Skip to content

Commit

Permalink
Merge pull request #275 from Freddo3000/feature/tls-settings
Browse files Browse the repository at this point in the history
Add additional Tls/SSL arguments
  • Loading branch information
etianen authored Jul 29, 2024
2 parents 8285859 + 162fa56 commit bea610e
Show file tree
Hide file tree
Showing 3 changed files with 36 additions and 1 deletion.
12 changes: 12 additions & 0 deletions README.rst
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,12 @@ Available settings
import ssl
LDAP_AUTH_TLS_VERSION = ssl.PROTOCOL_TLSv1_2
# Specify which TLS ciphers to use.
LDAP_AUTH_TLS_CIPHERS = "ALL"
# Unspecified TLS keyword arguments applied to the connection on the underlying `ldap3` library.
LDAP_AUTH_TLS_ARGS = {}
# The LDAP search base for looking up users.
LDAP_AUTH_SEARCH_BASE = "ou=people,dc=example,dc=com"
Expand Down Expand Up @@ -90,10 +96,16 @@ Available settings
LDAP_AUTH_CONNECTION_USERNAME = None
LDAP_AUTH_CONNECTION_PASSWORD = None
# Use SSL on the connection.
LDAP_AUTH_CONNECT_USE_SSL = False
# Set connection/receive timeouts (in seconds) on the underlying `ldap3` library.
LDAP_AUTH_CONNECT_TIMEOUT = None
LDAP_AUTH_RECEIVE_TIMEOUT = None
# Unspecified keyword arguments to apply to the connection in the underlying `ldap3` library.
LDAP_AUTH_CONNECT_ARGS = {}
# Set connection pool `active` parameter on the underlying `ldap3` library.
LDAP_AUTH_POOL_ACTIVE = True
Expand Down
20 changes: 20 additions & 0 deletions django_python3_ldap/conf.py
Original file line number Diff line number Diff line change
Expand Up @@ -44,11 +44,21 @@ def __init__(self, settings):
default=False,
)

LDAP_AUTH_TLS_CIPHERS = LazySetting(
name="LDAP_AUTH_TLS_CIPHERS",
default="ALL",
)

LDAP_AUTH_TLS_VERSION = LazySetting(
name="LDAP_AUTH_TLS_VERSION",
default=PROTOCOL_TLS,
)

LDAP_AUTH_TLS_ARGS = LazySetting(
name="LDAP_AUTH_TLS_ARGS",
default={},
)

LDAP_AUTH_SEARCH_BASE = LazySetting(
name="LDAP_AUTH_SEARCH_BASE",
default="ou=people,dc=example,dc=com",
Expand Down Expand Up @@ -126,6 +136,16 @@ def __init__(self, settings):
default=None,
)

LDAP_AUTH_CONNECT_ARGS = LazySetting(
name="LDAP_AUTH_CONNECT_ARGS",
default={},
)

LDAP_AUTH_CONNECT_USE_SSL = LazySetting(
name="LDAP_AUTH_CONNECT_USE_SSL",
default=False,
)

LDAP_AUTH_CONNECT_TIMEOUT = LazySetting(
name="LDAP_AUTH_CONNECT_TIMEOUT",
default=None
Expand Down
5 changes: 4 additions & 1 deletion django_python3_ldap/ldap.py
Original file line number Diff line number Diff line change
Expand Up @@ -176,11 +176,14 @@ def connection(**kwargs):
"allowed_referral_hosts": [("*", True)],
"get_info": ldap3.NONE,
"connect_timeout": settings.LDAP_AUTH_CONNECT_TIMEOUT,
"use_ssl": settings.LDAP_AUTH_CONNECT_USE_SSL,
**settings.LDAP_AUTH_CONNECT_ARGS
}
if settings.LDAP_AUTH_USE_TLS:
server_args["tls"] = ldap3.Tls(
ciphers="ALL",
ciphers=settings.LDAP_AUTH_TLS_CIPHERS,
version=settings.LDAP_AUTH_TLS_VERSION,
**settings.LDAP_AUTH_TLS_ARGS
)
server_pool.add(
ldap3.Server(
Expand Down

0 comments on commit bea610e

Please sign in to comment.