Home Explore Help
Sign In
mirrors
/
Radicale
mirror of https://github.com/Kozea/Radicale
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

LDAP auth: load SSL/TLS config unconditionally

Currently it is not used by _login2(), but it does not hurt to have it
available.
It is a preparation for supporting encrypted connections in _login2().
Peter Marschall 5 months ago
parent
0648f417b1
commit
caab7d3712
1 changed files with 13 additions and 15 deletions
Split View Show Diff Stats
  1. 13 15
      radicale/auth/ldap.py

+ 13 - 15
radicale/auth/ldap.py
View File 

@@ -102,21 +102,19 @@ class Auth(auth.BaseAuth):
 
         if ldap_secret_file_path:
 
             with open(ldap_secret_file_path, 'r') as file:
 
                 self._ldap_secret = file.read().rstrip('\n')
 
-        if self._ldap_module_version == 3:
 
-            self._ldap_use_ssl = configuration.get("auth", "ldap_use_ssl")
 
-            self._ldap_security = configuration.get("auth", "ldap_security")
 
-            self._use_encryption = self._ldap_use_ssl or self._ldap_security in ("tls", "starttls")
 
-            if self._ldap_use_ssl and self._ldap_security == "starttls":
 
-                raise RuntimeError("Cannot set both 'ldap_use_ssl = True' and 'ldap_security' = 'starttls'")
 
-            if self._ldap_use_ssl:
 
-                logger.warning("Configuration uses soon to be deprecated 'ldap_use_ssl', use 'ldap_security' ('none', 'tls', 'starttls') instead.")
 
-            if self._use_encryption:
 
-                self._ldap_ssl_ca_file = configuration.get("auth", "ldap_ssl_ca_file")
 
-                tmp = configuration.get("auth", "ldap_ssl_verify_mode")
 
-                if tmp == "NONE":
 
-                    self._ldap_ssl_verify_mode = ssl.CERT_NONE
 
-                elif tmp == "OPTIONAL":
 
-                    self._ldap_ssl_verify_mode = ssl.CERT_OPTIONAL
 
+        self._ldap_use_ssl = configuration.get("auth", "ldap_use_ssl")
 
+        self._ldap_security = configuration.get("auth", "ldap_security")
 
+        self._use_encryption = self._ldap_use_ssl or self._ldap_security in ("tls", "starttls")
 
+        if self._ldap_use_ssl and self._ldap_security == "starttls":
 
+            raise RuntimeError("Cannot set both 'ldap_use_ssl = True' and 'ldap_security' = 'starttls'")
 
+        if self._ldap_use_ssl:
 
+            logger.warning("Configuration uses soon to be deprecated 'ldap_use_ssl', use 'ldap_security' ('none', 'tls', 'starttls') instead.")
 
+        self._ldap_ssl_ca_file = configuration.get("auth", "ldap_ssl_ca_file")
 
+        tmp = configuration.get("auth", "ldap_ssl_verify_mode")
 
+        if tmp == "NONE":
 
+            self._ldap_ssl_verify_mode = ssl.CERT_NONE
 
+        elif tmp == "OPTIONAL":
 
+            self._ldap_ssl_verify_mode = ssl.CERT_OPTIONAL
 
 
         logger.info("auth.ldap_uri             : %r" % self._ldap_uri)
 
         logger.info("auth.ldap_base            : %r" % self._ldap_base)