Commit 43a4fa59 authored by Daniel Klaffenbach's avatar Daniel Klaffenbach 🐍

ldap: Rely on Python's SSL validation by default

This works around hard-coded certificate paths in the core. A validation
against a specific certificate can still be forced by defining the setting
`LDAP_CA_CERT`.

Closes #5
parent 28bf59af
Pipeline #6505 passed with stage
in 54 seconds
......@@ -18,8 +18,6 @@ DEFAULT_LDAP_SYNC_USER_ATTRIBUTES = {
'mail': 'email',
}
DEFAULT_CA_CERT = '/etc/pki/tls/certs/ca-chain.crt'
class Ldap(object):
def __init__(self):
......@@ -28,7 +26,7 @@ class Ldap(object):
self.LDAP_SYNC_BASE_USER = getattr(settings, 'LDAP_SYNC_BASE_USER', None)
self.LDAP_SYNC_BASE_PASS = getattr(settings, 'LDAP_SYNC_BASE_PASS', None)
self.LDAP_SYNC_USER_ATTRIBUTES = getattr(settings, 'LDAP_SYNC_USER_ATTRIBUTES', DEFAULT_LDAP_SYNC_USER_ATTRIBUTES)
self.LDAP_CA_CERT = getattr(settings, 'LDAP_CA_CERT', DEFAULT_CA_CERT)
self.LDAP_CA_CERT = getattr(settings, 'LDAP_CA_CERT', None)
self.LDAP_TIMEOUT = getattr(settings, 'LDAP_TIMEOUT', DEFAULT_LDAP_TIMEOUT)
# Get the `max_length` of synced attributes from the installed User model.
......@@ -38,7 +36,7 @@ class Ldap(object):
self.USER_MODEL_ATTRS_MAX_LENGTH = {}
for field_name in self.LDAP_SYNC_USER_ATTRIBUTES.values():
field = User._meta.get_field(field_name)
self.USER_MODEL_ATTRS_MAX_LENGTH[field_name] = field.max_length
self.USER_MODEL_ATTRS_MAX_LENGTH[field_name] = field.max_length
@cached_property
def connection(self):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment