ldap: add parameter to disable SSL certificate check

This commit is contained in:
Benjamin Renard 2022-06-01 18:46:08 +02:00
parent e8de509346
commit 025fd12dc4

View file

@ -30,11 +30,13 @@ class LdapServer:
con = 0 con = 0
def __init__(self, uri, dn=None, pwd=None, v2=None, raiseOnError=False, logger=False): def __init__(self, uri, dn=None, pwd=None, v2=None,
raiseOnError=False, logger=False, checkCert=True):
self.uri = uri self.uri = uri
self.dn = dn self.dn = dn
self.pwd = pwd self.pwd = pwd
self.raiseOnError = raiseOnError self.raiseOnError = raiseOnError
self.checkCert = checkCert
if v2: if v2:
self.v2 = True self.v2 = True
if logger: if logger:
@ -51,6 +53,8 @@ class LdapServer:
""" Start connection to LDAP server """ """ Start connection to LDAP server """
if self.con == 0: if self.con == 0:
try: try:
if not self.checkCert:
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
con = ldap.initialize(self.uri) con = ldap.initialize(self.uri)
if self.v2: if self.v2:
con.protocol_version = ldap.VERSION2 # pylint: disable=no-member con.protocol_version = ldap.VERSION2 # pylint: disable=no-member
@ -385,7 +389,8 @@ class LdapClient:
# Load configuration option types only here to avoid global # Load configuration option types only here to avoid global
# dependency of ldap module with config one. # dependency of ldap module with config one.
from mylib.config import StringOption, PasswordOption # pylint: disable=import-outside-toplevel # pylint: disable=import-outside-toplevel
from mylib.config import BooleanOption, StringOption, PasswordOption
section = self._config.add_section( section = self._config.add_section(
self._config_section, self._config_section,
@ -401,6 +406,9 @@ class LdapClient:
PasswordOption, 'bindpwd', PasswordOption, 'bindpwd',
comment='LDAP Bind password (set to "keyring" to use XDG keyring)', comment='LDAP Bind password (set to "keyring" to use XDG keyring)',
username_option='binddn', keyring_value='keyring') username_option='binddn', keyring_value='keyring')
section.add_option(
BooleanOption, 'checkcert', default=True,
comment='Check LDAP certificate')
return section return section
@ -413,7 +421,7 @@ class LdapClient:
log.info("Connect to LDAP server %s as %s", uri, binddn if binddn else 'annonymous') log.info("Connect to LDAP server %s as %s", uri, binddn if binddn else 'annonymous')
self._conn = LdapServer( self._conn = LdapServer(
uri, dn=binddn, pwd=self._get_option('bindpwd'), uri, dn=binddn, pwd=self._get_option('bindpwd'),
raiseOnError=True checkCert=self._get_option('checkcert'), raiseOnError=True
) )
# Reset cache # Reset cache
self._cached_objects = {} self._cached_objects = {}