Support for self-signed certificate LDAPS implementation

gluon/contrib/login_methods/ldap_auth.py

@@ -19,6 +19,7 @@ def ldap_auth(server='ldap',
               base_dn='ou=users,dc=domain,dc=com',
               mode='uid',
               secure=False,
+              self_signed_certificate=None,  # See NOTE below
               cert_path=None,
               cert_file=None,
               cacert_path=None,
@@ -166,6 +167,14 @@ def ldap_auth(server='ldap',
     You can set the logging level with the "logging_level" parameter, default
     is "error" and can be set to error, warning, info, debug.
     """
+
+    if self_signed_certificate:
+        # NOTE : If you have a self-signed SSL Certificate pointing over "port=686" and "secure=True" alone
+        #        will not work, you need also to set "self_signed_certificate=True".
+        # Ref1: https://onemoretech.wordpress.com/2015/06/25/connecting-to-ldap-over-self-signed-tls-with-python/
+        # Ref2: http://bneijt.nl/blog/post/connecting-to-ldaps-with-self-signed-cert-using-python/
+        ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
+
     logger = logging.getLogger('web2py.auth.ldap_auth')
     if logging_level == 'error':
         logger.setLevel(logging.ERROR)