swapnillipare / google-apps-for-your-domain-ldap-sync

Automatically exported from code.google.com/p/google-apps-for-your-domain-ldap-sync
0 stars 0 forks source link

TLS error #20

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
Hi.  We at the Open Planning Project are trying to use
google-apps-for-your-domain-ldap-sync to synchronize our ldap server to our
google apps account.  After the provided shell script failed, we noticed
that there was no way to specify TLS in the resulting GUI.  So we
downloaded
http://google-apps-for-your-domain-ldap-sync.googlecode.com/files/gafyd-ldap-syn
c-r100.tar.gz
as we read in the documentation that this was a supported option.  Firstly,
I was surprised to find that the tarball extracted to the current working
directory and not a subdirectory!  But not a big issue.

In our config, we set `tls_option = 'demand'`.  However, the running
`connect` gives 

{{{
CONFIDENTIALITY_REQUIRED: {'info': 'TLS confidentiality required', 'desc':
'Confidentiality required'}
01-07 14:55 root         ERROR    Connection failed
}}}

We were able to bypass this error by using the following patch:

{{{
$ diff -u ldap_ctxt.py.orig ldap_ctxt.py
--- ldap_ctxt.py.orig   2010-01-07 15:09:41.948808760 -0500
+++ ldap_ctxt.py    2010-01-07 15:09:49.252902412 -0500
@@ -143,6 +143,7 @@
       self._config.TestConfig(self, ['ldap_url'])
       self.conn = ldap.initialize(self.ldap_url)
       self.protocol_version = 3
+      self.conn.start_tls_s()
       self.conn.bind_s(self.ldap_admin_name, self.ldap_password,
         ldap.AUTH_SIMPLE)
       return None
}}}

Not sure why this works and the code above this in the python module does
not?  In my experience with python-ldap, I've always started TLS this way
and not with ldap.OPT_X_*

What steps will reproduce the problem?
1. Try using TLS on a machine.  It didn't work for us.
2. Not sure what else there is to try
3.

What is the expected output? What do you see instead?

Would expect a successful connect.  Instead I get the error:

{{{
CONFIDENTIALITY_REQUIRED: {'info': 'TLS confidentiality required', 'desc':
'Confidentiality required'}
01-07 14:55 root         ERROR    Connection failed
}}}

What version of the product are you using? On what operating system?

http://google-apps-for-your-domain-ldap-sync.googlecode.com/files/gafyd-ldap-syn
c-r100.tar.gz

{{{
$ uname -a
Linux worktop 2.6.31.9-174.fc12.x86_64 #1 SMP Mon Dec 21 05:33:33 UTC 2009
x86_64 x86_64 x86_64 GNU/Linux
$ cat /etc/fedora-release 
Fedora release 12 (Constantine)
}}}

Please provide any additional information below.

Original issue reported on code.google.com by accou...@topplabs.org on 7 Jan 2010 at 8:15