'how do i ldap authenticate with ldap3 and ssl, without a cert?
I would like to authenticate a user with LDAPS.
So my first try was to do that in LDAP:
import os
import socket
import sys
sys.path.append('C:\\Users\\User\\Python\\modules\\')
sys.path.append('C:\\Users\\User\\Python\\modules\\ldap3-2.9.1\\')
import pyasn1
from ldap3 import Server, Connection, SUBTREE, LEVEL, ALL
server = Server('ldapip', get_info='ALL')
con=Connection(server,'aduser','adpassword', auto_bind=True)
BASE_DN = "DC=something,DC=something"
login2b = 'mylogin'
password2 = 'mypassword'
login = login2b
con.search (BASE_DN, '(&(mailNickname='+login+'))', attributes=['*'])
user_dn = str(con.entries[0]['cn'])
print('Login : ',login)
print('user_dn : ',user_dn)
if not con.rebind(user=user_dn, password=password2):
print('error in rebind', con.result)
else:
print('user authentificated', con.result)
That worked, but i cant get the SSL Version working.
Thats my code so far:
import os
import socket
import sys
sys.path.append('C:\\Users\\User\\Python\\modules\\')
sys.path.append('C:\\Users\\User\\Python\\modules\\ldap3-2.9.1\\')
import pyasn1
import ssl
from ldap3 import Server, Connection, Tls, SUBTREE, LEVEL, ALL
tls_configuration = Tls(validate=ssl.CERT_NONE, version=ssl.PROTOCOL_TLSv1_2)
server = Server('ldapip:636', use_ssl=True, tls=tls_configuration)
con=Connection(server,'aduser','adpassword', auto_bind=True)
BASE_DN = "DC=something,DC=something"
login5 = 'mylogin'
password5 = 'mypassword'
login = login5
con.search (BASE_DN, '(&(mailNickname='+login+'))', attributes=['*'])
user_dn = str(con.entries[0]['cn'])
if not con.rebind(user=user_dn, password=password5):
print('error in rebind', con.result)
else:
print('user authentificated', con.result)
The Error i get:
======= RESTART: C:\Users\User\Python\pyproj\project1\ldapsminimal.py ======
Traceback (most recent call last):
File "C:\Users\User\Python\pyproj\project1\ldapsminimal.py", line 13, in <module>
con=Connection(server,'adreadonly','alsach57', auto_bind=True)
File "C:\Users\User\Python\modules\ldap3-2.9.1\ldap3\core\connection.py", line 363, in __init__
self._do_auto_bind()
File "C:\Users\User\Python\modules\ldap3-2.9.1\ldap3\core\connection.py", line 387, in _do_auto_bind
self.open(read_server_info=False)
File "C:\Users\User\Python\modules\ldap3-2.9.1\ldap3\strategy\sync.py", line 57, in open
BaseStrategy.open(self, reset_usage, read_server_info)
File "C:\Users\User\Python\modules\ldap3-2.9.1\ldap3\strategy\base.py", line 146, in open
raise exception_history[0][0]
ldap3.core.exceptions.LDAPSocketOpenError: socket ssl wrapping error: [WinError 10054] Eine vorhandene Verbindung wurde vom Remotehost geschlossen
As far as i understand the change is only the server configuration incl. the tls configuration.
- I use validate=ssl.CERT_NONE because i dont want/need to use a cert.
- I use version=ssl.PROTOCOL_TLSv1_2 because i dont know which protocol the ldap is using.
I would like to know what i am doing wrong and a little push in the right direction...
Update: actual code:
import os
import socket
import sys
sys.path.append('C:\\Users\\User\\Python\\modules\\')
sys.path.append('C:\\Users\\User\\Python\\modules\\ldap3-2.9.1\\')
import pyasn1
import ssl
from ldap3 import Server, Connection, SAFE_SYNC, Tls, NTLM, SUBTREE, LEVEL, ALL
authuser = userdn
authpassword = userpassword
aduser = aduser
adpassword = adpassword
BASE_DN = "DC=Something,DC=Something"
t = Tls(validate=ssl.CERT_NONE)
server = Server(host='ldapip', port=636, use_ssl = True, tls=t, get_info='ALL')
con = Connection(server, user=aduser, password=adpassword, client_strategy=SAFE_SYNC , auto_bind='NONE', version=3, authentication='SIMPLE')
#con.bind()
con.unbind()
If i bind(), rebind() or open()i get : ldap3.core.exceptions.LDAPSocketOpenError: socket ssl wrapping error: [WinError 10054] And the connection was closed.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|