Could it be possible to not provide Certificate path? I use Redmine and the only thing required is specifying that we use LDAPS by checking a box and specifying the port... I have look a little bit at the code and it seems that this is realize by the help of Perl module "IO::Socket::SSL" (http://search.cpan.org/~sullr/IO-Socket-SSL-2.020/lib/IO/Socket/SSL.pod) and socket...
The equivalent library in python seems to be ssl ( https://docs.python.org/2/library/ssl.html) Can it be use to allow LDAPS with ldap_auth.py ?? Richard On Thu, Jul 24, 2014 at 4:58 PM, Shane Tzen <sh...@faultymonk.org> wrote: > On Thu, Dec 19, 2013 at 4:30 PM, Maggs <maggs.csom....@gmail.com> wrote: > > > > Yes secure ldap is causing a lot of problems. I hope it gets sorted out > eventually. For now I'm having to modify the framework for my needs. > > Somewhat related issue here. Using a self-signed cert and especially > for testing, it seems expedient to add an option to ignore certificate > errors by setting ldap.OPT_X_TLS_REQUIRE_CERT which ldap_auth.py > doesn't provide. > > My modification is below: > > --- ldap_auth.py.orig 2014-07-24 13:23:25.791901259 -0700 > +++ ldap_auth.py 2014-07-24 13:43:34.467896371 -0700 > @@ -18,6 +18,7 @@ > base_dn='ou=users,dc=domain,dc=com', > mode='uid', secure=False, cert_path=None, cert_file=None, > bind_dn=None, bind_pw=None, filterstr='objectClass=*', > + cert_require=True, > username_attrib='uid', > custom_scope='subtree', > allowed_groups=None, > @@ -78,6 +79,8 @@ > If ldap is using GnuTLS then you need cert_file="..." instead > cert_path > because cert_path isn't implemented in GnuTLS :( > > + If using self-signed certificates, set cert_require=False. > + > If you need to bind to the directory with an admin account in order to > search it then specify bind_dn & bind_pw to use for this. > - currently only implemented for Active Directory > @@ -170,6 +173,7 @@ > secure=secure, > cert_path=cert_path, > cert_file=cert_file, > + cert_require=cert_require, > filterstr=filterstr, > username_attrib=username_attrib, > custom_scope=custom_scope, > @@ -568,7 +572,8 @@ > ldap_mode=mode, > secure=secure, > cert_path=cert_path, > - cert_file=cert_file): > + cert_file=cert_file, > + cert_require=cert_require): > """ > Inicialize ldap connection > """ > @@ -582,6 +587,8 @@ > con.set_option(ldap.OPT_X_TLS_CACERTDIR, cert_path) > if cert_file: > con.set_option(ldap.OPT_X_TLS_CACERTFILE, cert_file) > + if not cert_require: > + con.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, > ldap.OPT_X_TLS_NEVER) > else: > if not ldap_port: > ldap_port = 389 > > -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to web2py+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
