Just found this :
https://github.com/cannatag/ldap3
import ldap3
s = ldap3.Server('SERVER.DOMAIN', port=636, use_ssl=True)
c = ldap3.Connection(s, user='USER_DN', password='PASSWORD')
So no need for certificate path or file...
Though only support LDAP v3 which may not be acceptable...
What do you think?
Richard
Le lundi 16 novembre 2015 17:42:05 UTC-5, Richard a écrit :
>
> Could it be possible to not provide Certificate path?
>
> I use Redmine and the only thing required is specifying that we use LDAPS
> by checking a box and specifying the port... I have look a little bit at
> the code and it seems that this is realize by the help of Perl module
> "IO::Socket::SSL"
> (http://search.cpan.org/~sullr/IO-Socket-SSL-2.020/lib/IO/Socket/SSL.pod)
> and socket...
>
> The equivalent library in python seems to be ssl (
> https://docs.python.org/2/library/ssl.html)
>
> Can it be use to allow LDAPS with ldap_auth.py ??
>
> Richard
>
> On Thu, Jul 24, 2014 at 4:58 PM, Shane Tzen <sh...@faultymonk.org> wrote:
>
>> On Thu, Dec 19, 2013 at 4:30 PM, Maggs <maggs.csom....@gmail.com> wrote:
>> >
>> > Yes secure ldap is causing a lot of problems. I hope it gets sorted out
>> eventually. For now I'm having to modify the framework for my needs.
>>
>> Somewhat related issue here. Using a self-signed cert and especially
>> for testing, it seems expedient to add an option to ignore certificate
>> errors by setting ldap.OPT_X_TLS_REQUIRE_CERT which ldap_auth.py
>> doesn't provide.
>>
>> My modification is below:
>>
>> --- ldap_auth.py.orig 2014-07-24 13:23:25.791901259 -0700
>> +++ ldap_auth.py 2014-07-24 13:43:34.467896371 -0700
>> @@ -18,6 +18,7 @@
>> base_dn='ou=users,dc=domain,dc=com',
>> mode='uid', secure=False, cert_path=None, cert_file=None,
>> bind_dn=None, bind_pw=None, filterstr='objectClass=*',
>> + cert_require=True,
>> username_attrib='uid',
>> custom_scope='subtree',
>> allowed_groups=None,
>> @@ -78,6 +79,8 @@
>> If ldap is using GnuTLS then you need cert_file="..." instead
>> cert_path
>> because cert_path isn't implemented in GnuTLS :(
>>
>> + If using self-signed certificates, set cert_require=False.
>> +
>> If you need to bind to the directory with an admin account in order
>> to
>> search it then specify bind_dn & bind_pw to use for this.
>> - currently only implemented for Active Directory
>> @@ -170,6 +173,7 @@
>> secure=secure,
>> cert_path=cert_path,
>> cert_file=cert_file,
>> + cert_require=cert_require,
>> filterstr=filterstr,
>> username_attrib=username_attrib,
>> custom_scope=custom_scope,
>> @@ -568,7 +572,8 @@
>> ldap_mode=mode,
>> secure=secure,
>> cert_path=cert_path,
>> - cert_file=cert_file):
>> + cert_file=cert_file,
>> + cert_require=cert_require):
>> """
>> Inicialize ldap connection
>> """
>> @@ -582,6 +587,8 @@
>> con.set_option(ldap.OPT_X_TLS_CACERTDIR, cert_path)
>> if cert_file:
>> con.set_option(ldap.OPT_X_TLS_CACERTFILE, cert_file)
>> + if not cert_require:
>> + con.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,
>> ldap.OPT_X_TLS_NEVER)
>> else:
>> if not ldap_port:
>> ldap_port = 389
>>
>> --
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)
>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "web2py-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to web2py+unsubscr...@googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
