本文整理汇总了Python中ldap.OPT_X_TLS_DEMAND属性的典型用法代码示例。如果您正苦于以下问题:Python ldap.OPT_X_TLS_DEMAND属性的具体用法?Python ldap.OPT_X_TLS_DEMAND怎么用?Python ldap.OPT_X_TLS_DEMAND使用的例子?那么恭喜您, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类ldap的用法示例。
在下文中一共展示了ldap.OPT_X_TLS_DEMAND属性的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _ldap_connect
# 需要导入模块: import ldap [as 别名]
# 或者: from ldap import OPT_X_TLS_DEMAND [as 别名]
def _ldap_connect(self):
"""
Prepare ldap object for binding phase.
"""
try:
connection = ldap.initialize(self._ldap_uri)
connection.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
connection.set_option(ldap.OPT_REFERRALS,
int(self._chase_referrals))
if self._ldap_uri.startswith('ldaps://'):
# Require server certificate but ignore it's validity. (allow self-signed)
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
if self._use_tls:
# Require TLS connection.
ldap.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND)
# Require server certificate but ignore it's validity. (allow self-signed)
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
connection.start_tls_s()
LOG.debug('Connection now using TLS')
return connection
except ldap.LDAPError as e:
LOG.debug('(_ldap_connect) LDAP Error: %s : Type %s' % (str(e), type(e)))
return False 示例2: test_ldap_connect_ldap_start_tls
# 需要导入模块: import ldap [as 别名]
# 或者: from ldap import OPT_X_TLS_DEMAND [as 别名]
def test_ldap_connect_ldap_start_tls(self, mock_set_option):
try:
ldapobj = self.mockldap['ldap://testserver.domain.tld']
result = _do_simple_bind('cn=manager,dc=example,dc=com', 'ldaptest',
uri='ldap://testserver.domain.tld',
use_tls=True)
self.assertEquals(ldapobj.methods_called(),
self.connect_methods + ['start_tls_s',
'simple_bind_s', 'whoami_s', 'unbind'])
mock_set_option.assert_has_calls(
[
mock.call(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND),
mock.call(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER),
])
self.assertTrue(result)
finally:
del ldapobj 示例3: get_ldap_client
# 需要导入模块: import ldap [as 别名]
# 或者: from ldap import OPT_X_TLS_DEMAND [as 别名]
def get_ldap_client(self, user=None, password=None):
uri = self.plugin_settings().get(["uri"])
if not uri:
self._logger.debug("No LDAP URI")
return None
if not user:
user = self.plugin_settings().get(["auth_user"])
password = self.plugin_settings().get(["auth_password"])
try:
self._logger.debug("Initializing LDAP connection to %s" % uri)
client = ldap.initialize(uri)
if self.plugin_settings().get(["request_tls_cert"]):
self._logger.debug("Requesting TLS certificate")
client.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
else:
client.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
if user is not None:
self._logger.debug("Binding to LDAP as %s" % user)
client.bind_s(user, password)
return client
except ldap.INVALID_CREDENTIALS:
self._logger.error("Invalid credentials to bind to LDAP as %s" % user)
except ldap.LDAPError as e:
self._logger.error(json.dumps(e.message))
return None 示例4: parse_tls_reqcert_opt
# 需要导入模块: import ldap [as 别名]
# 或者: from ldap import OPT_X_TLS_DEMAND [as 别名]
def parse_tls_reqcert_opt(value):
"""Convert `tls_reqcert` option to ldap's `OPT_X_TLS_*` constant."""
return {
'never': ldap.OPT_X_TLS_NEVER,
'allow': ldap.OPT_X_TLS_ALLOW,
'try': ldap.OPT_X_TLS_TRY,
'demand': ldap.OPT_X_TLS_DEMAND,
'hard': ldap.OPT_X_TLS_HARD
}[value.lower()] if value else None 示例5: ldap_init_conn
# 需要导入模块: import ldap [as 别名]
# 或者: from ldap import OPT_X_TLS_DEMAND [as 别名]
def ldap_init_conn(self):
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
conn = ldap.initialize(Setting().get('ldap_uri'))
conn.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF)
conn.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
conn.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND)
conn.set_option(ldap.OPT_X_TLS_DEMAND, True)
conn.set_option(ldap.OPT_DEBUG_LEVEL, 255)
conn.protocol_version = ldap.VERSION3
return conn 示例6: connect
# 需要导入模块: import ldap [as 别名]
# 或者: from ldap import OPT_X_TLS_DEMAND [as 别名]
def connect(self):
"""Connect to the LDAP server.
