ldap: add parameter to disable SSL certificate check
This commit is contained in:
parent
e8de509346
commit
025fd12dc4
1 changed files with 11 additions and 3 deletions
|
@ -30,11 +30,13 @@ class LdapServer:
|
||||||
|
|
||||||
con = 0
|
con = 0
|
||||||
|
|
||||||
def __init__(self, uri, dn=None, pwd=None, v2=None, raiseOnError=False, logger=False):
|
def __init__(self, uri, dn=None, pwd=None, v2=None,
|
||||||
|
raiseOnError=False, logger=False, checkCert=True):
|
||||||
self.uri = uri
|
self.uri = uri
|
||||||
self.dn = dn
|
self.dn = dn
|
||||||
self.pwd = pwd
|
self.pwd = pwd
|
||||||
self.raiseOnError = raiseOnError
|
self.raiseOnError = raiseOnError
|
||||||
|
self.checkCert = checkCert
|
||||||
if v2:
|
if v2:
|
||||||
self.v2 = True
|
self.v2 = True
|
||||||
if logger:
|
if logger:
|
||||||
|
@ -51,6 +53,8 @@ class LdapServer:
|
||||||
""" Start connection to LDAP server """
|
""" Start connection to LDAP server """
|
||||||
if self.con == 0:
|
if self.con == 0:
|
||||||
try:
|
try:
|
||||||
|
if not self.checkCert:
|
||||||
|
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
|
||||||
con = ldap.initialize(self.uri)
|
con = ldap.initialize(self.uri)
|
||||||
if self.v2:
|
if self.v2:
|
||||||
con.protocol_version = ldap.VERSION2 # pylint: disable=no-member
|
con.protocol_version = ldap.VERSION2 # pylint: disable=no-member
|
||||||
|
@ -385,7 +389,8 @@ class LdapClient:
|
||||||
|
|
||||||
# Load configuration option types only here to avoid global
|
# Load configuration option types only here to avoid global
|
||||||
# dependency of ldap module with config one.
|
# dependency of ldap module with config one.
|
||||||
from mylib.config import StringOption, PasswordOption # pylint: disable=import-outside-toplevel
|
# pylint: disable=import-outside-toplevel
|
||||||
|
from mylib.config import BooleanOption, StringOption, PasswordOption
|
||||||
|
|
||||||
section = self._config.add_section(
|
section = self._config.add_section(
|
||||||
self._config_section,
|
self._config_section,
|
||||||
|
@ -401,6 +406,9 @@ class LdapClient:
|
||||||
PasswordOption, 'bindpwd',
|
PasswordOption, 'bindpwd',
|
||||||
comment='LDAP Bind password (set to "keyring" to use XDG keyring)',
|
comment='LDAP Bind password (set to "keyring" to use XDG keyring)',
|
||||||
username_option='binddn', keyring_value='keyring')
|
username_option='binddn', keyring_value='keyring')
|
||||||
|
section.add_option(
|
||||||
|
BooleanOption, 'checkcert', default=True,
|
||||||
|
comment='Check LDAP certificate')
|
||||||
|
|
||||||
return section
|
return section
|
||||||
|
|
||||||
|
@ -413,7 +421,7 @@ class LdapClient:
|
||||||
log.info("Connect to LDAP server %s as %s", uri, binddn if binddn else 'annonymous')
|
log.info("Connect to LDAP server %s as %s", uri, binddn if binddn else 'annonymous')
|
||||||
self._conn = LdapServer(
|
self._conn = LdapServer(
|
||||||
uri, dn=binddn, pwd=self._get_option('bindpwd'),
|
uri, dn=binddn, pwd=self._get_option('bindpwd'),
|
||||||
raiseOnError=True
|
checkCert=self._get_option('checkcert'), raiseOnError=True
|
||||||
)
|
)
|
||||||
# Reset cache
|
# Reset cache
|
||||||
self._cached_objects = {}
|
self._cached_objects = {}
|
||||||
|
|
Loading…
Reference in a new issue