Is the set of trusted CA certs exactly the same on both systems? Note that on Debian libldap is linked against GnuTLS. In this case the ldap.SERVER_DOWN exception does not contain a useful diagnostic message. When linking libldap against OpenSSL a message generated by OpenSSL is returned by libldap as diagnostic message.
Ciao, Michael.
Gareth Walters (2K Australia) wrote:
>
> Package: python-ldap
> Version: 2.4.10-1
> Severity: important
>
> Dear Maintainer,
> While trying to get a python scrip tof mine to work in Wheezy (have it
> running in Squeeze and several other OSs)
> I come across this error when using ldaps://
>
> ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}
> The server is up and the same script is working on the Squeeze machine.
>
> Its talking to Windows AD 2008 R2
>
> the minimal code to reproduce is;
> import ldap
> myldap=ldap.initialize("ldaps://xx.xx.xx.100")
> myldap.bind_s('bindDN','bindPASS')
>
> but this works
> import ldap
> myldap=ldap.initialize("ldap://xx.xx.xx.100";)
> myldap.bind_s('bindDN','bindPASS')
>
> Does not even get far enough to give a certificate error as would
> notmally happen without allow unverified/trusted SSL cert.
>
>
> Output when setting ldap debug on;
>
> ldap_create
> ldap_url_parse_ext(ldaps://xx.xx.xx.105)
> ldap_url_parse_ext(ldaps://xx.xx.xx.100)
> ldap_sasl_bind
> ldap_send_initial_request
> ldap_new_connection 1 1 0
> ldap_int_open_connection
> ldap_connect_to_host: TCP xx.xx.xx.100:636
> ldap_new_socket: 3
> ldap_prepare_socket: 3
> ldap_connect_to_host: Trying xx.xx.xx.100:636
> ldap_pvt_connect: fd: 3 tm: -1 async: 0
> ldap_int_open_connection
> ldap_connect_to_host: TCP xx.xx.xx.105:636
> ldap_new_socket: 5
> ldap_prepare_socket: 5
> ldap_connect_to_host: Trying xx.xx.xx.105:636
> ldap_pvt_connect: fd: 5 tm: -1 async: 0
> ldap_err2string
> Traceback (most recent call last):
> File "./adauth.py", line 71, in <module>
>
> myldap.bind_s(config.get('ldap','bindDN'),config.get('ldap','bindPASS'))
> File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 222,
> in bind_s
> msgid = self.bind(who,cred,method)
> File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 216,
> in bind
> return self.simple_bind(who,cred)
> File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 201,
> in simple_bind
> return
> self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(server
> ctrls),RequestControlTuples(clientctrls))
> File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 99,
> in _ldap_call
> result = func(*args,**kwargs)
> ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}
>
>
>
> -- System Information:
> Debian Release: 7.0
> APT prefers testing
> APT policy: (500, 'testing')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
> Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
> Versions of packages python-ldap depends on:
> ii libc6 2.13-38
> ii libldap-2.4-2 2.4.31-1
> ii python 2.7.3-4
> ii python2.7 2.7.3-6
>
> python-ldap recommends no packages.
>
> Versions of packages python-ldap suggests:
> pn python-ldap-doc <none>
> pn python-pyasn1 <none>
>
> -- no debconf information
smime.p7s
Description: S/MIME Cryptographic Signature
