"invalid server address" when connecting to LDAP server with ldap3

Question

I have the following python code that connects to our LDAP servers (multiple LDAP servers behind a load balancer).

ldap_server = Server(host=LDAP_server_IP, port=636, use_ssl=True, get_info=ALL)

It keeps on failing with the following error message:

Error: ("('socket ssl wrapping error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997)',)",) invalid server address Error: invalid server address

According to this post, it seems that one solution was to use the IP address of the server instead of the dns name.

This would make sense if the server certificate was somehow invalid and for another name.

Unfortunately, it did not solve my problem.

I also tried to turn off names checking without success:

context = ssl.create_default_context()
context.check_hostname = False

ldap_server = Server(
    host=LDAP_server_IP, port=636, use_ssl=True, get_info=ALL
)

Therefore, my question is actually double: did I really turn off certificate name verification with my code? Is there any other explanation for this error?

Answer 1

I finally got it working by:

from ldap3 import ALL, Connection, Server, Tls

tls = Tls(ciphers="ALL", version=ssl.PROTOCOL_SSLv23, validate=ssl.CERT_NONE)

ldap_server = Server(
    host=settings.LDAP_SERVER, port=636, use_ssl=True, tls=tls, get_info=ALL
)

ldap_connection = Connection(
    ldap_server, authentication="ANONYMOUS", version=3, auto_bind=True
)