[Twisted-Python] Re: ldaptor.protocols.ldap.ldapclient.startTLS

Tommi Virtanen tv at twistedmatrix.com
Wed Jun 15 14:31:33 EDT 2005

[The list hates my @debian.org address. Sorry for the dup, Christopher]

Christopher Zorn wrote:
> I hope this is the correct place to ask about this, forgive me if it is not. 
> I recently tried to use ldaptor. It is great!!

This is. And thank you.

> I ran into one problem though. I wanted to use startTLS and I had to call 
> it myself.

Well, yes, you need to say when you want to use startTLS and when not..
Current default is "not".

Some day in the future I hope to support something like the
ldap://hostname, ldaps://hostname, ldapi://hostname syntaxes
and things like "whenever you talk to this server, require starttls
and verify the certificate is signed by one of these CAs". No such
thing exists for now, so you need to do the startTLS step manually.

>     def _startTLS(proto):
>         d = proto.startTLS()
>         d.addCallback(lambda _: proto)
>         return d
>     d.addCallback(_startTLS)

I _think_ that can be written as

d.addCallback(lambda proto: proto.startTLS())

as the startTLS callback chain ends with

    def _cbStartTLS(self, msg, ctx):
        return self

Though I haven't tested it.

I really don't use starttls with ldaptor much (yet), so it may be still
somewhat buggy. Hopefully this will improve -- patches are appreciated.

> This would hang. I went to find out and there was a deferred created that seemed
> to have been getting lost. It was never called when handle was called in the 
> client class. 
> I attached a patch that allows me to use startTLS the way I did it, but I do not
> know if this is correct. Please let me know if I am doing something
> wrong or if this
> is actually a bug. 

Yes, it is a bug, caused by the proto.send() changes in r180.
Your fix is correct. Thank you.

More information about the Twisted-Python mailing list