#! /usr/bin/env python

# Example on how to use Certificates with python-ldap
import ldap

# All these option-values are really integers:
# ldap.OPT_X_TLS_CACERTDIR = 24579
# ldap.OPT_X_TLS_CERTFILE = 24580

# For equivalent for .ldaprc option TLS_CACERTDIR
# Be sure to have run /usr/bin/c_rehash in this directory before using a 
# newly added CA-certificate
ldap.set_option(ldap.OPT_X_TLS_CACERTDIR,'/etc/ssl/ca')

# For equivalent for .ldaprc option TLS_CACERTFILE
ldap.set_option(ldap.OPT_X_TLS_CERTFILE,'/etc/ssl/ca')

# For equivalent for .ldaprc option TLS_CERT (clientside certificate)
ldap.set_option(ldap.OPT_X_TLS_CERTFILE,'/home/username/mycert.pem')

# For equivalent for .ldaprc option TLS_KEY (clientside certificate-key)
ldap.set_option(ldap.OPT_X_TLS_KEYFILE,'/home/username/mycert.pem')

# Require server sertificate? Equvalent to TLS_REQCERT <value>
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,ldap.OPT_X_TLS_ALLOW)

## Now we can open connection

l = ldap.initialize("ldap://remotehost.domain.com")
l.simple_bind_s("","")

## Here do operations like search,add,delete,modify,modrdn etc etc