python - How to connect to a LDAP server using a p12 certificate -


I want to connect to an LDAP server instead of using a .p12 certificate instead of using a username and password. Java solution looks for this 

  string ldapURL = "ldaps: //" + host + ":" + port; System.setProperty ("javax.net.ssl.keyStoreType", "PKCS 12"); System.setProperty ("javax.net.ssl.keyStore", keystroke); System.setProperty ("javax.net.ssl.keyStorePassword", keystore password); Hashtable env = new hashtable (); Env.put (Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); Env.put (references. PROVIDER_URL, ldapURL); Env.put (Context.SECURITY_PROTOCOL, "SSL"); Env.put (reference. REFERRAL, "Follow"); Try {// Initial Reference LdapContext ctx = New InitialLdapContext (env, null); // TLS credentials ctx.addToEnvironment (reference. SECURITY_AUTHENICATION, "External") to authenticate clients; SearchControls ctls = New SearchControls (); // string filter = "(object class = *) to match the search filter"; // Find objects using filters naming Nomination answer = CTX. Search ("ou =" + AMM type [I] + "," + site specific money, filter, CTL); ...

Can I do the same using Python? I can see an example example how to connect to a LDAP server using Python-ldap using a username and password, but it is not what I want. if this. If it is not possible to use the P12 certificate, it will also help me, if there is a solution using x509 certificates (.pem format).

If you use Python-LDAP, you can use these parameters to set You can. 

  Ldpkset_opshn (Ldpkopt_ksh_tls_kakertfile, "/pth/to/trustedsrtskpem") Ldpkset_opshn (Ldpkopt_ksh_tls_srtfile, "/pth/to/userkertkpem") LDAP. set_option (ldap.OPT_X_TLS_KEYFILE, "/path/to/user.key.pem") DS = ldap.initialize ( "ldaps: //ldap.example.com: port /" # ds = ldap.initialize () # If instead START_TLS using ldaps "ldap: //ldap.example.com: port /") # ds.start_tls_s ()

in this case:

  • trustedcerts .pem is equivalent to the Trust Store. This is a combination of trusted certificates that you want in PEM format. You can also OPT_X_TLS_CACERTFILE with individual can use a list with the certificate, but I think it is not supported by GNUTLS, so it depends on which TLS library Python-ldap And its OpenLDAP client library has been compiled against. More information on built-in direcives in
  • usercert.pem The certificate is in PEM format (if you extracted from your PKCS # 12 file)
  • user.key .pem is your private key (again, it should be removed from p12 file)

certificate and key extraction file OpenSSL from a PKCS # 12 with the use of this can be done: 

  openssl PKCS12 -in userstore.p12 -clcerts -nokeys out usercert.pem openssl PKCS12 -in userstore.p12 -nocerts - Note: If you have the private key (user.key .pem) in this manner ( -nodes ) For,

Note: strong> this will not be password-protected , so you have to make sure that this file is not readable by anyone else. I do not think that OpenLDAP (and its python binding too low) gives you a password interactively to solve that problem, but I'm not sure.


Comments

Post a Comment

Popular posts from this blog

sql - dynamically varied number of conditions in the 'where' statement using LINQ -

I am using my first project LINQ (in mvc), so maybe there's something very simple that I remember. However, a day of searching and experimenting does not work, so it works. I am trying to write a LINQ query (Linux to SQL) in which in many cases where the statement is different from an OR or an AND. We do not know how many conditions are going in the query till runtime. This search is for filter control, where the user can choose multiple criteria for filtering. Select from table where table.col = 1 or table.col = 2 or table.col = 7 .... 'Other number of conditions Before I just create the SQL query as a string, while looping over all the situations. However, it seems that there should be a good way to do this in LINQ. I tried to use Expression trees, but they had a second thought for this moment on my head, where the lambda function was to be executed inside the statement such as: values ​​for matchingRows = matchingRows for each value Where (function (row) row.c...
Read more

asp.net mvc - Dynamically Generated Ajax.BeginForm -

I have a problem with ASP.NET MVC Ajax forms. I generate many Ajax form in a table such as: & Lt; Input type = "submit" name = "activity" value = "add activity" / & gt; & Lt;%}% & gt; & Lt; / TD & gt; & Lt; / TR & gt; & Lt;%}% & gt; So far so good. When I post one of those forms, it gives a partial view in a div, and in this new partial view a new Ajax Beginnform (which is not in Genesis form) This second Ajax Beginnorf is exactly like the ones I got on the table, but when I post it, I do not get the "Ajax Post", but a normal post that sends me to a new page, I do not know whether the two Ajax forms What is the reason for the difference between, why is it the "dynamically generated" Ajax form behaves like a normal HTML form? By the way, I know that I can do it in different ways using javascript, but I would like to understand whether it can only be done using MVC helplars and Ajax lib...
Read more

Debug on symbian -

I am using trk for phone debug This works well for the Holorld project But when I start the project in phone debug mode 1) the load failed 2) TrkProtocolPlugin: to target the specified file Failure (please verify If any body understands what problem I am experiencing, then this problem helps me Pre-release If the application has the privileges assigned (with the appropriate certificate) itemprop = "text" > In your case, I will check: / li> If there is no conflict of application ID with any other application of device If there are problematic commands in the installation package (for example copy copy for non-accessible directories)
Read more