option(). Best thing is to use this code-line to completely
> switch off processing of .ldaprc and ldap.conf in libldap:
>
> os.environ['LDAPNOINIT']='1'
>
> Ciao, Michael.
>
> Fredrik Melander wrote:
>>> Hmm, there's nothing you can do at
> Hmm, there's nothing you can do at the python-ldap level. AFAIK cert
> validation is completely done within the OpenSSL libs, except the host name
> checking.
>
> Could you please test with OpenLDAP's command-line tool ldapsearch. This is
> important: Please use the tool which uses the very same
Hi Michael and the list,
sorry to bother you again, but since I think my last mail drowned in the
unusually high traffic that day, I'm posting my question again. I've
done some research since then I really can't figure this one out.
This relates to my previous question about server certificates.
Hi again,
> Why should it be broken?
It's deliberately broken to test the program, and thanks to your reply
I've been able to catch this exception:
CONNECT_ERROR: {'info': 'TLS: hostname does not match CN in peer
certificate', 'desc': 'Connect error'}
What I've so far *not* been able to provoke
Michael Ströder schrieb:
> Fredrik Melander wrote:
>> Short question: when negotiating TLS with the LDAP server with
>> start_tls_s(), can I use python-ldap to follow the certificate chain and
>> verify the server certificate? If so, how?
>
> The OpenLDAP libs are d
Hi, list!
Short question: when negotiating TLS with the LDAP server with
start_tls_s(), can I use python-ldap to follow the certificate chain and
verify the server certificate? If so, how?
Best regards,
Fredrik
smime.p7s
Description: S/MIME Cryptographic Signature
-
Hi,
first of all thanks for the answer, and sorry that I haven't replied
earlier. Lots of reasons not really interesting for anybody and a bit of
good ol' laziness, of course ;)
>> Which ldapsearch tool are you talking about? OpenLDAP's command-line
>> tool ldapsearch does not have an option -C. D
Hi, list!
I was wondering if/how I can make recursive lookups in my ldap-tree
(corresponding to the -C option of ldapsearch), i.e. my ldap-server
doesn't have the information I'm asking for, but happens to know which
other ldap searver that has it, and thus forwards my request to that server.
Tha
Hello, list!
I'm sure I'm overlooking something fairly obvious her, and I'm hoping
that somebody here can point me in the right direction. We have a small
ldap-server running here and I've now been given the honor of writing a
small Python program to interact with it.
>From the command line (ldaps
