Python ldap.OPT_X_TLS_REQUIRE_CERT Examples
The following are 4
code examples of ldap.OPT_X_TLS_REQUIRE_CERT().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
ldap
, or try the search function
.
.
Example #1
| Source File: test_ldap_backend.py From st2-auth-backend-ldap with Apache License 2.0 | 6 votes |
|
def test_ldap_connect_ldap_start_tls(self, mock_set_option):
try:
ldapobj = self.mockldap['ldap://testserver.domain.tld']
result = _do_simple_bind('cn=manager,dc=example,dc=com', 'ldaptest',
uri='ldap://testserver.domain.tld',
use_tls=True)
self.assertEquals(ldapobj.methods_called(),
self.connect_methods + ['start_tls_s',
'simple_bind_s', 'whoami_s', 'unbind'])
mock_set_option.assert_has_calls(
[
mock.call(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND),
mock.call(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER),
])
self.assertTrue(result)
finally:
del ldapobj
Example #2
| Source File: test_ldap_backend.py From st2-auth-backend-ldap with Apache License 2.0 | 5 votes |
|
def test_ldap_connect_ldaps(self, mock_set_option):
try:
ldapobj = self.mockldap['ldaps://testserver.domain.tld']
result = _do_simple_bind('cn=manager,dc=example,dc=com', 'ldaptest',
uri='ldaps://testserver.domain.tld')
self.assertEquals(ldapobj.methods_called(),
self.connect_methods + ['simple_bind_s', 'whoami_s', 'unbind'])
mock_set_option.assert_has_calls(
[
mock.call(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER),
])
self.assertTrue(result)
finally:
del ldapobj
Example #3
| Source File: __init__.py From OctoPrint-LDAP with GNU Affero General Public License v3.0 | 5 votes |
|
def get_ldap_client(self, user=None, password=None):
uri = self.plugin_settings().get(["uri"])
if not uri:
self._logger.debug("No LDAP URI")
return None
if not user:
user = self.plugin_settings().get(["auth_user"])
password = self.plugin_settings().get(["auth_password"])
try:
self._logger.debug("Initializing LDAP connection to %s" % uri)
client = ldap.initialize(uri)
if self.plugin_settings().get(["request_tls_cert"]):
self._logger.debug("Requesting TLS certificate")
client.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
else:
client.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
if user is not None:
self._logger.debug("Binding to LDAP as %s" % user)
client.bind_s(user, password)
return client
except ldap.INVALID_CREDENTIALS:
self._logger.error("Invalid credentials to bind to LDAP as %s" % user)
except ldap.LDAPError as e:
self._logger.error(json.dumps(e.message))
return None
Example #4
| Source File: backendLdap.py From ldapcherry with MIT License | 4 votes |
|
def _connect(self):
"""Initialize an ldap client"""
ldap_client = ldap.initialize(self.uri)
ldap.set_option(ldap.OPT_REFERRALS, 0)
ldap.set_option(ldap.OPT_TIMEOUT, self.timeout)
if self.starttls == 'on':
ldap.set_option(ldap.OPT_X_TLS_DEMAND, True)
else:
ldap.set_option(ldap.OPT_X_TLS_DEMAND, False)
# set the CA file if declared and if necessary
if self.ca and self.checkcert == 'on':
# check if the CA file actually exists
if os.path.isfile(self.ca):
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, self.ca)
else:
raise CaFileDontExist(self.ca)
if self.checkcert == 'off':
# this is dark magic
# remove any of these two lines and it doesn't work
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
ldap_client.set_option(
ldap.OPT_X_TLS_REQUIRE_CERT,
ldap.OPT_X_TLS_NEVER
)
else:
# this is even darker magic
ldap_client.set_option(
ldap.OPT_X_TLS_REQUIRE_CERT,
ldap.OPT_X_TLS_DEMAND
)
# it doesn't make sense to set it to never
# (== don't check certifate)
# but it only works with this option...
# ... and it checks the certificat
# (I've lost my sanity over this)
ldap.set_option(
ldap.OPT_X_TLS_REQUIRE_CERT,
ldap.OPT_X_TLS_NEVER
)
if self.starttls == 'on':
try:
ldap_client.start_tls_s()
except Exception as e:
self._exception_handler(e)
return ldap_client
