From b914052d7c33cc45012f693763189aa7db7a78a2 Mon Sep 17 00:00:00 2001 From: Alexander Sulfrian Date: Fri, 15 Jul 2016 17:31:23 +0200 Subject: Server/Plugins/Ldap: Support arbitrary ldap options You can now set arbitrary ldap option for the connection by specifying a dict with the key and the value. You should use the constants from python-ldap. --- doc/server/plugins/grouping/ldap.txt | 11 +++++++++++ src/lib/Bcfg2/Server/Plugins/Ldap.py | 9 +++++++-- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/doc/server/plugins/grouping/ldap.txt b/doc/server/plugins/grouping/ldap.txt index f9c25dee9..abbd5e005 100644 --- a/doc/server/plugins/grouping/ldap.txt +++ b/doc/server/plugins/grouping/ldap.txt @@ -140,6 +140,17 @@ LdapConnection LDAP URI of the LDAP server to connect to. This is prefered over :attr:`LdapConnection.host` and :attr:`LdapConnection.port`. + .. note:: + + If you are using ldaps you may have to specify additional options + for enabling the certificate validation or setting the path for + the trusted certificates with :attr:`LdapConnection.options`. + +.. attribute:: LdapConnection.options + + Arbitrary options for the LDAP connection. You should specify it + as a dict and use the ``OPT_*`` constants from ``python-ldap``. + You may pass any of these attributes as keyword arguments when creating the connection object. LdapQuery diff --git a/src/lib/Bcfg2/Server/Plugins/Ldap.py b/src/lib/Bcfg2/Server/Plugins/Ldap.py index 0b66f7777..a51f47dae 100644 --- a/src/lib/Bcfg2/Server/Plugins/Ldap.py +++ b/src/lib/Bcfg2/Server/Plugins/Ldap.py @@ -169,8 +169,8 @@ class Ldap(Bcfg2.Server.Plugin.Plugin, class LdapConnection(Debuggable): """ Connection to an LDAP server. """ - def __init__(self, host="localhost", port=389, uri=None, binddn=None, - bindpw=None): + def __init__(self, host="localhost", port=389, uri=None, options=None, + binddn=None, bindpw=None): Debuggable.__init__(self) if HAS_LDAP: @@ -181,6 +181,7 @@ class LdapConnection(Debuggable): self.host = host self.port = port self.uri = uri + self.options = options self.binddn = binddn self.bindpw = bindpw self.conn = None @@ -207,6 +208,10 @@ class LdapConnection(Debuggable): self.disconnect() self.conn = ldap.initialize(self.get_uri()) + if self.options is not None: + for (option, value) in self.options.items(): + self.conn.set_option(option, value) + if self.binddn is not None and self.bindpw is not None: self.conn.simple_bind_s(self.binddn, self.bindpw) -- cgit v1.2.3-1-g7c22