Commit 173da7c9 authored by Robin Sonnabend's avatar Robin Sonnabend
Browse files

Allow configuration of the LDAP server certificate

parent 8c04d06d
import ldap import ldap
import hmac, hashlib import hmac, hashlib
import ssl
import ldap3 import ldap3
from ldap3.utils.dn import parse_dn from ldap3.utils.dn import parse_dn
from datetime import datetime from datetime import datetime
...@@ -99,8 +100,14 @@ class LdapManager: ...@@ -99,8 +100,14 @@ class LdapManager:
yield group.cn.value yield group.cn.value
class ADManager: class ADManager:
def __init__(self, host, domain, user_dn, group_dn, port=636, use_ssl=True): def __init__(self, host, domain, user_dn, group_dn,
self.server = ldap3.Server(host, port=port, use_ssl=use_ssl) port=636, use_ssl=True, ca_cert=None):
tls_config = ldap3.Tls(validate=ssl.CERT_REQUIRED)
if ca_cert is not None:
tls_config = ldap3.Tls(validate=ssl.CERT_REQUIRED,
ca_certs_file=ca_cert)
self.server = ldap3.Server(host, port=port, use_ssl=use_ssl,
tls=tls_config)
self.domain = domain self.domain = domain
self.user_dn = user_dn self.user_dn = user_dn
self.group_dn = group_dn self.group_dn = group_dn
......
...@@ -78,7 +78,8 @@ AUTH_BACKENDS = [ ...@@ -78,7 +78,8 @@ AUTH_BACKENDS = [
host="ad.example.com", host="ad.example.com",
domain="EXAMPLE", domain="EXAMPLE",
user_dn="cn=users,dc=example,dc=com", user_dn="cn=users,dc=example,dc=com",
group_dn="dc=example,dc=com") group_dn="dc=example,dc=com",
ca_cert="/etc/ssl/certs/example-ca.pem")
] ]
# lines of error description # lines of error description
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment