OpenStack Identity (keystone)

  1. Bug #1209343
  2. Comment #5

Comment 5 for bug 1209343

Revision history for this message
Mark Miller (mark-m-miller) wrote : Re: Split backend does not provide ldap.set_option(ldap.OPT_X_TLS_CACERTFILE) for ldaps connections

I just tested the HP Enterprise Directory LDAP connection using an "ldap" connection with "user_tls=True" and it works so we have a viable solution. However, I still think that LDAPS connections should allow for certificates as this is a standard connection methodology with LDAPS:

The following link has a code sample that matches the example from the HP Enterprise Directory web site:

    http://www.techques.com/question/1-2193362/How-to-connect-to-a-LDAP-server-using-a-p12-certificate

----

    ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, "/path/to/trustedcerts.pem")
    ldap.set_option(ldap.OPT_X_TLS_CERTFILE, "/path/to/usercert.pem")
    ldap.set_option(ldap.OPT_X_TLS_KEYFILE, "/path/to/user.key.pem")

    ds = ldap.initialize("ldaps://ldap.example.com:port/")
    # If using START_TLS instead of ldaps:
    # ds = ldap.initialize("ldap://ldap.example.com:port/")
    # ds.start_tls_s()