ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': [], 'info': 'error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol'}

0 users found this article helpful

Symptoms

End users are no longer able to authenticate to the Workspace.

In log files (awingu-api.service.log), a similar exception can be seen:

2023-02-25 06:58:31.966755+00:00 awingu awingu-api.service[/opt/awingu/awingu-core/virtualenv/bin/gunicorn:1560]: Authenticating user [someuser] under domain [AWINGUDOMAIN]
2023-02-25 06:58:31.967254+00:00 awingu awingu-api.service[/opt/awingu/awingu-core/virtualenv/bin/gunicorn:1560]: Trying to bind to LDAP server with username someuser
2023-02-25 06:58:31.971074+00:00 awingu awingu-api.service[/opt/awingu/awingu-core/virtualenv/bin/gunicorn:1560]: Failed to bind to LDAP server swslws0001.swuk1.local
2023-02-25 06:58:31.971694+00:00 awingu awingu-api.service[/opt/awingu/awingu-core/virtualenv/bin/gunicorn:1560]: Could not bind to any ldap server.
Traceback (most recent call last):
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/cdsessions/backends.py", line 134, in authenticate_ldap
    groups, attributes, rah_token = ldap.authenticate(
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/users/auth.py", line 235, in authenticate
    self._bind(username=username, password=password)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/users/auth.py", line 161, in _bind
    bind_function(*args)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 248, in simple_bind_s
    msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 242, in simple_bind
    return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 128, in _ldap_call
    result = func(*args,**kwargs)
ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': [], 'info': 'error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol'}

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/cdsessions/backends.py", line 134, in authenticate_ldap
    groups, attributes, rah_token = ldap.authenticate(
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/users/auth.py", line 235, in authenticate
    self._bind(username=username, password=password)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/users/auth.py", line 161, in _bind
    bind_function(*args)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 248, in simple_bind_s
    msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 242, in simple_bind
    return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 128, in _ldap_call
    result = func(*args,**kwargs)
ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': [], 'info': 'error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol'}

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/cdsessions/backends.py", line 134, in authenticate_ldap
    groups, attributes, rah_token = ldap.authenticate(
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/users/auth.py", line 235, in authenticate
    self._bind(username=username, password=password)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/users/auth.py", line 161, in _bind
    bind_function(*args)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 248, in simple_bind_s
    msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 242, in simple_bind
    return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 128, in _ldap_call
    result = func(*args,**kwargs)
ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': [], 'info': 'error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol'}

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/cdsessions/backends.py", line 134, in authenticate_ldap
    groups, attributes, rah_token = ldap.authenticate(
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/users/auth.py", line 235, in authenticate
    self._bind(username=username, password=password)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/users/auth.py", line 161, in _bind
    bind_function(*args)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 248, in simple_bind_s
    msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 242, in simple_bind
    return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 128, in _ldap_call
    result = func(*args,**kwargs)
ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': [], 'info': 'error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol'}

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/users/auth.py", line 161, in _bind
    bind_function(*args)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 248, in simple_bind_s
    msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 242, in simple_bind
    return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 128, in _ldap_call
    result = func(*args,**kwargs)
ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': [], 'info': 'error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol'}
2023-02-25 06:58:31.972348+00:00 awingu awingu-api.service[/opt/awingu/awingu-core/virtualenv/bin/gunicorn:1560]: Failed to connect to LDAP server
Traceback (most recent call last):
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/cdsessions/backends.py", line 134, in authenticate_ldap
    groups, attributes, rah_token = ldap.authenticate(
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/users/auth.py", line 235, in authenticate
    self._bind(username=username, password=password)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/users/auth.py", line 161, in _bind
    bind_function(*args)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 248, in simple_bind_s
    msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 242, in simple_bind
    return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 128, in _ldap_call
    result = func(*args,**kwargs)
ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': [], 'info': 'error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol'}

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/cdsessions/backends.py", line 134, in authenticate_ldap
    groups, attributes, rah_token = ldap.authenticate(
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/users/auth.py", line 235, in authenticate
    self._bind(username=username, password=password)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/users/auth.py", line 161, in _bind
    bind_function(*args)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 248, in simple_bind_s
    msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 242, in simple_bind
    return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 128, in _ldap_call
    result = func(*args,**kwargs)
ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': [], 'info': 'error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol'}

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/cdsessions/backends.py", line 134, in authenticate_ldap
    groups, attributes, rah_token = ldap.authenticate(
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/users/auth.py", line 235, in authenticate
    self._bind(username=username, password=password)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/users/auth.py", line 161, in _bind
    bind_function(*args)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 248, in simple_bind_s
    msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 242, in simple_bind
    return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 128, in _ldap_call
    result = func(*args,**kwargs)
ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': [], 'info': 'error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol'}

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/cdsessions/backends.py", line 134, in authenticate_ldap
    groups, attributes, rah_token = ldap.authenticate(
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/users/auth.py", line 235, in authenticate
    self._bind(username=username, password=password)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/users/auth.py", line 161, in _bind
    bind_function(*args)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 248, in simple_bind_s
    msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 242, in simple_bind
    return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 128, in _ldap_call
    result = func(*args,**kwargs)
ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': [], 'info': 'error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol'}

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/cdsessions/backends.py", line 134, in authenticate_ldap
    groups, attributes, rah_token = ldap.authenticate(
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/users/auth.py", line 235, in authenticate
    self._bind(username=username, password=password)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/awingucore/users/auth.py", line 161, in _bind
    bind_function(*args)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 248, in simple_bind_s
    msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 242, in simple_bind
    return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.10/site-packages/python_ldap-3.4.3+awingu.2-py3.10-linux-x86_64.egg/ldap/ldapobject.py", line 128, in _ldap_call
    result = func(*args,**kwargs)
ldap.SERVER_DOWN: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': [], 'info': 'error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol'}
 

Cause

As of version 5.4, the underlying operating system has been upgraded.
This means the latest best practices in security have also been implemented.
The issue is usually seen when the LDAPS certificate does not meet modern standards.

Resolution

Make sure the LDAPS certificate is using a modern signature hash algorithm.

Was this article helpful?

Tell us how we can improve it.