Encrypt password to auth

[richrumble]

Authentication passwords are being sent Plain-text, there should be a way to bind in an encrypted method like in PHP, VB and most languages https://blogs.technet.microsoft.com/heyscriptingguy/2005/12/09/how-can-i-use-alternate-credentials-when-searching-active-directory/

[edepree]

There are two items to research and test for secure connections.

1. Add a switch to perform the connection over SSL (LDAPS)
2. Add a switch to perform a StartTLS connection before binding.

Additional information about this can be found at this page: https://www.packtpub.com/books/content/python-ldap-applications-part-1-installing-and-configuring-python-ldap-library-and-bin.

[edepree]

I have performed some more research into this item. When connecting over SSL in Windows I find that I cannot get the certificate to validate properly. I have added the follow code for initializing the SSL connection:

#ldap_client.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
ldap_client.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
ldap_client.start_tls_s()

This creates the following error message in Python when connecting:

ldap.SERVER_DOWN: {'info': 'error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (unable to get local issuer certificate)', 'desc': "Can't contact LDAP server"}

Additionally, I see in Wireshark that the connection is reporting Alert (Level: Fatal, Description: Unknown CA).

I am assuming at this point that there is some issue with self-singed certificates and Python is not allowing me to push through and accept them blindly. If there is something I am missing that can help me get through this roadblock let me know and I'll pick this issue up again.

Some references I used when researching this issue:

• https://github.com/rbarrois/python-ldap/blob/release/Demo/initialize.py
• http://helpful.knobs-dials.com/index.php/Python-ldap_notes