I am stuck using python-ldap (used by flask_appbuilder) for a project. I noticed that the python-ldap is failing with "Error initializing SSL/TLS". To verify that my ldap settings were correct, I wrote a script using ldap3 alongside python-ldap and noticed that ldap3 succeeds when using the same configuration as python-ldap.
The test code is:
import ldap3
import ldap
import ssl
URL = 'ldaps://....example.com:636'
USER = 'CN=...'
PASS = '...'
SEARCH = 'OU=...'
FILTER = '(&(objectClass=user))'
# ldap3
server = ldap3.Server(
URL,
use_ssl=True,
tls=ldap3.Tls(validate=ssl.CERT_REQUIRED),
)
conn = ldap3.Connection(server, USER, PASS)
conn.bind()
conn.search(SEARCH, FILTER)
# python-ldap
con = ldap.initialize(URL, 4)
con.set_option(ldap.OPT_REFERRALS, 0)
con.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
con.set_option(ldap.OPT_X_TLS_NEWCTX,0)
con.start_tls_s()
con.bind_s(USER, PASS)
I am able to successfully get results from the ldap3 block, but when the python-ldap start_tls_s block is reached I get:
ldap.UNAVAILABLE: {'info': u'00000000: LdapErr: DSID-0C091338, comment: Error initializing SSL/TLS, data 0, v4563', 'desc': u'Server is unavailable'}
The behaviour is consistent across both my laptop and a test machine (both are linux boxes). Does anyone know why this difference occurs?
Related
I'm unable to connect to Neo4j using neo4j-python-driver version 5.3.0.
Requirement is using Neo4j python driver to query NEO4J DB using cypher queries.
It gives the error failed to connect to server even when the database is up and running and i can able to login and use through NEO4J Desktop.
Getting below error
neo4j.exceptions.ServiceUnavailable: Couldn't connect to <URI>:7687 (resolved to ()):
[SSLCertVerificationError] Connection Failed. Please ensure that your database is listening on the correct host and port and that you have enabled encryption if required. Note that the default encryption setting has changed in Neo4j 4.0. See the docs for more information. Failed to establish encrypted connection. (code 1: Operation not permitted)
Note : URI hided in the above error.
I have added the exception to Ignores certificate verification issue, but it won't solve the issue.
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
Appreciate your help to resolve the issue.
i'm connecting via below snippet
from neo4j import GraphDatabase
import urllib3
#Ignores certificate verification issue
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
# Initialize connection to database
driver = GraphDatabase.driver('bolt+s://<URI>:7687', auth=(',username', '<password'))
query = 'match (n:Event{name:"test"}) return n'
#Run Cypher query
with driver.session() as session:
info = session.run(query)
for item in info:
print(item)
No way to know how you are connecting, but we do:
from neo4j import GraphDatabase
address="bolt://localhost:7687"
auth=('neo4j', "password")
driver = GraphDatabase.driver(address, auth=auth, encrypted=False)
....
Have you tried py2neo?
I use below with dev running in docker and prod running Aura.
from py2neo import Graph
self.graph = Graph(os.getenv('DB_URI'), auth=(
os.getenv('DB_USER'), os.getenv('DB_PASS')))
DB_URI is 'neo4j://0.0.0.0:7687' on dev
and 'neo4j+s://xxxx' on prod
I have deployed this Python app on Heroku and i want it to connect to a MongoDB Atlas cluster. I used my string to connect to the cluster, but for some reason i keep getting raise OperationFailure(msg % errmsg, code, response)
pymongo.errors.OperationFailure: bad auth Authentication failed. I checked twice and both the user and the password are correct. Any idea on why this is happening?
from pymongo import MongoClient
import time
import random
import time
import datetime
client = MongoClient('mongodb+srv://USER:<MYPASSWORD>#test-2liju.mongodb.net/test?retryWrites=true')
db = client.one
mycol = client["tst"]
while True:
test = int(random.randrange(-99999990,90000000,1))
dic = {"num": test}
result = db.tst.insert_one(dic)
print(test)
time.sleep(5)
Stupid error, i had to type MYPASSWORD instead of <MYPASSWORD>, without the <>
Don't use any special char in password, like '+' or '='.
I use OpenSSL to generate a password like u4wY9AOwnOLMY+h9EQ==. Came across bad auth Authentication failed.
After using MongoDB Compass it told me don't use special char, so I remove those and use like 'u4wY9AOwnOLMYh9EQ'.
