changeset ef94072def34 in modules/ldap_authentication:6.0
details:
https://hg.tryton.org/modules/ldap_authentication?cmd=changeset&node=ef94072def34
description:
Enforce certificate validation for LDAP connection
issue11564
review417381003
(grafted from 366cca2d391e3fda2e038b34a032f4acf0efdce5)
diffstat:
CHANGELOG | 2 ++
res.py | 5 ++++-
2 files changed, 6 insertions(+), 1 deletions(-)
diffs (34 lines):
diff -r 5895439fca1c -r ef94072def34 CHANGELOG
--- a/CHANGELOG Mon May 03 15:37:53 2021 +0200
+++ b/CHANGELOG Tue Jun 21 10:17:02 2022 +0200
@@ -1,3 +1,5 @@
+* Enforce certificate validation for LDAP connection (issue11564)
+
Version 6.0.0 - 2021-05-03
* Bug fixes (see mercurial logs for details)
diff -r 5895439fca1c -r ef94072def34 res.py
--- a/res.py Mon May 03 15:37:53 2021 +0200
+++ b/res.py Tue Jun 21 10:17:02 2022 +0200
@@ -1,6 +1,7 @@
# This file is part of Tryton. The COPYRIGHT file at the top level of
# this repository contains the full copyright notices and license terms.
import logging
+import ssl
import urllib.parse
import ldap3
@@ -42,10 +43,12 @@
uri, _, _, _, _, extensions = parse_ldap_url(uri)
if uri.scheme.startswith('ldaps'):
scheme, port = 'ldaps', 636
+ tls = ldap3.Tls(validate=ssl.CERT_REQUIRED)
else:
scheme, port = 'ldap', 389
+ tls = None
return ldap3.Server('%s://%s:%s' % (
- scheme, uri.hostname, uri.port or port))
+ scheme, uri.hostname, uri.port or port), tls=tls)
class User(metaclass=PoolMeta):
