Open bhanu456 opened 9 years ago
fschulze
commented
9 years ago We use https://pypi.python.org/pypi/ldap3 and as far as I can tell, it automatically detects tls urls. Maybe the docs for it help: http://ldap3.readthedocs.org/ssltls.html
I currently have no way to test and fix this myself.
mikenerone
commented
8 years ago I have successful connections with ldaps://, and those "tls not started" are normal - they actually indicate the connection is being upgraded to TLS as a result of noticing it wasn't started yet. I believe the OP's error is a plain ole' bind failure.
00willo
commented
5 years ago I think this can definitely be closed as not a bug the server responded with 'invalidCredentials'
Straight clear text ldap shows like this
<ldap://ipa.home.lab:389 - cleartext - user: LDAP User - not lazy - unbound - open - <local: 192.168.0.100:39428 - remote: 192.168.0.50:389> - tls not started - listening - SyncStrategy>LDAPS, like this, as what appears for in the OP's issue:
<ldaps://ipa.home.lab:636 - ssl - user: LDAP User - not lazy - unbound - open - <local: 192.168.0.100:39446 - remote: 192.168.0.50:636> - tls not started - listening - SyncStrategy>and finally TLS
<ldap://ipa.home.lab:389 - cleartext - user: None - not lazy - unbound - open - <local: 192.168.0.100:39468 - remote: 192.168.0.50:389> - tls started - listening - SyncStrategy>Noting the scheme, ports and indication of cleartext/ssl and also tls started/tls not started. These were run against ipa-server-4.5.0-22.el7.centos.x86_64
HI Team,
Can any body suggest how to use ldap connectivity using ssl, Please provide yaml configuration fo yml file.
my test.yml file
devpi-ldap: url: "ldaps://test.ldap:636" user_search: base: CN=Test User,OU=Test_Accounts,OU=Test PC,DC=test,DC=in filter: (sAMAccountName=ldap) userdn: CN=Test User,OU=Test_Accounts,OU=Test PC,DC=test,DC=in password: xxxxxxxxxxxxxxx attribute_name: CN group_search: base: CN=Test User,OU=Test_Accounts,OU=Test PC,DC=test,DC=in filter: (&(objectClass=group)(member=test)) attribute_name: CN
I am getting the following error
2015-06-18 12:03:13,785 DEBUG BASIC:instantiated Tls: <Tls(validate=0)> 2015-06-18 12:03:13,785 DEBUG BASIC:instantiated Server: <Server(host='test.ldap:636', port=636, use_ssl=True, tls=Tls(validate=0), get_info='NO_INFO')> 2015-06-18 12:03:13,785 DEBUG BASIC:instantiated:
<< messageID=3 << protocolOp=ProtocolOp: << bindResponse=BindResponse: << resultCode='invalidCredentials' << matchedDN= << diagnosticMessage=0x38303039303330383a204c6461704572723a20445349442d30433039303341392c20636f6d6d656e743a204163636570745365637572697479436f6e74657874206572726f722c2064617461203532652c20763164623100 2015-06-18 12:26:56,508 DEBUG PROTOCOL:BIND response <{'dn': '', 'saslCreds': None, 'referrals': None, 'description': 'invalidCredentials', 'result': 49, 'message': '80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1\x00', 'type': 'bindResponse'}> received via <ldaps://test.ldap.ch.int:636 - ssl - user: LDAP User - unbound - open - <local: 10.11.xx.xx,55673 - remote: 10.21.xxx.xx:636> - tls not started - listening - SyncStrategy> 2015-06-18 12:26:56,508 DEBUG BASIC:done BIND operation, result
Result: {"status": "reject"}
Regards, Bhanu Kakarla.