by:
Hi,
all i am writing a perl script to do a a bulk add of users from a file and load it to LDAP
$ldap = Net::LDAP->new("test.domain.com", port=>3394) or die "Can not
connected to LDAP \n"; ...
|
by: rbukkara |
last post by:
Hi,
I have got the following error while trying to add a user in the LDAP Directory.
javax.naming.NameNotFoundException: ; remaining name 'uid=vassila,ou=People,dc=cs,dc=uno,dc=edu'
I have...
|
by: hotani |
last post by:
I am attempting to pull info from an LDAP server (Active Directory),
but cannot specify an OU. In other words, I need to search users in
all OU's, not a specific one.
Here is what works:
con...
|
by: theiviaxx |
last post by:
Thanks for the help guys, it works! I used the
ldap.set_option(ldap.OPT_REFERRALS, 0) from http://peeved.org/blog/2007/11/20/
immedialtey after import, then did the initialize trace_level=2 and...
|
by: jo3c |
last post by:
Hi..
Im trying to get some information out of a windows sever 2003 chinese
active directory system
so let's say encoding is probably big5 or utf-8
what im doing is simliar to ldapsearch in...
|
by: Sells, Fred |
last post by:
I'm running python 2.5 (or 2.4) in an XP environment.
I downloaded and installed the .dll's from OpenLDAP-2.4.8+OpenSSL-0.9.8g-Win32.zip and copied the .dll's in c:/windows/system32 as instructed...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
