ldap_auth, TLS implementation

46 views
Skip to first unread message

flando

unread,
Apr 20, 2016, 3:14:32 AM4/20/16
to web2py-users
Hi

To have ldap over tls working I had to add the following lines in gluon/contrib/login_methods/ldap_auth.py to regard the cert file:

 567     def init_ldap(

    601         if tls:
    +602             if cacert_file:
    +603                 ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
    +604                 ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, cacert_file)
    605             con.start_tls_s()

Maybe you can add this persistently in your code base so I don't have to include this again after each upgrade of web2py?


Thank you and kind regards
Fritz

Niphlod

unread,
Apr 20, 2016, 3:32:09 AM4/20/16
to web2py-users
ahem.... isn't this added yet when cacert is not None ?

flando

unread,
Apr 20, 2016, 3:37:25 AM4/20/16
to web2py-users
we are using 2.13.4, in this version it is missing.
sorry for my post if it meanwhile got integrated! :)

Niphlod

unread,
Apr 20, 2016, 6:06:40 AM4/20/16
to web2py-users

flando

unread,
Apr 20, 2016, 7:08:18 AM4/20/16
to web2py-users
 
right! my fault, didn't set "secure=True"...

Thank you Niphlod! 

Niphlod

unread,
Apr 20, 2016, 8:31:45 AM4/20/16
to web2py-users
no problem. it's better a false bug report than noone checking the code at all ^_^

Richard Vézina

unread,
Apr 20, 2016, 10:29:28 AM4/20/16
to web2py-users
:)

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Richard Vézina

unread,
Apr 20, 2016, 10:31:11 AM4/20/16
to web2py-users
We should test ldap_auth... But how to with all the different implementation of LDAP... Simone, do you know if we can at least test Open LDAP easily?


Niphlod

unread,
Apr 20, 2016, 10:55:16 AM4/20/16
to web2py-users
on travis an openldap server can be installed but that being said it's like opening a pandora's box : tests and coverage are really meant for anything NOT in contrib

Richard Vézina

unread,
Apr 20, 2016, 10:58:17 AM4/20/16
to web2py-users
we shouldn't test contribs as they should be tested somewhere else, though many of them don't have somewhere else place... :) auth_ldap fall in that category...
Reply all
Reply to author
Forward
0 new messages