Назад | Перейти на главную страницу

flask-ldapconn не работает с start_tls

Я пытаюсь настроить flask-ldapconn, но не работает.

Использование python3-ldap3 работает нормально. Я почти всегда считаю, что это неправильная конфигурация.

мой python3-ldap3 работает с openldap + start_tls + сильной аутентификацией:

tls_configurations = Tls(
        ca_certs_file = cacert, 
        local_private_key_file = serverkey, 
        local_certificate_file = servercrt, 
        validate=ssl.CERT_REQUIRED)

server = Server( hostnamef,
        get_info=ALL, 
        tls=tls_configurations)

conn = Connection(server, user=cn, 
password=password, auto_bind=**AUTO_BIND_TLS_BEFORE_BIND** )

conn.start_tls()

Я потратил 2 недели, прежде чем обнаружил, что мне следует использовать auto_bind = AUTO_BIND_TLS_BEFORE_BIND для работы с openldap + tls + сильная аутентификация ... 80)

Как я могу использовать эту конфигурацию в ldap_conn?

from flask import Flask, render_template
from flask_ldapconn import LDAPConn

app = Flask(__name__)
ldap = LDAPConn(app)
app.config['SECRET_KEY'] = 'lihflhdlkfhlkfh'

import ssl


LDAP_SERVER = hostnamef
LDAP_BINDDN = cn
LDAP_SECRET = password
LDAP_TIMEOUT = 10
LDAP_PORT = 389
LDAP_READ_ONLY =  False
LDAP_RAISE_EXCEPTIONS = True
LDAP_CONNECTION_STRATEGY = 'SYNC'
LDAP_USE_SSL = False
LDAP_USE_TLS = True
LDAP_TLS_VERSION = 'ssl.PROTOCOL_TLSv1'
LDAP_REQUIRE_CERT = 'ssl.CERT_REQUIRED'
LDAP_CA_CERTS_FILE = cacert
LDAP_CLIENT_PRIVATE_KEY = serverkey
LDAP_CLIENT_CERT = servercrt
FORCE_ATTRIBUTE_VALUE_AS_LIST = True


@app.route('/', methods=['GET', 'POST'])
def index():
    ldapc = ldap.connection
    basedn = 'ou=users,dc=xxx,dc=com'
    search_filter = '(objectClass=posixAccount)'
    attributes = ['sn', 'givenName', 'uid']
    ldapc.search(basedn, search_filter, attributes=attributes)
    response = ldapc.response
    return render_template('index.html', response)


if __name__ == '__main__':
    app.run(debug=True, host='0.0.0.0')

Запущенная фляжка получаю:

Traceback (most recent call last)
File "/usr/lib/python3/dist-packages/flask/app.py", line 2463, in __call__
return self.wsgi_app(environ, start_response)
File "/usr/lib/python3/dist-packages/flask/app.py", line 2449, in wsgi_app
response = self.handle_exception(e)
File "/usr/lib/python3/dist-packages/flask/app.py", line 1866, in handle_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib/python3/dist-packages/flask/_compat.py", line 39, in reraise
raise value
File "/usr/lib/python3/dist-packages/flask/app.py", line 2446, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib/python3/dist-packages/flask/app.py", line 1951, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/lib/python3/dist-packages/flask/app.py", line 1820, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib/python3/dist-packages/flask/_compat.py", line 39, in reraise
raise value
File "/usr/lib/python3/dist-packages/flask/app.py", line 1949, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib/python3/dist-packages/flask/app.py", line 1935, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/usr/share/painel/index.py", line 33, in index
ldapc = ldap.connection
File "/usr/lib/python3/dist-packages/flask_ldapconn/__init__.py", line 116, in connection
ctx.ldap_conn = self.connect(
File "/usr/lib/python3/dist-packages/flask_ldapconn/__init__.py", line 93, in connect
ldap_conn = Connection(
File "/usr/lib/python3/dist-packages/ldap3/core/connection.py", line 321, in __init__
self.do_auto_bind()
File "/usr/lib/python3/dist-packages/ldap3/core/connection.py", line 336, in do_auto_bind
self.open(read_server_info=False)
File "/usr/lib/python3/dist-packages/ldap3/strategy/sync.py", line 56, in open
BaseStrategy.open(self, reset_usage, read_server_info)
File "/usr/lib/python3/dist-packages/ldap3/strategy/base.py", line 153, in open
self.connection.do_auto_bind()
File "/usr/lib/python3/dist-packages/ldap3/core/connection.py", line 340, in do_auto_bind
self.start_tls(read_server_info=False)
File "/usr/lib/python3/dist-packages/ldap3/core/connection.py", line 1215, in start_tls
if self.server.tls.start_tls(self) and self.strategy.sync:  # for asynchronous connections _start_tls is run by the strategy
File "/usr/lib/python3/dist-packages/ldap3/core/tls.py", line 274, in start_tls
return self._start_tls(connection)
File "/usr/lib/python3/dist-packages/ldap3/core/tls.py", line 289, in _start_tls
raise start_tls_exception_factory(LDAPStartTLSError, exc)(connection.last_error)
ldap3.core.exceptions.LDAPStartTLSError: ('wrap socket error: [SSL] internal error (_ssl.c:1108)',)