1
0
mirror of https://github.com/moepman/bk-dss synced 2024-12-22 08:04:27 +01:00

Add support for custom CA certificates.

This commit is contained in:
Markus 2017-01-21 18:24:14 +01:00
parent 8667f788f1
commit 6297785546
2 changed files with 6 additions and 0 deletions

View File

@ -2,6 +2,7 @@ DEBUG = True
SECRET_KEY = "CHANGE!ME"
SESSION_TIMEOUT = 3600
LDAP_CA = "/etc/ldap/ssl/CA.crt"
LDAP_URI = "ldaps://ldap.example.com"
LDAP_BASE = "dc=example,dc=com"

View File

@ -18,6 +18,11 @@ app.jinja_env.lstrip_blocks = True
rdb = Redis(host=app.config.get('REDIS_HOST', '127.0.0.1'), password=app.config.get('REDIS_PSWD'))
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
ldap.set_option(ldap.OPT_REFERRALS, 0)
if 'LDAP_CA' in app.config.keys():
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, app.config.get('LDAP_CA'))
class ReadOnlyField(StringField):
def __call__(self, *args, **kwargs):