ldaptor icon indicating copy to clipboard operation
ldaptor copied to clipboard

Published 20 hours ago verified publisher icon twisted

(TLS negotiation failure) when connecting to ldaps://fqdn:636 server

Open peppelinux opened this issue 5 years ago • 3 comments

Using ldap-merger.tac I cannot connect to ldaps port 636. No problem to port 389 with or without start TLS. Tracelog here:

2019-07-19T01:27:42+0200 [twisted.internet.defer#critical] Unhandled error in Deferred:
2019-07-19T01:27:42+0200 [twisted.internet.defer#critical] 
	Traceback (most recent call last):
	  File "/home/wert/ldaptor/env/lib/python3.5/site-packages/twisted/internet/tcp.py", line 327, in connectionLost
	    protocol.connectionLost(reason)
	  File "/home/wert/ldaptor/env/lib/python3.5/site-packages/ldaptor/protocols/ldap/ldapclient.py", line 85, in connectionLost
	    d.errback(reason)
	  File "/home/wert/ldaptor/env/lib/python3.5/site-packages/twisted/internet/defer.py", line 501, in errback
	    self._startRunCallbacks(fail)
	  File "/home/wert/ldaptor/env/lib/python3.5/site-packages/twisted/internet/defer.py", line 568, in _startRunCallbacks
	    self._runCallbacks()
	--- <exception caught here> ---
	  File "/home/wert/ldaptor/env/lib/python3.5/site-packages/twisted/internet/defer.py", line 654, in _runCallbacks
	    current.result = callback(current.result, *args, **kw)
	  File "/home/wert/ldaptor/env/lib/python3.5/site-packages/ldaptor/protocols/ldap/merger.py", line 40, in _failConnection
	    raise ldaperrors.LDAPOther("Cannot connect to server.{}".format(reason))
	ldaptor.protocols.ldap.ldaperrors.LDAPOther: other: Cannot connect to server.[Failure instance: Traceback (failure with no frames): <class 'twisted.internet.error.ConnectionDone'>: Connection was closed cleanly.

These server are usable with ldapsearch and/or python ldap3. Any hints?

peppelinux avatar Jul 18 '19 23:07 peppelinux

Hello,

I know this is a year old but wondering if you managed to find a solution as I seem to be hitting a similar problem...

I am able to use the proxy to connect to ldap servers that do not require TLS (on 389) however connecting to ldaps port 636 through the proxy returns a connection error.

Thanks in advance.

shayant85 avatar Jul 21 '20 18:07 shayant85

Figure it out... In the "proxiedEndpointStr" you need to set the protocol to "ssl":

proxiedEndpointStr = 'ssl:host=ldaps.corp.ca:port=636

shayant85 avatar Jul 22 '20 12:07 shayant85

Figure it out... In the "proxiedEndpointStr" you need to set the protocol to "ssl":

proxiedEndpointStr = 'ssl:host=ldaps.corp.ca:port=636

Great to hear that, I went further, developing pymultildap here: https://github.com/peppelinux/pyMultiLDAP

peppelinux avatar Jul 23 '20 03:07 peppelinux