LDAP connection problem with self-signed cert

Question

The code I am using:

# Create LDAPObject instance
conn = ldap.initialize(url)
conn.protocol_version=ldap.VERSION3

conn.simple_bind_s(binddn,bindpw)
# This raises:
# ldap.SERVER_DOWN: 
    {'info': 'error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed', 'desc': "Can't contact LDAP server"}

When I use ldap:// instead of ldaps://, it works correctly.

Can anybody help me figure out why this is?

Thanks. :)

Answer 1

I've never used python-ldap over SSL but I believe you have to tell ldap what checks to perform on the server certificate. If this is set to demand (which might be the default), you have to give it valid certs.

See the initialize.py in the Demo directory the source.