You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I hit a similar error with JupyterHub with an LDAP server updated to require STARTTLS where the debug logs were showing the following errors:
LDAPBindError: automatic bind not successful - confidentialityRequired
i.e. connections don't seem to be getting upgrading properly in the latest release:
Note that if I update the following line in ldapauthenticator.py
auto_bind=self.use_ssl and ldap3.AUTO_BIND_TLS_BEFORE_BIND or ldap3.AUTO_BIND_NO_TLS
to
auto_bind=ldap3.AUTO_BIND_TLS_BEFORE_BIND
the problem disappears. Without this modification based on a look at the LDAP3 source it seems to me as though the connection will never recieve the starttls upgrade that the docs mention should happen with the current auto_bind setting.
use_ssl appears to be used for both creating a Server object (which triggers a connection attempt to port 636 which isn't open in my case) and for evaluating whether or not to do a starttls upgrade. Is there a need for an additional configuration option to disambiguate these?
(It's unclear me whether or not this might be the root problem underlying #90).
It seems there's been a cosmetic change to the auto_bind formatting since the 1.2.2 release but it doesn't look to me like the underlying issue has been eliminated.
The text was updated successfully, but these errors were encountered:
I hit a similar error with JupyterHub with an LDAP server updated to require STARTTLS where the debug logs were showing the following errors:
i.e. connections don't seem to be getting upgrading properly in the latest release:
Note that if I update the following line in
ldapauthenticator.py
to
the problem disappears. Without this modification based on a look at the LDAP3 source it seems to me as though the connection will never recieve the starttls upgrade that the docs mention should happen with the current auto_bind setting.
use_ssl
appears to be used for both creating a Server object (which triggers a connection attempt to port 636 which isn't open in my case) and for evaluating whether or not to do a starttls upgrade. Is there a need for an additional configuration option to disambiguate these?(It's unclear me whether or not this might be the root problem underlying #90).
It seems there's been a cosmetic change to the
auto_bind
formatting since the 1.2.2 release but it doesn't look to me like the underlying issue has been eliminated.The text was updated successfully, but these errors were encountered: