From b2a65dbba4287a940948befa7d0ea9039dd07aa3 Mon Sep 17 00:00:00 2001 From: Hardirc Date: Wed, 2 Dec 2015 14:18:09 -0500 Subject: [PATCH] Support for self-signed certificate LDAPS implementation --- gluon/contrib/login_methods/ldap_auth.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/gluon/contrib/login_methods/ldap_auth.py b/gluon/contrib/login_methods/ldap_auth.py index fcc80ccd..a5b16b93 100644 --- a/gluon/contrib/login_methods/ldap_auth.py +++ b/gluon/contrib/login_methods/ldap_auth.py @@ -19,6 +19,7 @@ def ldap_auth(server='ldap', base_dn='ou=users,dc=domain,dc=com', mode='uid', secure=False, + self_signed_certificate=None, # See NOTE below cert_path=None, cert_file=None, cacert_path=None, @@ -166,6 +167,14 @@ def ldap_auth(server='ldap', You can set the logging level with the "logging_level" parameter, default is "error" and can be set to error, warning, info, debug. """ + + if self_signed_certificate: + # NOTE : If you have a self-signed SSL Certificate pointing over "port=686" and "secure=True" alone + # will not work, you need also to set "self_signed_certificate=True". + # Ref1: https://onemoretech.wordpress.com/2015/06/25/connecting-to-ldap-over-self-signed-tls-with-python/ + # Ref2: http://bneijt.nl/blog/post/connecting-to-ldaps-with-self-signed-cert-using-python/ + ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) + logger = logging.getLogger('web2py.auth.ldap_auth') if logging_level == 'error': logger.setLevel(logging.ERROR)