By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,082 Members | 2,108 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,082 IT Pros & Developers. It's quick & easy.

ldap.set_option(ldap.OPT_X_TLS_CACERTFILE...) error

P: 3
Hi,

I have a simple LDAPS script:

Expand|Select|Wrap|Line Numbers
  1. #!/usr/bin/python2.3
  2. import sys
  3. import ldap
  4.  
  5. if __name__ == '__main__':
  6.         ldap.set_option(ldap.OPT_DEBUG_LEVEL,255)
  7.         ldapmodule_trace_level = 1
  8.         ldapmodule_trace_file = sys.stdout
  9.         ldap.set_option(ldap.OPT_X_TLS_ALLOW,1)
  10.         ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, "/etc/ssl/certs/f64d9715.0")
  11.  
executing fine on one server, however having it on another server throws the following error:
Expand|Select|Wrap|Line Numbers
  1.  
  2.   File "./test2.py", line 12, in ?
  3.     ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, "/etc/ssl/certs/f64d9715.0")
  4.   File "/usr/lib/python2.3/site-packages/ldap/functions.py", line 104, in set_option
  5.     _ldap_function_call(_ldap.set_option,option,invalue)
  6.   File "/usr/lib/python2.3/site-packages/ldap/__init__.py", line 62, in _ldap_function_call
  7.     result = apply(func,args,kwargs)
  8. ldap.LDAPError: {'errnum': -1}
I have validated the certificate is correct using an openSSL command (get a "Verify return code: 0 (ok)"). The only difference I can see is that the one that is working is using openSSL 0.9.7e and Python 2.3.5, while the one not working is using openSSL 0.9.6c and Python 2.3.4. Is this enough to cause an error? I have been unable to find any requirements for ldap.OPT_X_TLS_CACERTFILE. Unfortunately upgrading the openSSL and Python is a big job considering the amount of testing of existing python scripts on the server, so I need to make sure this is the issue.
TIA.
May 18 '07 #1
Share this Question
Share on Google+
3 Replies


bartonc
Expert 5K+
P: 6,596
Hi,

I have a simple LDAPS script:

Expand|Select|Wrap|Line Numbers
  1. #!/usr/bin/python2.3
  2. import sys
  3. import ldap
  4.  
  5. if __name__ == '__main__':
  6.         ldap.set_option(ldap.OPT_DEBUG_LEVEL,255)
  7.         ldapmodule_trace_level = 1
  8.         ldapmodule_trace_file = sys.stdout
  9.         ldap.set_option(ldap.OPT_X_TLS_ALLOW,1)
  10.         ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, "/etc/ssl/certs/f64d9715.0")
  11.  
executing fine on one server, however having it on another server throws the following error:
Expand|Select|Wrap|Line Numbers
  1.  
  2.   File "./test2.py", line 12, in ?
  3.     ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, "/etc/ssl/certs/f64d9715.0")
  4.   File "/usr/lib/python2.3/site-packages/ldap/functions.py", line 104, in set_option
  5.     _ldap_function_call(_ldap.set_option,option,invalue)
  6.   File "/usr/lib/python2.3/site-packages/ldap/__init__.py", line 62, in _ldap_function_call
  7.     result = apply(func,args,kwargs)
  8. ldap.LDAPError: {'errnum': -1}
I have validated the certificate is correct using an openSSL command (get a "Verify return code: 0 (ok)"). The only difference I can see is that the one that is working is using openSSL 0.9.7e and Python 2.3.5, while the one not working is using openSSL 0.9.6c and Python 2.3.4. Is this enough to cause an error? I have been unable to find any requirements for ldap.OPT_X_TLS_CACERTFILE. Unfortunately upgrading the openSSL and Python is a big job considering the amount of testing of existing python scripts on the server, so I need to make sure this is the issue.
TIA.
That's not a very friendly error message.
The current version of ldap installs as a package and is probably available for 2.3.
In 2.4, using this (not so clean, but quick test):
Expand|Select|Wrap|Line Numbers
  1. #!/usr/bin/python2.4
  2. import sys
  3. from ldap import *
  4.  
  5. if __name__ == '__main__':
  6.     set_option(OPT_DEBUG_LEVEL,255)
  7.     ldapmodule_trace_level = 1
  8.     ldapmodule_trace_file = sys.stdout
  9.     set_option(OPT_X_TLS_ALLOW,1)
  10.     set_option(OPT_X_TLS_CACERTFILE, "/etc/ssl/certs/f64d9715.0")
  11.  
I received no errors.
I believe that keeping your software up-to-date is worth the work (that way, things like this are less likely to occure.
May 18 '07 #2

P: 3
Thanks Bartonc, I may have to set up a Test machine so as to trial with the 'old' library versions to prove this is the issue.
Yes, it would be best to keep all software libraries up to date. Unfortunately I'm not the UNIX programmer/owner of this server (am doing their job of modifying scripts to connect to my MS Active Directory) and have been informed that there have been no system upgrades as they cause issues with other applications on the server (sigh).
May 22 '07 #3

bartonc
Expert 5K+
P: 6,596
Thanks Bartonc, I may have to set up a Test machine so as to trial with the 'old' library versions to prove this is the issue.
Yes, it would be best to keep all software libraries up to date. Unfortunately I'm not the UNIX programmer/owner of this server (am doing their job of modifying scripts to connect to my MS Active Directory) and have been informed that there have been no system upgrades as they cause issues with other applications on the server (sigh).
You are welcome. You can call me "Barton".
May 22 '07 #4

Post your reply

Sign in to post your reply or Sign up for a free account.