From 1452fd385176b6900ccf0dfac533b1559eebc6d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Richard=20V=C3=A9zina?= <ml.richard.vezina@gmail.com>
Date: Tue, 13 Mar 2018 13:35:44 -0400
Subject: [PATCH] Would make more sens there

---
 gluon/contrib/login_methods/ldap_auth.py | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/gluon/contrib/login_methods/ldap_auth.py b/gluon/contrib/login_methods/ldap_auth.py
index 3b793de1..4c07b757 100644
--- a/gluon/contrib/login_methods/ldap_auth.py
+++ b/gluon/contrib/login_methods/ldap_auth.py
@@ -169,14 +169,6 @@ def ldap_auth(server='ldap',
     You can set the logging level with the "logging_level" parameter, default
     is "error" and can be set to error, warning, info, debug.
     """
-
-    if self_signed_certificate:
-        # NOTE : If you have a self-signed SSL Certificate pointing over "port=686" and "secure=True" alone
-        #        will not work, you need also to set "self_signed_certificate=True".
-        # Ref1: https://onemoretech.wordpress.com/2015/06/25/connecting-to-ldap-over-self-signed-tls-with-python/
-        # Ref2: http://bneijt.nl/blog/post/connecting-to-ldaps-with-self-signed-cert-using-python/
-        ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
-
     logger = logging.getLogger('web2py.auth.ldap_auth')
     if logging_level == 'error':
         logger.setLevel(logging.ERROR)
@@ -601,7 +593,14 @@ def ldap_auth(server='ldap',
         if secure:
             if not ldap_port:
                 ldap_port = 636
-                
+
+            if self_signed_certificate:
+                # NOTE : If you have a self-signed SSL Certificate pointing over "port=686" and "secure=True" alone
+                #        will not work, you need also to set "self_signed_certificate=True".
+                # Ref1: https://onemoretech.wordpress.com/2015/06/25/connecting-to-ldap-over-self-signed-tls-with-python/
+                # Ref2: http://bneijt.nl/blog/post/connecting-to-ldaps-with-self-signed-cert-using-python/
+                ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
+
             if cacert_path:
                 ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, cacert_path)