如何将 startTLS 与 ldaptor 一起使用？

发布于 2024-11-19 08:32:22 字数 1395 浏览 5 评论 0原文

我正在尝试使用 ldaptor 通过 startTLS 连接到 LDAP 服务器。在互联网上搜索并尝试自己，我得到了这段代码：

from ldaptor.protocols.ldap import ldapclient, ldapsyntax, ldapconnector, distinguishedname
[...]
def main(base, serviceLocationOverrides):
    c=ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient)
    d = c.connect(base, serviceLocationOverrides)
    d.addCallbacks(lambda proto: proto.startTLS(), error)
    [...]
    d.addErrback(error)
    d.addBoth(lambda dummy: reactor.stop())
    reactor.run()

但代码退出时出现 AssertionError:

[Failure instance: Traceback: <type 'exceptions.AssertionError'>: 
/usr/lib/python2.7/dist-packages/twisted/internet/base.py:1167:mainLoop
/usr/lib/python2.7/dist-packages/twisted/internet/base.py:789:runUntilCurrent
/usr/lib/python2.7/dist-packages/twisted/internet/defer.py:361:callback
/usr/lib/python2.7/dist-packages/twisted/internet/defer.py:455:_startRunCallbacks
--- <exception caught here> ---
/usr/lib/python2.7/dist-packages/twisted/internet/defer.py:542:_runCallbacks
/usr/lib/pymodules/python2.7/ldaptor/protocols/ldap/ldapclient.py:239:_startTLS
/usr/lib/pymodules/python2.7/ldaptor/protocols/pureldap.py:1278:__init__
/usr/lib/pymodules/python2.7/ldaptor/protocols/pureldap.py:1144:__init__
]

我试图在 ldaptor 代码中查找有罪的断言，但似乎一切正常。有人成功使用 ldaptorClient startTLS 吗？代码片段？

非常感谢你

再见

原文

I'm trying to use ldaptor to connect via startTLS to a LDAP server. Searching on internet and trying myself I arrived to this snippet of code:

from ldaptor.protocols.ldap import ldapclient, ldapsyntax, ldapconnector, distinguishedname
[...]
def main(base, serviceLocationOverrides):
    c=ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient)
    d = c.connect(base, serviceLocationOverrides)
    d.addCallbacks(lambda proto: proto.startTLS(), error)
    [...]
    d.addErrback(error)
    d.addBoth(lambda dummy: reactor.stop())
    reactor.run()

but the code exits with an AssertionError:

[Failure instance: Traceback: <type 'exceptions.AssertionError'>: 
/usr/lib/python2.7/dist-packages/twisted/internet/base.py:1167:mainLoop
/usr/lib/python2.7/dist-packages/twisted/internet/base.py:789:runUntilCurrent
/usr/lib/python2.7/dist-packages/twisted/internet/defer.py:361:callback
/usr/lib/python2.7/dist-packages/twisted/internet/defer.py:455:_startRunCallbacks
--- <exception caught here> ---
/usr/lib/python2.7/dist-packages/twisted/internet/defer.py:542:_runCallbacks
/usr/lib/pymodules/python2.7/ldaptor/protocols/ldap/ldapclient.py:239:_startTLS
/usr/lib/pymodules/python2.7/ldaptor/protocols/pureldap.py:1278:__init__
/usr/lib/pymodules/python2.7/ldaptor/protocols/pureldap.py:1144:__init__
]

I have tried to look in ldaptor code for the incriminated assertion but seems all ok.
Is there someone who succeded in using ldaptorClient startTLS?
A code snippet?

Thank you very much

Bye

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

梦过后 2024-11-26 08:32:22

我很确定你的问题是我不久前遇到的问题。在 ldaptor/protocols/pureldap.py 中，第 1144 行断言 LDAPExtendedRequest requestValue 必须是字符串。但根据 RFC 2251，该值是可选的，并且特别不应出现在 startTLS 请求中。

所以你的做法是正确的；这只是 ldaptor 中的一个主要错误。据我所知，作者仅使用不带 TLS 的简单绑定进行测试。您需要在 pureldap.py 中注释掉该行。如果您在部署此程序时期望用户下载或轻松安装 ldaptor，那么您需要在自己的代码中创建 LDAPExtendedRequest 类的固定副本，并在运行时将其子化。

由于不得不使用 ldaptor 维护一个项目好几年了，我强烈建议您在可能的情况下切换到 python-ldap。由于它包装了 OpenLDAP 库，因此构建起来可能会困难得多，尤其是在完全支持 SSL/SASL 的情况下。但这是非常值得的，因为 ldaptor 的问题比您遇到的问题要多得多。

回复收藏 0 原文

浅黛梨妆こ 2024-11-26 08:32:22

使用 https://github.com/twisted/ldaptor 中的 ldaptor 0.0.54，我使用时没有任何问题启动TLS。

这是代码：

#! /usr/bin/env python


from twisted.internet import reactor, defer
from ldaptor.protocols.ldap import ldapclient, ldapsyntax, ldapconnector

@defer.inlineCallbacks
def example():
    serverip = 'your.server.name.or.ip'
    basedn = 'o=Organization'
    binddn = 'cn=admin,o=Organization'
    bindpw = 'Sekret'
    query = '(uid=jetsong)'
    c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient)
    overrides = {basedn: (serverip, 389)}
    client = yield c.connect(basedn, overrides=overrides)
    client = yield client.startTLS()
    yield client.bind(binddn, bindpw)
    o = ldapsyntax.LDAPEntry(client, basedn)
    results = yield o.search(filterText=query)
    for entry in results:
        print entry

if __name__ == '__main__':
    df = example()
    df.addErrback(lambda err: err.printTraceback())
    df.addCallback(lambda _: reactor.stop())
    reactor.run()

Using ldaptor 0.0.54 from https://github.com/twisted/ldaptor, I had no problems using StartTLS.

Here is the code:

#! /usr/bin/env python


from twisted.internet import reactor, defer
from ldaptor.protocols.ldap import ldapclient, ldapsyntax, ldapconnector

@defer.inlineCallbacks
def example():
    serverip = 'your.server.name.or.ip'
    basedn = 'o=Organization'
    binddn = 'cn=admin,o=Organization'
    bindpw = 'Sekret'
    query = '(uid=jetsong)'
    c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient)
    overrides = {basedn: (serverip, 389)}
    client = yield c.connect(basedn, overrides=overrides)
    client = yield client.startTLS()
    yield client.bind(binddn, bindpw)
    o = ldapsyntax.LDAPEntry(client, basedn)
    results = yield o.search(filterText=query)
    for entry in results:
        print entry

if __name__ == '__main__':
    df = example()
    df.addErrback(lambda err: err.printTraceback())
    df.addCallback(lambda _: reactor.stop())
    reactor.run()

回复收藏 0 原文

~没有更多了~