From 6297785546c438d60d5090e1be66fe28aac99fcb Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Sat, 21 Jan 2017 18:24:14 +0100 Subject: [PATCH] Add support for custom CA certificates. --- config.cfg.example | 1 + index.py | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/config.cfg.example b/config.cfg.example index b31dc60..84581c1 100644 --- a/config.cfg.example +++ b/config.cfg.example @@ -2,6 +2,7 @@ DEBUG = True SECRET_KEY = "CHANGE!ME" SESSION_TIMEOUT = 3600 +LDAP_CA = "/etc/ldap/ssl/CA.crt" LDAP_URI = "ldaps://ldap.example.com" LDAP_BASE = "dc=example,dc=com" diff --git a/index.py b/index.py index 74d3e25..3bedbf4 100755 --- a/index.py +++ b/index.py @@ -18,6 +18,11 @@ app.jinja_env.lstrip_blocks = True rdb = Redis(host=app.config.get('REDIS_HOST', '127.0.0.1'), password=app.config.get('REDIS_PSWD')) +ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND) +ldap.set_option(ldap.OPT_REFERRALS, 0) +if 'LDAP_CA' in app.config.keys(): + ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, app.config.get('LDAP_CA')) + class ReadOnlyField(StringField): def __call__(self, *args, **kwargs):