Python 3 LDAPS with self-signed certificate

ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': []}
ldap.set_option(ldap.OPT_DEBUG_LEVEL, 255)
alert write:warning:close notify
> curl ldaps://fqdn:636
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
> openssl s_client -connect your-ldap-fqdn:636 -showcerts -verify 5
> keytool -printcert -sslserver your-ldap-fqdn:636 > mycert.pem

Trust the certificate in the Python/Django

import ldap
ldap.set_option(ldap.OPT_DEBUG_LEVEL,255)
cert_file = '/path/to/mycert.pem'
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, cert_file)
AUTH_LDAP_CONNECTION_OPTIONS: 
ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_ALLOW,
ldap.OPT_X_TLS_CACERTFILE: '/path/to/mycert.pem',
ldap.OPT_X_TLS_NEWCTX: 0
}

Trust the certificate in the OS

> cp mycert.pem /etc/pki/ca-trust/source/anchors/
> update-ca-trust

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store