bn8/python-mylib
1
0
Fork 0
Code Issues Pull requests Projects Releases 12 Wiki Activity Actions

Compare commits

base: bn8:e8de509346ccd05b1d820be77671ca0d1d103962
Branches Tags
bn8:master
bn8:legacy
bn8:pkg
bn8:2024.11.06
bn8:2024.3.1
bn8:2023.7.10
bn8:2023.01.16
bn8:2023.01.07
bn8:v0.1.10
bn8:v0.1.9
bn8:v0.1.8
bn8:v0.1.7
bn8:v0.1.6
bn8:v0.1.5
bn8:v0.1.4
bn8:v0.1.3
bn8:v0.1.2
...
compare: bn8:cbb97ae726bb0d5f3381a765b16754595251685b
Branches Tags
bn8:master
bn8:legacy
bn8:pkg
bn8:2024.11.06
bn8:2024.3.1
bn8:2023.7.10
bn8:2023.01.16
bn8:2023.01.07
bn8:v0.1.10
bn8:v0.1.9
bn8:v0.1.8
bn8:v0.1.7
bn8:v0.1.6
bn8:v0.1.5
bn8:v0.1.4
bn8:v0.1.3
bn8:v0.1.2

2 commits
e8de509346 ... cbb97ae726

Author SHA1 Message Date
Benjamin Renard
cbb97ae726 LdapClient.update_need: fix handling None changes
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
2022-06-01 18:46:37 +02:00
Benjamin Renard
025fd12dc4 ldap: add parameter to disable SSL certificate check 2022-06-01 18:46:08 +02:00
1 changed files with 13 additions and 3 deletions
Show stats Expand all files Collapse all files

16
mylib/ldap.py
View file

@ -30,11 +30,13 @@ class LdapServer:
con = 0 con = 0
def __init__(self, uri, dn=None, pwd=None, v2=None, raiseOnError=False, logger=False): def __init__(self, uri, dn=None, pwd=None, v2=None,
raiseOnError=False, logger=False, checkCert=True):
self.uri = uri self.uri = uri
self.dn = dn self.dn = dn
self.pwd = pwd self.pwd = pwd
self.raiseOnError = raiseOnError self.raiseOnError = raiseOnError
self.checkCert = checkCert
if v2: if v2:
self.v2 = True self.v2 = True
if logger: if logger:
@ -51,6 +53,8 @@ class LdapServer:
""" Start connection to LDAP server """ """ Start connection to LDAP server """
if self.con == 0: if self.con == 0:
try: try:
if not self.checkCert:
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
con = ldap.initialize(self.uri) con = ldap.initialize(self.uri)
if self.v2: if self.v2:
con.protocol_version = ldap.VERSION2 # pylint: disable=no-member con.protocol_version = ldap.VERSION2 # pylint: disable=no-member
@ -385,7 +389,8 @@ class LdapClient:
# Load configuration option types only here to avoid global # Load configuration option types only here to avoid global
# dependency of ldap module with config one. # dependency of ldap module with config one.
from mylib.config import StringOption, PasswordOption # pylint: disable=import-outside-toplevel # pylint: disable=import-outside-toplevel
from mylib.config import BooleanOption, StringOption, PasswordOption
section = self._config.add_section( section = self._config.add_section(
self._config_section, self._config_section,
@ -401,6 +406,9 @@ class LdapClient:
PasswordOption, 'bindpwd', PasswordOption, 'bindpwd',
comment='LDAP Bind password (set to "keyring" to use XDG keyring)', comment='LDAP Bind password (set to "keyring" to use XDG keyring)',
username_option='binddn', keyring_value='keyring') username_option='binddn', keyring_value='keyring')
section.add_option(
BooleanOption, 'checkcert', default=True,
comment='Check LDAP certificate')
return section return section
@ -413,7 +421,7 @@ class LdapClient:
log.info("Connect to LDAP server %s as %s", uri, binddn if binddn else 'annonymous') log.info("Connect to LDAP server %s as %s", uri, binddn if binddn else 'annonymous')
self._conn = LdapServer( self._conn = LdapServer(
uri, dn=binddn, pwd=self._get_option('bindpwd'), uri, dn=binddn, pwd=self._get_option('bindpwd'),
raiseOnError=True checkCert=self._get_option('checkcert'), raiseOnError=True
) )
# Reset cache # Reset cache
self._cached_objects = {} self._cached_objects = {}
@ -689,6 +697,8 @@ class LdapClient:
:param changes: The changes as returned by get_changes :param changes: The changes as returned by get_changes
""" """
if changes is None:
return False
assert self._conn or self.initialize() assert self._conn or self.initialize()
return self._conn.update_need( return self._conn.update_need(
changes[0], changes[1], changes[0], changes[1],