1

I want to use ldap3 with python 3.9 to connect and update my password from MS AD.

server = Server('my_server')
conn = Connection(server, USER, PASS, authentication=NTLM)
conn.bind()
conn.start_tls()

The conn.bind() is True, but when I do the conn.start_tls() I got this error:

Nico/Documents/env/lib/python3.9/site-packages/ldap3/core/connection.py in start_tls(self, read_server_info)
   1312                 if self.closed:
   1313                     self.open()
-> 1314                 if self.server.tls.start_tls(self) and self.strategy.sync:  # for asynchronous connections _start_tls is run by the strategy
   1315                     if read_server_info:
   1316                         self.refresh_server_info()  # refresh server info as per RFC4515 (3.1.5)

Nico/Documents/env/lib/python3.9/site-packages/ldap3/core/tls.py in start_tls(self, connection)
    275                 if log_enabled(ERROR):
    276                     log(ERROR, '%s for <%s>', connection.last_error, connection)
--> 277                 raise LDAPStartTLSError(connection.last_error)
    278             if log_enabled(BASIC):
    279                 log(BASIC, 'tls started for <%s>', connection)

LDAPStartTLSError: startTLS failed - unavailable

My conn.result:

{'result': 52,
 'description': 'unavailable',
 'dn': '',
 'message': '00000000: LdapErr: DSID-0C0912C4, comment: Error initializing SSL/TLS, data 0, v3839\x00',
 'referrals': None,
 'responseName': '1.3.6.1.4.1.1466.20037',
 'responseValue': b'',
 'type': 'extendedResp'}

If I try to do server = Server('my_server', use_ssl=True) then, I'm not able to do conn.bind()

LDAPSocketOpenError: socket ssl wrapping error: [Errno 54] Connection reset by peer

Any help?

Thanks in advance!

Nico
  • 11
  • 3
  • Are you using a plain username or a Distinguished Name (DN)? Did you try setting auto-bind to true when setting the connection? – zmike Apr 23 '21 at 20:59
  • I'm using a plain username: user="Domain\\User". I've tried auto-bind when settings the connection and It worked, but the problem is the `conn.result` that is throwing the error I posted. – Nico Apr 26 '21 at 12:32
  • You might need to use a Distinguished Name for the Username, e.g. `CN=Jeff Smith,OU=Sales,DC=Fabrikam,DC=COM`. https://learn.microsoft.com/en-us/previous-versions/windows/desktop/ldap/distinguished-names – zmike Apr 26 '21 at 18:17
  • Well.. The solution was try with another server that supports LDAP and LDAPS. Also I needed the DN to change the password for my AD. Now I can connect to my sv using port `389` and then make a `conn.start_tls()` – Nico Apr 27 '21 at 12:54

0 Answers0