Re: [web2py] LDAP Auth

Thu, 24 Jul 2014 13:58:43 -0700 

On Thu, Dec 19, 2013 at 4:30 PM, Maggs <maggs.csom....@gmail.com> wrote:
>
> Yes secure ldap is causing a lot of problems. I hope it gets sorted out 
> eventually. For now I'm having to modify the framework for my needs.

Somewhat related issue here.  Using a self-signed cert and especially
for testing, it seems expedient to add an option to ignore certificate
errors by setting ldap.OPT_X_TLS_REQUIRE_CERT which ldap_auth.py
doesn't provide.

My modification is below:

--- ldap_auth.py.orig   2014-07-24 13:23:25.791901259 -0700
+++ ldap_auth.py        2014-07-24 13:43:34.467896371 -0700
@@ -18,6 +18,7 @@
               base_dn='ou=users,dc=domain,dc=com',
               mode='uid', secure=False, cert_path=None, cert_file=None,
               bind_dn=None, bind_pw=None, filterstr='objectClass=*',
+              cert_require=True,
               username_attrib='uid',
               custom_scope='subtree',
               allowed_groups=None,
@@ -78,6 +79,8 @@
     If ldap is using GnuTLS then you need cert_file="..." instead cert_path
     because cert_path isn't implemented in GnuTLS :(

+    If using self-signed certificates, set cert_require=False.
+
     If you need to bind to the directory with an admin account in order to
     search it then specify bind_dn & bind_pw to use for this.
     - currently only implemented for Active Directory
@@ -170,6 +173,7 @@
                       secure=secure,
                       cert_path=cert_path,
                       cert_file=cert_file,
+                      cert_require=cert_require,
                       filterstr=filterstr,
                       username_attrib=username_attrib,
                       custom_scope=custom_scope,
@@ -568,7 +572,8 @@
                   ldap_mode=mode,
                   secure=secure,
                   cert_path=cert_path,
-                  cert_file=cert_file):
+                  cert_file=cert_file,
+                  cert_require=cert_require):
         """
         Inicialize ldap connection
         """
@@ -582,6 +587,8 @@
                 con.set_option(ldap.OPT_X_TLS_CACERTDIR, cert_path)
             if cert_file:
                 con.set_option(ldap.OPT_X_TLS_CACERTFILE, cert_file)
+            if not cert_require:
+                con.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,
ldap.OPT_X_TLS_NEVER)
         else:
             if not ldap_port:
                 ldap_port = 389

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to