ldap CA support, thanks Maggs and Shane

2014-07-27 11:15:37 -05:00
parent c3116b094c
commit 0201007e2c
2 changed files with 23 additions and 8 deletions
--- a/2
+++ b/2
@@ -1 +1 @@
-Version 2.9.5-trunk+timestamp.2014.07.03.12.21.52
+Version 2.9.5-trunk+timestamp.2014.07.27.11.14.45
--- a/gluon/contrib/login_methods/ldap_auth.py
+++ b/gluon/contrib/login_methods/ldap_auth.py
@@ -16,7 +16,9 @@ except Exception, e:

 def ldap_auth(server='ldap', port=None,
              base_dn='ou=users,dc=domain,dc=com',
-              mode='uid', secure=False, cert_path=None, cert_file=None,
+              mode='uid', secure=False, 
+              cert_path=None, cert_file=None,              
+              cacert_path=None, cacert_file=None, key_file=None,
              bind_dn=None, bind_pw=None, filterstr='objectClass=*',
              username_attrib='uid',
              custom_scope='subtree',
@@ -170,6 +172,9 @@ def ldap_auth(server='ldap', port=None,
                      secure=secure,
                      cert_path=cert_path,
                      cert_file=cert_file,
+                      cacert_file=cacert_file,
+                      cert_file=cert_file,
+                      key_file=key_file,
                      filterstr=filterstr,
                      username_attrib=username_attrib,
                      custom_scope=custom_scope,
@@ -568,7 +573,10 @@ def ldap_auth(server='ldap', port=None,
                  ldap_mode=mode,
                  secure=secure,
                  cert_path=cert_path,
-                  cert_file=cert_file):
+                  cert_file=cert_file,
+                  cacert_file=cacert_file,
+                  cert_file=cert_file,
+                  key_file=key_file):
        """
        Inicialize ldap connection
        """
@@ -576,12 +584,19 @@ def ldap_auth(server='ldap', port=None,
        if secure:
            if not ldap_port:
                ldap_port = 636
-            con = ldap.initialize(
-                "ldaps://" + ldap_server + ":" + str(ldap_port))
-            if cert_path:
-                con.set_option(ldap.OPT_X_TLS_CACERTDIR, cert_path)
+                
+            if cacert_path:
+                ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, cacert_path)
+                
+            if cacert_file:
+                ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
+                ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, cacert_file)
            if cert_file:
-                con.set_option(ldap.OPT_X_TLS_CACERTFILE, cert_file)
+                ldap.set_option(ldap.OPT_X_TLS_CERTFILE, cert_file)
+            if key_file:
+                ldap.set_option(ldap.OPT_X_TLS_KEYFILE, key_file)
+                
+            con = ldap.initialize("ldaps://" + ldap_server + ":" + str(ldap_port))
        else:
            if not ldap_port:
                ldap_port = 389