Then it works.
check the compatibility of the version of the Python driver you choose from the Mongodb Atlas Connections. versions above 3.4 are not supported by mongoengine flask
I am trying to connect to eDirectory using python. It is not as easy as connecting to active directory using python so I am wondering if this is even possible. I am currently running python3.4
I'm the author of ldap3, I use eDirectory for testing the library.
just try the following code:
from ldap3 import Server, Connection, ALL, SUBTREE
server = Server('your_server_name', get_info=ALL) # don't user get_info if you don't need info on the server and the schema
connection = Connection(server, 'your_user_name_dn', 'your_password')
connection.bind()
if connection.search('your_search_base','(objectClass=*)', SUBTREE, attributes = ['cn', 'objectClass', 'your_attribute'])
for entry in connection.entries:
print(entry.entry_get_dn())
print(entry.cn, entry.objectClass, entry.your_attribute)
connection.unbind()
If you need a secure connection just change the server definition to:
server = Server('your_server_name', get_info=ALL, use_tls=True) # default tls configuration on port 636
Also, any example in the docs at https://ldap3.readthedocs.org/en/latest/quicktour.html should work with eDirectory.
Bye,
Giovanni
My Django application is using python-ldap library (ldap_groups django application) and must add users against an Active Directory on a Windows 2003 Virtual Machine domain. My application running on a Ubuntu virtual Machine is not member of the Windows domain.
Here is the code:
settings.py
DNS_NAME='IP_ADRESS'
LDAP_PORT=389
LDAP_URL='ldap://%s:%s' % (DNS_NAME,LDAP_PORT)
BIND_USER='cn=administrateur,cn=users,dc=my,dc=domain,dc=fr'
BIND_PASSWORD="AdminPassword"
SEARCH_DN='cn=users,dc=my,dc=domain,dc=fr'
NT4_DOMAIN='E2C'
SEARCH_FIELDS= ['mail','givenName','sn','sAMAccountName','memberOf']
MEMBERSHIP_REQ=['Group_Required','Alternative_Group']
AUTHENTICATION_BACKENDS = (
'ldap_groups.accounts.backends.ActiveDirectoryGroupMembershipSSLBackend',
'django.contrib.auth.backends.ModelBackend',
)
DEBUG=True
DEBUG_FILE='/$HOME/ldap.debug'
backends.py
import ldap
import ldap.modlist as modlist
username, email, password = kwargs['username'], kwargs['email'], kwargs['password1']
ldap.set_option(ldap.OPT_REFERRALS, 0)
# Open a connection
l = ldap.initialize(settings.LDAP_URL)
# Bind/authenticate with a user with apropriate rights to add objects
l.simple_bind_s(settings.BIND_USER,settings.BIND_PASSWORD)
# The dn of our new entry/object
dn="cn=%s,%s" % (username,settings.SEARCH_DN)
# A dict to help build the "body" of the object
attrs = {}
attrs['objectclass'] = ['top','organizationalRole','simpleSecurityObject']
attrs['cn'] = username.encode('utf-16')
attrs['userPassword'] = password.encode('utf-16')
attrs['description'] = 'User object for replication using slurpd'
# Convert our dict to nice syntax for the add-function using modlist-module
ldif = modlist.addModlist(attrs)
# Do the actual synchronous add-operation to the ldapserver
l.add_s(dn,ldif)
# Its nice to the server to disconnect and free resources when done
l.unbind_s()
When I trace my code, it seems there is a problem while adding user calling "l.add_s".
However it returns the followings error:
UNWILLING_TO_PERFORM at /accounts/register/
{'info': '00002077: SvcErr: DSID-031907B4, problem 5003 (WILL_NOT_PERFORM), data 0\n', 'desc': 'Server is unwilling to perform'}
If I use wrong credentials the server returns INVALID CREDENTIAL, so I think the credentials I'm using above are correct to bind on the ldap directory.
Pehaps my Ubuntu should be member of the domain or there is something wrong in my code?
I found the problem. In fact my objectclass was not compliant with Active Directory.
Furthermore change information encoding by a python string.
Here is the code to use:
attrs = {}
attrs['objectclass'] = ['top','person','organizationalPerson','user']
attrs['cn'] = str(username)
attrs['userPassword'] = str(password)
attrs['mail']=str(email)
attrs['givenName']=str(firstname)
attrs['sn']=str(surname)
attrs['description'] = 'User object for replication using slurpd'
I can add an account in my Active Directory successfully.
Hope it will help u.
While trying to connect to the database I get a strange error:
DatabaseError: SQLCODE -1829 in CONNECT:
ì¦à : Cannot open file 'os.iem'
ì¦à : Cannot open file 'os.iem'
I can confirm that the file is present in $INFORMIXDIR/msg/en_us/0333/ directory. The environment variables INFORMIXDIR, INFORMIXSERVER and ONCONFIG are set correctly and as expected by my instance. Any clues on what I might be doing wrong?
Am connecting using informixdb (version 2.5) and am connecting to Informix version 11.5. The user who is connecting has the requisite permissions.
ok figured this one out! It appears only the env values set before the import of the informixdb module affect the way the module works. So the following does not work:
import informixdb
os.environ["INFORMIXDIR"] = "/opt/informix"
...
def conn(db):
informixdb.connect(db, self.username, self.passwd)
...
conn('local')
whereas the following does:
os.environ["INFORMIXDIR"] = "/opt/informix"
import informixdb
...
def conn(db):
informixdb.connect(db, self.username, self.passwd)
...
conn('local')