This is an automated email from the ASF dual-hosted git repository. wave pushed a commit to branch explicit-ldap-tls-configuration in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
commit 819e4681ed21bd84efcf798791b8765ec2640d47 Author: Dave Fisher <[email protected]> AuthorDate: Mon Feb 23 12:05:21 2026 -0800 Explicit ldap tls configuration --- atr/ldap.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/atr/ldap.py b/atr/ldap.py index 4a3661d9..be58a81c 100644 --- a/atr/ldap.py +++ b/atr/ldap.py @@ -23,6 +23,7 @@ from typing import Any, Final, Literal import ldap3 import ldap3.utils.conv as conv import ldap3.utils.dn as dn +import ssl LDAP_ROOT_BASE: Final[str] = "cn=infrastructure-root,ou=groups,ou=services,dc=apache,dc=org" LDAP_SEARCH_BASE: Final[str] = "ou=people,dc=apache,dc=org" @@ -37,7 +38,11 @@ class Search: self._conn: ldap3.Connection | None = None def __enter__(self): - server = ldap3.Server(LDAP_SERVER_HOST, use_ssl=True) + tls_config = ldap3.Tls( + validate=ssl.CERT_REQUIRED, + version=ssl.PROTOCOL_TLS_CLIENT, + ) + server = ldap3.Server(LDAP_SERVER_HOST, use_ssl=True, tls=tls_config) self._conn = ldap3.Connection( server, user=self._bind_dn, --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
