Is STARTTLS possible?

[leophys]

Hi, thanks for this nice library! I'd like to use it with my project, but as far as I could get, there is no clear way to use STARTTLS mechanism. When creating an LDAPClient instance there is just a boolean tls parameter. Trying to connect to an OpenLDAP server which advertises itself on port 389 and requires confientiality, I get

LDAPError: Confidentiality required. confidentiality required (0x000D [13])

with a connection with tls=False. Trying to connecting with a connection with tls=True I get

ConnectionError: Can't contact LDAP server. (0xFFFF [-1])

I think because it tries to wrap the connection in a tls socket.

The only reference I found in this repo to STARTTLS is this commit (f91d203949f7f717e0760b67a1f1762efa5044c4), but I don't get its meaning.

Can you help me understand it? Thanks!

[leophys]

Ok, I think it was my fault. I just needed to set ldap:// and tls=True and everything works smoothly.

I can't understand why I got those errors before. May I suggest to explicitly say in the documentation that STARTTLS is supported out of the box, using the configurations above? :blush:

Again, thanks for this nice piece of software.

[noirello]

I'm glad that it's been solved.

Yes, using tls=True will automatically uses STARTTLS after connected. And yes, there are some deficiencies about TLS in the documentation (see #28 e.g.), which need to be improved. I'll update it.