I have a random error (Windows with Python 3.8) while query to DC (Active directory) via LDAP3.
I use a passwordless (Passwordless Python LDAP3 authentication from Windows client)
Running the program again and again works, but sometimes I get this error. Error: ("('socket ssl wrapping error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate chain too long (_ssl.c:1108)',)",)
Simple code below:
from ldap3 import Server, Connection, ALL, NTLM, ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES,
AUTO_BIND_NO_TLS, SUBTREE, BASE, LEVEL, Tls
from ldap3 import SASL, GSSAPI #for passwordless conection
from ldap3.core.exceptions import LDAPCursorError, LDAPSocketOpenError
import ssl
tls_configuration = Tls(validate=ssl.CERT_REQUIRED, version=ssl.PROTOCOL_TLSv1)
server = Server("DC-hostname-here", get_info=ALL, use_ssl=True, tls=tls_configuration)
try: #the random error is triggered here
conn = Connection(server, authentication=SASL, auto_bind=True, auto_referrals=False, sasl_mechanism=GSSAPI)
except Exception as e:
print(e)
#If no fail, u can do some search, example:
conn.search('DC=youdomin,DC=XXXX,DC=com', '(sAMAccountName=some_group_to_searche)', search_scope=SUBTREE, attributes=['distinguishedName'])
print(conn.entries[0].distinguishedName[0])
conn.unbind()
- Why do I have this random error?
- How to solve it?
- Is this code secure? I mean, is the connection really encripted with certificates?
Thanks in advance
Aucun commentaire:
Enregistrer un commentaire