From 0201007e2cfdf8ae6ee9caae6187c7b35fe04bef Mon Sep 17 00:00:00 2001
From: mdipierro <massimo.dipierro@gmail.com>
Date: Sun, 27 Jul 2014 11:15:37 -0500
Subject: [PATCH] ldap CA support, thanks Maggs and Shane

---
 VERSION                                  |  2 +-
 gluon/contrib/login_methods/ldap_auth.py | 29 ++++++++++++++++++------
 2 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/VERSION b/VERSION
index ad7b5f73..95dd6ac3 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-Version 2.9.5-trunk+timestamp.2014.07.03.12.21.52
+Version 2.9.5-trunk+timestamp.2014.07.27.11.14.45
diff --git a/gluon/contrib/login_methods/ldap_auth.py b/gluon/contrib/login_methods/ldap_auth.py
index 30c57a8d..23b6bba4 100644
--- a/gluon/contrib/login_methods/ldap_auth.py
+++ b/gluon/contrib/login_methods/ldap_auth.py
@@ -16,7 +16,9 @@ except Exception, e:
 
 def ldap_auth(server='ldap', port=None,
               base_dn='ou=users,dc=domain,dc=com',
-              mode='uid', secure=False, cert_path=None, cert_file=None,
+              mode='uid', secure=False, 
+              cert_path=None, cert_file=None,              
+              cacert_path=None, cacert_file=None, key_file=None,
               bind_dn=None, bind_pw=None, filterstr='objectClass=*',
               username_attrib='uid',
               custom_scope='subtree',
@@ -170,6 +172,9 @@ def ldap_auth(server='ldap', port=None,
                       secure=secure,
                       cert_path=cert_path,
                       cert_file=cert_file,
+                      cacert_file=cacert_file,
+                      cert_file=cert_file,
+                      key_file=key_file,
                       filterstr=filterstr,
                       username_attrib=username_attrib,
                       custom_scope=custom_scope,
@@ -568,7 +573,10 @@ def ldap_auth(server='ldap', port=None,
                   ldap_mode=mode,
                   secure=secure,
                   cert_path=cert_path,
-                  cert_file=cert_file):
+                  cert_file=cert_file,
+                  cacert_file=cacert_file,
+                  cert_file=cert_file,
+                  key_file=key_file):
         """
         Inicialize ldap connection
         """
@@ -576,12 +584,19 @@ def ldap_auth(server='ldap', port=None,
         if secure:
             if not ldap_port:
                 ldap_port = 636
-            con = ldap.initialize(
-                "ldaps://" + ldap_server + ":" + str(ldap_port))
-            if cert_path:
-                con.set_option(ldap.OPT_X_TLS_CACERTDIR, cert_path)
+                
+            if cacert_path:
+                ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, cacert_path)
+                
+            if cacert_file:
+                ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
+                ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, cacert_file)
             if cert_file:
-                con.set_option(ldap.OPT_X_TLS_CACERTFILE, cert_file)
+                ldap.set_option(ldap.OPT_X_TLS_CERTFILE, cert_file)
+            if key_file:
+                ldap.set_option(ldap.OPT_X_TLS_KEYFILE, key_file)
+                
+            con = ldap.initialize("ldaps://" + ldap_server + ":" + str(ldap_port))
         else:
             if not ldap_port:
                 ldap_port = 389