(tooling-trusted-releases) branch main updated: Explicit ldap tls configuration (#755)

Tue, 24 Feb 2026 13:13:33 -0800 

This is an automated email from the ASF dual-hosted git repository.

sbp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git


The following commit(s) were added to refs/heads/main by this push:
     new 7cac7526 Explicit ldap tls configuration (#755)
7cac7526 is described below

commit 7cac7526d295d4c0b15a094e1fbf01db503534e2
Author: Dave Fisher <[email protected]>
AuthorDate: Tue Feb 24 13:13:21 2026 -0800

    Explicit ldap tls configuration (#755)
    
    * Explicit ldap tls configuration
    
    * Put import in preferred order
    
    * Respond to review
---
 atr/ldap.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/atr/ldap.py b/atr/ldap.py
index 4a3661d9..54ed3d5a 100644
--- a/atr/ldap.py
+++ b/atr/ldap.py
@@ -18,6 +18,7 @@
 import asyncio
 import collections
 import dataclasses
+import ssl
 from typing import Any, Final, Literal
 
 import ldap3
@@ -30,6 +31,11 @@ LDAP_SERVER_HOST: Final[str] = "ldap-eu.apache.org"
 LDAP_TOOLING_BASE: Final[str] = 
"cn=tooling,ou=groups,ou=services,dc=apache,dc=org"
 
 
+_tls_config = ldap3.Tls(
+    validate=ssl.CERT_REQUIRED,
+)
+
+
 class Search:
     def __init__(self, ldap_bind_dn: str, ldap_bind_password: str):
         self._bind_dn = ldap_bind_dn
@@ -37,7 +43,7 @@ class Search:
         self._conn: ldap3.Connection | None = None
 
     def __enter__(self):
-        server = ldap3.Server(LDAP_SERVER_HOST, use_ssl=True)
+        server = ldap3.Server(LDAP_SERVER_HOST, use_ssl=True, tls=_tls_config)
         self._conn = ldap3.Connection(
             server,
             user=self._bind_dn,
@@ -234,7 +240,7 @@ def _search_core(params: SearchParameters) -> None:
     params.detail_err = None
     params.connection = None
 
-    server = ldap3.Server(LDAP_SERVER_HOST, use_ssl=True, get_info=ldap3.ALL)
+    server = ldap3.Server(LDAP_SERVER_HOST, use_ssl=True, tls=_tls_config, 
get_info=ldap3.ALL)
     params.srv_info = repr(server)
 
     if params.bind_dn_from_config and params.bind_password_from_config:


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to