I use the following code to supply certificate when establishing a tls connection to a ldap server
conn.set_option(ldap.OPT_X_TLS_CACERTFILE,**PATH_TO_FILE**)
where PATH_TO_FILE is the path where I have the certificate as a .pem file.But now I am fetching the certificate from the db so the certificate content is available in a variable in my code. I would like to use the variable directly in contrast to having write the data to a file and useing the file path. Is it possible?
I went through the documentation of python_ldap but couldn't find a option which takes the certificate content straight from a variable.
If you need to load a certificate from database or whatever variable that is not a file, then write the content of this variable to a file and use that filepath :
cert_content = '<dumped-certificate>'
cert_path = '/tmp/cert.pem'
with open(cert_path, 'w') as fp
fp.write(cert_content)
conn.set_option(ldap.OPT_X_TLS_CACERTFILE, cert_path)
Related
A little new to windows programming/C++. I'm trying to install a .p7b root certificate file to the Trusted Root Certificate Store. I want to use the Windows Wincrypt library. Specifically, these are the suggested steps that I got from an old forum:
Call CertCreateCertificateContext using your certificate content bytes
in order to obtain a PCCERT_CONTEXT
Call CertOpenSystemStore with szSubsystemProtocol set to "ROOT" in
order to obtain a HCERTSTORE
Call CertAddCertificateContextToStore using the above HCERTSTORE and
PCCERT_CONTEXT.
[Here's] the api documentation for CertCreateCertificateContext. Not sure how to just point pbCertEncoded to my actual cert file. Should I just point it to the path? Do I have to load the cert in? What should the type be?
From Simon Rozman's answer in this post: We have to use CertOpenStore() instead of
CertCreateCertificateContext(), which supports one certificate only, whereas PKCS #7 file can contain many.
After the certificate store is open, you can use CertEnumCertificatesInStore() to retrieve certificate context of individual certificates from store.
So from my original steps to successfully install a p7b into the root store:
Call CertOpenStore() for the root store and for the actual certificate itself. This will give you two HCERTSTORE handles.
Have a while loop that will add the certificate contexts to the opened root store (using CertAddCertificateContextToStore()) as long as the certificate context exists (check using CertEnumCertificatesInStore() on the opened certificate store).
I have a script that is using the python-ldap module.
Here is my basic code that makes a connection to my ldap server:
server = 'ldap://example.com'
dn = 'uid=user1,cn=users,cn=accounts,dc=example,dc=com'
pw = "password!"
con = ldap.initialize(server)
con.start_tls_s()
con.simple_bind_s(dn,pw)
This works...but does the actual literal password have to be stored in the variable pw?? it seems like a bad idea to have a password stored right there in a script.
Is there a way to make a secure connection to my ldap server without needing to store my actual password in the script??
Placing the password in a separate file with restricted permissions is pretty much it. You can for example source that file from the main script:
. /usr/local/etc/secret-password-here
You could also restrict the permissions of the main script so that only authorized persons can execute it, but it's probably better to do as you suggest and store only the password itself in a restricted file. That way you can allow inspection of the code itself (without sensitive secrets), version-control and copy around the script more easily, etc...
So I can use aws cli to import an API using its swagger yml file and it works after a bit of sensitivity, but then the same file fails when I try to do it using boto3
The code looks like this
client.import_rest_api(
failOnWarnings=False,
parameters={},
body="file://C:/somewhereinmyfilesystem/myvalidswagger.yml")
all the code is on the same line, I just broke it over to show on here.
Any ideas what's wrong with the command? The file works fine direct from the cli, and the error I get back when I run the python file is consistent.
Is "Invalid Swagger 2.0 input," the new "Object reference not set to an instance of an object"? Thanks for any help :-)
This method should be taking bytes or file as the input of the body.
In you put file://C:/somewhereinmyfilesystem/myvalidswagger.yml as the body, it will send file://C:/somewhereinmyfilesystem/myvalidswagger.yml directly to API Gateway.
You can load the content in the file into a local variable, and send as bytes or you can send a file object.
Sending file directly:
client.import_rest_api(
failOnWarnings=False,
parameters={},
body=open("C:/somewhereinmyfilesystem/myvalidswagger.yml", r))
Load into memory, then send:
with open('C:/somewhereinmyfilesystem/myvalidswagger.yml', 'r') as content_file:
content = content_file.read()
client.import_rest_api(
failOnWarnings=False,
parameters={},
body=content)
I'm using SharePoint List web services to have some queries on SharePoint server. It seems work fine when providing absolute URL with IP address where such input parameters required. For example, http://192.168.1.114/sites/myteam/Shared Documents/foo.txt. However, it throw SoapServerException if it was replaced with: http://servername/sites/myteam/Shared Documents/foo.txt.
I experienced those problems when I call CheckInFile method. If I input file name with IP address it works fine. If I input file name with server name, it throws a SoapServerException.
The same problem occurred when I call UpdateListItems. I use the string parameter as below:
string strBatch = "<Method ID='1' Cmd='Delete'>" +
"<Field Name='ID'>3</Field>" +
"<Field Name='FSObjType'>0</Field>" +
"<Field Name='FileRef'>" + sFileName + "</Field>" +
"</Method>";
If I replace sFileName with absolute URL with IP address, it works fine. If I replaced sFileName with absolute URL with server name, it returned a XML node with error code of 0x81020030 and error message as below:
Invalid file name. The file name you specified could not be used. It
may be the name of an existing file or directory, or you may not have
permission to access the file.
We are not sure if this problem is brought by List web services or our DNS settings is incorrect. Any comments would be appreciated.
Check you Alternate Access Mappings in Central Administration. You have to make sure that it contains a proper host name reference - the one you are trying to refer here.
I'm using coldfusion 9 and I'm trying to grab a file from an ftp site and load it into ram instead of the filesystem. If I try it using a secure ftp connection, it fails with this error:
An error occurred during the sFTP getfile operation.
Error: C:\JRun4\servers\cfusion\SERVER-INF\temp\cfusion-war-tmp\ram:\test.txt (The filename, directory name, or volume label syntax is incorrect). Check for a bad path, filename, or directory.
If I try the same thing with a non secure ftp site it works just fine. Here is the code:
<cfftp action = "open"
username = "xxxxx"
connection = "My_query"
password = "xxxxxxx"
server = "ftp.xxxxxx.com"
port="13266"
secure = "true"
stopOnError = "Yes">
<cfftp action="getfile"
connection="My_query"
remoteFile="/something.txt"
stopOnError="true"
localfile="ram://test.txt">
Adobe has confirmed this as a bug and has resolved it in ColdFusion 9.0.1
This looks like it might be correctable if you escape portions of the string.
Try replacing
ram://test.txt
with
ram:///test.txt
Also, you can try escaping the ":" character.
This type of activity is only safe if you are an advanced user. Messing around with illegal characters when transferring files has an inherent risk of leaving garbage behind on your disk.