Would make more sens there

2018-03-13 13:35:44 -04:00
parent 0fc6bbc744
commit 1452fd3851
1 changed files with 8 additions and 9 deletions
@@ -169,14 +169,6 @@ def ldap_auth(server='ldap',
    You can set the logging level with the "logging_level" parameter, default
    is "error" and can be set to error, warning, info, debug.
    """
-
-    if self_signed_certificate:
-        # NOTE : If you have a self-signed SSL Certificate pointing over "port=686" and "secure=True" alone
-        #        will not work, you need also to set "self_signed_certificate=True".
-        # Ref1: https://onemoretech.wordpress.com/2015/06/25/connecting-to-ldap-over-self-signed-tls-with-python/
-        # Ref2: http://bneijt.nl/blog/post/connecting-to-ldaps-with-self-signed-cert-using-python/
-        ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
-
    logger = logging.getLogger('web2py.auth.ldap_auth')
    if logging_level == 'error':
        logger.setLevel(logging.ERROR)
@@ -601,7 +593,14 @@ def ldap_auth(server='ldap',
        if secure:
            if not ldap_port:
                ldap_port = 636
-                
+
+            if self_signed_certificate:
+                # NOTE : If you have a self-signed SSL Certificate pointing over "port=686" and "secure=True" alone
+                #        will not work, you need also to set "self_signed_certificate=True".
+                # Ref1: https://onemoretech.wordpress.com/2015/06/25/connecting-to-ldap-over-self-signed-tls-with-python/
+                # Ref2: http://bneijt.nl/blog/post/connecting-to-ldaps-with-self-signed-cert-using-python/
+                ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
+
            if cacert_path:
                ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, cacert_path)