Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(TLS negotiation failure) when connecting to ldaps://fqdn:636 server #151

Open
peppelinux opened this issue Jul 18, 2019 · 3 comments
Open

Comments

@peppelinux
Copy link

Using ldap-merger.tac I cannot connect to ldaps port 636.
No problem to port 389 with or without start TLS.
Tracelog here:

2019-07-19T01:27:42+0200 [twisted.internet.defer#critical] Unhandled error in Deferred:
2019-07-19T01:27:42+0200 [twisted.internet.defer#critical] 
	Traceback (most recent call last):
	  File "/home/wert/ldaptor/env/lib/python3.5/site-packages/twisted/internet/tcp.py", line 327, in connectionLost
	    protocol.connectionLost(reason)
	  File "/home/wert/ldaptor/env/lib/python3.5/site-packages/ldaptor/protocols/ldap/ldapclient.py", line 85, in connectionLost
	    d.errback(reason)
	  File "/home/wert/ldaptor/env/lib/python3.5/site-packages/twisted/internet/defer.py", line 501, in errback
	    self._startRunCallbacks(fail)
	  File "/home/wert/ldaptor/env/lib/python3.5/site-packages/twisted/internet/defer.py", line 568, in _startRunCallbacks
	    self._runCallbacks()
	--- <exception caught here> ---
	  File "/home/wert/ldaptor/env/lib/python3.5/site-packages/twisted/internet/defer.py", line 654, in _runCallbacks
	    current.result = callback(current.result, *args, **kw)
	  File "/home/wert/ldaptor/env/lib/python3.5/site-packages/ldaptor/protocols/ldap/merger.py", line 40, in _failConnection
	    raise ldaperrors.LDAPOther("Cannot connect to server.{}".format(reason))
	ldaptor.protocols.ldap.ldaperrors.LDAPOther: other: Cannot connect to server.[Failure instance: Traceback (failure with no frames): <class 'twisted.internet.error.ConnectionDone'>: Connection was closed cleanly.

These server are usable with ldapsearch and/or python ldap3.
Any hints?

@stalaiya
Copy link

Hello,

I know this is a year old but wondering if you managed to find a solution as I seem to be hitting a similar problem...

I am able to use the proxy to connect to ldap servers that do not require TLS (on 389) however connecting to ldaps port 636 through the proxy returns a connection error.

Thanks in advance.

@stalaiya
Copy link

Figure it out... In the "proxiedEndpointStr" you need to set the protocol to "ssl":

proxiedEndpointStr = 'ssl:host=ldaps.corp.ca:port=636

@peppelinux
Copy link
Author

Figure it out... In the "proxiedEndpointStr" you need to set the protocol to "ssl":

proxiedEndpointStr = 'ssl:host=ldaps.corp.ca:port=636

Great to hear that, I went further, developing pymultildap here:
https://github.com/peppelinux/pyMultiLDAP

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants