Hy
I'm starting learning flask but when I follow this documentation
I receive this error… Strange that using ldapsearch everything is fine….
Using:
- Ubuntu Focal
- python3.8
- python3-flask 1.1.1-2
- python3-flask-ldapconn 0.7.2-1
- python3-ldap3 2.4.1-2
- python3-openssl 19.0.0-1build1
- openssl 1.1.1f-1ubuntu1
- slapd 2.4.49+dfsg-2ubuntu1
ldap.conf:
BASE dc=contatogs,dc=com,dc=br
URI ldap://zeus7.contatogs.com.br
SIZELIMIT 0
TIMELIMIT 0
TLS_REQCERT demand
TLS_CACERT /etc/ssl/contatogs.com.br/cacert.pem
part of flask:
from flask import Flask, render_template
from flask_ldapconn import LDAPConn
app = Flask(__name__)
ldap = LDAPConn(app)
app.config['SECRET_KEY'] = 'lihflhdlkfhlkfh'
import ssl
LDAP_SERVER = 'zeus7.contatogs.com.br'
LDAP_PORT = 389
LDAP_BINDDN = 'cn=admin,dc=contatogs,dc=com,dc=br'
LDAP_SECRET = 'adminldap'
LDAP_TIMEOUT = 0
LDAP_USE_TLS = True # default
LDAP_REQUIRE_CERT = ssl.CERT_NONE # default: CERT_REQUIRED
LDAP_CA_CERTS_FILE = '/etc/ssl/contatogs.com.br/cacert.pem'
LDAP_CLIENT_PRIVATE_KEY = '/etc/ssl/contatogs.com.br/private/zeus7.contatogs.com.br.key.pem'
LDAP_CLIENT_CERT = '/etc/ssl/contatogs.com.br/newcerts/zeus7.contatogs.com.br.crt.pem'
When using ldapseach its ok:
ldapsearch -xLLLZZ -D cn=admin,dc=contatogs,dc=com,dc=br -w adminldap -H ldap://zeus7.contatogs.com.br | wc -l
Result: 5862
Where is my mistake?
Thanks in advanced
second round
Learning a little more about ldap3 I could see same error ( https://ldap3.readthedocs.io/en/latest/tutorial_intro.html)
python3
Python 3.8.2 (default, Mar 13 2020, 10:14:16)
[GCC 9.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
from ldap3 import Server, Connection, ALL, Tls
import ssl
tls_configuration = Tls(validate=ssl.CERT_REQUIRED, version=ssl.PROTOCOL_TLSv1)
server = Server('ipa.demo1.freeipa.org', use_ssl=True, tls=tls_configuration)
conn = Connection(server)
conn.open()
Traceback (most recent call last):
File "", line 1, in
File "/usr/lib/python3/dist-packages/ldap3/strategy/sync.py", line 56, in open
BaseStrategy.open(self, reset_usage, read_server_info)
File "/usr/lib/python3/dist-packages/ldap3/strategy/base.py", line 141, in open
raise exception_history0(exception_history[0][2])
ldap3.core.exceptions.LDAPSocketOpenError: (LDAPSocketOpenError('socket ssl wrapping error: [SSL] internal error (_ssl.c:1108)'),)
Maybe something about ssl/tls
Best Answer
Try changing the SSL config to accept older versions of TLS.
On Ubuntu edit /etc/ssl/openssl.cnf || In RHEL 8.1: /etc/crypto-policies/back-ends/opensslcnf.config and edit the below:
Note that this is a severe threat to security, but you can use it for testing and see if this helps.
ref:
https://takraw-s.medium.com/fix-errors-socket-ssl-wrapping-error-errno-104-connection-reset-by-peer-9c63c551cd7
https://github.com/cannatag/ldap3/issues/385
I hope it helps!