ldap: add option to disable referral following

mylib/ldap.py

@@ -60,12 +60,14 @@ class LdapServer:
     con = 0
 
     def __init__(self, uri, dn=None, pwd=None, v2=None,
-                 raiseOnError=False, logger=False, checkCert=True):
+                 raiseOnError=False, logger=False, checkCert=True,
+                 disableReferral=False):
         self.uri = uri
         self.dn = dn
         self.pwd = pwd
         self.raiseOnError = raiseOnError
         self.checkCert = checkCert
+        self.disableReferral = disableReferral
         if v2:
             self.v2 = True
         if logger:
@@ -85,6 +87,9 @@ class LdapServer:
                 if not self.checkCert:
                     # pylint: disable=no-member
                     ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
+                if self.disableReferral:
+                    # pylint: disable=no-member
+                    ldap.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF)
                 con = ldap.initialize(self.uri)
                 if self.v2:
                     con.protocol_version = ldap.VERSION2  # pylint: disable=no-member
@@ -468,6 +473,9 @@ class LdapClient:
         section.add_option(
             BooleanOption, 'checkcert', default=True,
             comment='Check LDAP certificate')
+        section.add_option(
+            BooleanOption, 'disablereferral', default=False,
+            comment='Disable referral following')
 
         return section
 
@@ -480,7 +488,9 @@ class LdapClient:
         log.info("Connect to LDAP server %s as %s", uri, binddn if binddn else 'annonymous')
         self._conn = LdapServer(
             uri, dn=binddn, pwd=self._get_option('bindpwd'),
-            checkCert=self._get_option('checkcert'), raiseOnError=True
+            checkCert=self._get_option('checkcert'),
+            disableReferral=self._get_option('disablereferral'),
+            raiseOnError=True
         )
         # Reset cache
         self._cached_objects = {}