Commit b173599c authored by Daniel Klaffenbach's avatar Daniel Klaffenbach 🐍

fountain.ldap: Allow connections without SSL

Fixes #2
parent 461341ed
Pipeline #3970 passed with stage
in 34 seconds
......@@ -15,6 +15,9 @@ DEFAULT_LDAP_SYNC_USER_ATTRIBUTES = {
'mail': 'email',
}
DEFAULT_CA_CERT = '/etc/pki/tls/certs/ca-chain.crt'
class Ldap(object):
def __init__(self):
self.LDAP_SYNC_URI = getattr(settings, 'LDAP_SYNC_URI', DEFAULT_LDAP_SYNC_URI)
......@@ -22,11 +25,15 @@ class Ldap(object):
self.LDAP_SYNC_BASE_USER = getattr(settings, 'LDAP_SYNC_BASE_USER', None)
self.LDAP_SYNC_BASE_PASS = getattr(settings, 'LDAP_SYNC_BASE_PASS', None)
self.LDAP_SYNC_USER_ATTRIBUTES = getattr(settings, 'LDAP_SYNC_USER_ATTRIBUTES', DEFAULT_LDAP_SYNC_USER_ATTRIBUTES)
self.LDAP_CA_CERT = getattr(settings, 'LDAP_CA_CERT', DEFAULT_CA_CERT)
@cached_property
def connection(self):
tls = Tls(ca_certs_file="/etc/pki/tls/certs/ca-bundle.crt", validate=ssl.CERT_REQUIRED)
s=Server(self.LDAP_PARAMS['host'], use_ssl=True, tls=tls)
if self.LDAP_PARAMS['ssl']:
tls = Tls(ca_certs_file=self.LDAP_CA_CERT, validate=ssl.CERT_REQUIRED)
s=Server(self.LDAP_PARAMS['host'], use_ssl=True, tls=tls)
else:
s=Server(self.LDAP_PARAMS['host'], use_ssl=False)
c = Connection(
s,
auto_bind=True,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment