The actual requirement is that I have to achieve LDAP authentication for my organisation's internal web application which is being built on Django but not able to do so by far.
Therefore, I have decided to check if i'm able to establish the connection using the python-ldap module.
the details of the ldap server that I have:
server1 = dc3.something-software.com
server2 = dc5.something-software.com
and the python code:
def main(server="ldap://dc5.something-software.com", who='', cred=""):
try:
l = ldap.initialize(server)
l.simple_bind_s(who, cred)
if l:
print("Successfully connected")
l.search_s("[email protected],dc=something-software,dc=com",
ldap.SCOPE_SUBTREE)
except Exception as e:
print(e)
return True
and this is giving me the following output
Successfully connected
{'msgtype': 101, 'msgid': 2, 'result': 1, 'desc': 'Operations error', 'ctrls': [], 'info': '000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580'}
implying that i'm actually able to connect to my ldap but not able to do anything else?
Im working on a windows operating system and I have tried the answers suggested for other similar questions though they've been mostly addressed for *NIX operating systems.
Thanks.
Based on the certificate error in your latest comment above, the directory server's SSL certificate is not trusted. Two solutions -- one is to ignore certificate problems, the second is to establish a trust. Ignoring cert errors is easy but less secure (i.e. I can make myself a cert that says I am yourhost.example.com ... and if you're not checking certificate validity, you'll happily communicate with my fake yourhost.example.com). Establishing the trust takes a little more effort and may create ongoing maintenance. Check the expiry date on the signing server ... you may need need to update the CA public key occasionally (some orgs just make 100 year expiring CA certs to avoid this, but some have their CA key renewed every year or five). Either way, you want to add a line before you start tls negotiation (con.start_tls_s).
To ignore certificate errors, add:
To establish a trust with the CA used to sign the directory server's key, you'll need to get the public key used to sign the certificate. Sometimes you can just ask the people who maintain the directory server -- I've got a zipped up copy of mine on a URL I send to people. But, if they don't have it, there are other ways to grab the cert. The OpenSSL client is a good one. Once you have the public key used to sign the directory server cert, use
Once you do one of these two things, you should be able to start the TLS session successfully.