diff --git a/mylib/ldap.py b/mylib/ldap.py index 20425f1..1ee1eca 100644 --- a/mylib/ldap.py +++ b/mylib/ldap.py @@ -60,12 +60,14 @@ class LdapServer: con = 0 def __init__(self, uri, dn=None, pwd=None, v2=None, - raiseOnError=False, logger=False, checkCert=True): + raiseOnError=False, logger=False, checkCert=True, + disableReferral=False): self.uri = uri self.dn = dn self.pwd = pwd self.raiseOnError = raiseOnError self.checkCert = checkCert + self.disableReferral = disableReferral if v2: self.v2 = True if logger: @@ -85,6 +87,9 @@ class LdapServer: if not self.checkCert: # pylint: disable=no-member ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) + if self.disableReferral: + # pylint: disable=no-member + ldap.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF) con = ldap.initialize(self.uri) if self.v2: con.protocol_version = ldap.VERSION2 # pylint: disable=no-member @@ -468,6 +473,9 @@ class LdapClient: section.add_option( BooleanOption, 'checkcert', default=True, comment='Check LDAP certificate') + section.add_option( + BooleanOption, 'disablereferral', default=False, + comment='Disable referral following') return section @@ -480,7 +488,9 @@ class LdapClient: log.info("Connect to LDAP server %s as %s", uri, binddn if binddn else 'annonymous') self._conn = LdapServer( uri, dn=binddn, pwd=self._get_option('bindpwd'), - checkCert=self._get_option('checkcert'), raiseOnError=True + checkCert=self._get_option('checkcert'), + disableReferral=self._get_option('disablereferral'), + raiseOnError=True ) # Reset cache self._cached_objects = {}