[Setup] Help with installing python-LDAP in a Win2K Plone 3.2.1

Alberto Lopes alberto at alopes.com
Wed Mar 25 15:45:52 UTC 2009


Dear friends,

I had a working installation of Plone 3.1.2 in Windows 2000, with PloneLDAP
working. That was installed using the old "non-buildout" installer, in
D:\Plone-3.1.2. I also installed PloneLDAP, python-ldap and the windows DLLs
for OpenSSL and OpenLDAP. python-ldap was installed in the python directory
(D:\Plone-3.1.2\python) of the Plone install (so it was installed in the
python interpreter D:\Plone-3.1.2\python\lib\site-packages dir), using
easy-install. The OpenSSL and OpenLDAP dlls were installed in a special dir
(D:\Plone-3.1.2\dlls) that was in the PATH. Finally, because the LDAP server
required SSL connection with certificate negotiation, I put a CA certificate
(ca.crt) in D:\Plone-3.1.2\python, alongside with a ldap.conf file pointing
the path to the ca cert file.

Now I am working on a migration to Plone 3.2.1 with the buildout installer.
My first idea was to put everything in buildout.cfg (even python-ldap), and
to "manually" copy the dlls (to D:\Plone-3.2.1\dlls) and the ca cert and
ldap.conf files.

Everything works, except for the finding of the ca cert. The LDAP plugin at
the ZMI won't connect to the LDAP server and the instance.log shows
"SERVER_DOWN: {'info': 'error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed', 'desc':
"Can't contact LDAP server"}", which indicates failure to find the ca cert.

First, I thought about putting it into the python dir
(D:\Plone-3.2.1\python). But it occurred to me that buildout installed
python-ldap at instance level, so ldap.conf should be somewhere else. I
tried several places, but couldn't find a place where python would find it.
I checked by modifying __init__.py at the ldap folder from my install
adding  "set_option(OPT_X_TLS_CACERTFILE,'D:\Plone-3.2.1\python\ca.crt')" at
the end, and everything worked.

So, does anyone have any idea on where I should put my ldap.conf file?

Regards,

Alberto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.plone.org/pipermail/setup/attachments/20090325/43bc8138/attachment.htm


More information about the Setup mailing list