diff options
| -rw-r--r-- | doc/server/plugins/grouping/ldap.txt | 11 | ||||
| -rw-r--r-- | src/lib/Bcfg2/Server/Plugins/Ldap.py | 9 |
2 files changed, 18 insertions, 2 deletions
diff --git a/doc/server/plugins/grouping/ldap.txt b/doc/server/plugins/grouping/ldap.txt index f9c25dee9..abbd5e005 100644 --- a/doc/server/plugins/grouping/ldap.txt +++ b/doc/server/plugins/grouping/ldap.txt @@ -140,6 +140,17 @@ LdapConnection LDAP URI of the LDAP server to connect to. This is prefered over :attr:`LdapConnection.host` and :attr:`LdapConnection.port`. + .. note:: + + If you are using ldaps you may have to specify additional options + for enabling the certificate validation or setting the path for + the trusted certificates with :attr:`LdapConnection.options`. + +.. attribute:: LdapConnection.options + + Arbitrary options for the LDAP connection. You should specify it + as a dict and use the ``OPT_*`` constants from ``python-ldap``. + You may pass any of these attributes as keyword arguments when creating the connection object. LdapQuery diff --git a/src/lib/Bcfg2/Server/Plugins/Ldap.py b/src/lib/Bcfg2/Server/Plugins/Ldap.py index 0b66f7777..a51f47dae 100644 --- a/src/lib/Bcfg2/Server/Plugins/Ldap.py +++ b/src/lib/Bcfg2/Server/Plugins/Ldap.py @@ -169,8 +169,8 @@ class Ldap(Bcfg2.Server.Plugin.Plugin, class LdapConnection(Debuggable): """ Connection to an LDAP server. """ - def __init__(self, host="localhost", port=389, uri=None, binddn=None, - bindpw=None): + def __init__(self, host="localhost", port=389, uri=None, options=None, + binddn=None, bindpw=None): Debuggable.__init__(self) if HAS_LDAP: @@ -181,6 +181,7 @@ class LdapConnection(Debuggable): self.host = host self.port = port self.uri = uri + self.options = options self.binddn = binddn self.bindpw = bindpw self.conn = None @@ -207,6 +208,10 @@ class LdapConnection(Debuggable): self.disconnect() self.conn = ldap.initialize(self.get_uri()) + if self.options is not None: + for (option, value) in self.options.items(): + self.conn.set_option(option, value) + if self.binddn is not None and self.bindpw is not None: self.conn.simple_bind_s(self.binddn, self.bindpw) |