search

twisted / ldaptor

LDAP server, client and utilities, using Twisted Python
MIT License
158 stars 54 forks source link

(TLS negotiation failure) when connecting to ldaps://fqdn:636 server #151

Open peppelinux opened 5 years ago

peppelinux commented 5 years ago

Using ldap-merger.tac I cannot connect to ldaps port 636. No problem to port 389 with or without start TLS. Tracelog here:

2019-07-19T01:27:42+0200 [twisted.internet.defer#critical] Unhandled error in Deferred:
2019-07-19T01:27:42+0200 [twisted.internet.defer#critical] 
    Traceback (most recent call last):
      File "/home/wert/ldaptor/env/lib/python3.5/site-packages/twisted/internet/tcp.py", line 327, in connectionLost
        protocol.connectionLost(reason)
      File "/home/wert/ldaptor/env/lib/python3.5/site-packages/ldaptor/protocols/ldap/ldapclient.py", line 85, in connectionLost
        d.errback(reason)
      File "/home/wert/ldaptor/env/lib/python3.5/site-packages/twisted/internet/defer.py", line 501, in errback
        self._startRunCallbacks(fail)
      File "/home/wert/ldaptor/env/lib/python3.5/site-packages/twisted/internet/defer.py", line 568, in _startRunCallbacks
        self._runCallbacks()
    --- <exception caught here> ---
      File "/home/wert/ldaptor/env/lib/python3.5/site-packages/twisted/internet/defer.py", line 654, in _runCallbacks
        current.result = callback(current.result, *args, **kw)
      File "/home/wert/ldaptor/env/lib/python3.5/site-packages/ldaptor/protocols/ldap/merger.py", line 40, in _failConnection
        raise ldaperrors.LDAPOther("Cannot connect to server.{}".format(reason))
    ldaptor.protocols.ldap.ldaperrors.LDAPOther: other: Cannot connect to server.[Failure instance: Traceback (failure with no frames): <class 'twisted.internet.error.ConnectionDone'>: Connection was closed cleanly.

These server are usable with ldapsearch and/or python ldap3. Any hints?

shayant85 commented 4 years ago

Hello,

I know this is a year old but wondering if you managed to find a solution as I seem to be hitting a similar problem...

I am able to use the proxy to connect to ldap servers that do not require TLS (on 389) however connecting to ldaps port 636 through the proxy returns a connection error.

Thanks in advance.

shayant85 commented 4 years ago

Figure it out... In the "proxiedEndpointStr" you need to set the protocol to "ssl":

proxiedEndpointStr = 'ssl:host=ldaps.corp.ca:port=636

peppelinux commented 4 years ago

Figure it out... In the "proxiedEndpointStr" you need to set the protocol to "ssl":

proxiedEndpointStr = 'ssl:host=ldaps.corp.ca:port=636

Great to hear that, I went further, developing pymultildap here: https://github.com/peppelinux/pyMultiLDAP