This method must be called before any other methods of this object.
Raises:
ConfigError: If Base DN or LDAP URI is missing in the config.
LDAPConnectionError: If can't connect to the LDAP server.
ldap.LDAPError:
"""
conf = self.conf
if not conf.uris or not conf.base:
raise ConfigError('Base DN and LDAP URI(s) must be provided.', 1)
if conf.tls_require_cert:
if conf.tls_require_cert not in [ldap.OPT_X_TLS_DEMAND, ldap.OPT_X_TLS_HARD]:
print(BAD_REQCERT_WARNING, file=sys.stderr)
# this is a global option!
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, conf.tls_require_cert)
if conf.cacert_dir:
# this is a global option!
ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, conf.cacert_dir)
if not conf.referrals:
# this is a global option!
ldap.set_option(ldap.OPT_REFERRALS, 0)
# NOTE: The uri argument is passed directly to the underlying openldap
# library that allows multiple URIs separated by a space for failover.
self._conn = conn = ldap.initialize(' '.join(conf.uris))
try:
conn.protocol_version = conf.ldap_version
conn.network_timeout = conf.bind_timeout
conn.timeout = conf.search_timeout
if conf.sasl == 'GSSAPI':
self._bind_sasl_gssapi()
return
if conf.ssl == 'start_tls' and conf.ldap_version >= 3:
conn.start_tls_s()
if conf.bind_dn and conf.bind_pass:
self._bind(conf.bind_dn, conf.bind_pass)
except ldap.SERVER_DOWN:
raise LDAPConnectionError('Can\'t contact LDAP server.', 3) 示例7: _connect
# 需要导入模块: import ldap [as 别名]
# 或者: from ldap import OPT_X_TLS_DEMAND [as 别名]
def _connect(self):
"""Initialize an ldap client"""
ldap_client = ldap.initialize(self.uri)
ldap.set_option(ldap.OPT_REFERRALS, 0)
ldap.set_option(ldap.OPT_TIMEOUT, self.timeout)
if self.starttls == 'on':
ldap.set_option(ldap.OPT_X_TLS_DEMAND, True)
else:
ldap.set_option(ldap.OPT_X_TLS_DEMAND, False)
# set the CA file if declared and if necessary
if self.ca and self.checkcert == 'on':
# check if the CA file actually exists
if os.path.isfile(self.ca):
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, self.ca)
else:
raise CaFileDontExist(self.ca)
if self.checkcert == 'off':
# this is dark magic
# remove any of these two lines and it doesn't work
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
ldap_client.set_option(
ldap.OPT_X_TLS_REQUIRE_CERT,
ldap.OPT_X_TLS_NEVER
)
else:
# this is even darker magic
ldap_client.set_option(
ldap.OPT_X_TLS_REQUIRE_CERT,
ldap.OPT_X_TLS_DEMAND
)
# it doesn't make sense to set it to never
# (== don't check certifate)
# but it only works with this option...
# ... and it checks the certificat
# (I've lost my sanity over this)
ldap.set_option(
ldap.OPT_X_TLS_REQUIRE_CERT,
ldap.OPT_X_TLS_NEVER
)
if self.starttls == 'on':
try:
ldap_client.start_tls_s()
except Exception as e:
self._exception_handler(e)
return ldap_client 示例8: init_app
# 需要导入模块: import ldap [as 别名]
# 或者: from ldap import OPT_X_TLS_DEMAND [as 别名]
def init_app(app):
"""Initialize the `app` for use with this :class:`~LDAP`. This is
called automatically if `app` is passed to :meth:`~LDAP.__init__`.
:param flask.Flask app: the application to configure for use with
this :class:`~LDAP`
"""
app.config.setdefault('LDAP_HOST', 'localhost')
app.config.setdefault('LDAP_PORT', 389)
app.config.setdefault('LDAP_SCHEMA', 'ldap')
app.config.setdefault('LDAP_USERNAME', None)
app.config.setdefault('LDAP_PASSWORD', None)
app.config.setdefault('LDAP_TIMEOUT', 10)
app.config.setdefault('LDAP_USE_SSL', False)
app.config.setdefault('LDAP_USE_TLS', False)
app.config.setdefault('LDAP_REQUIRE_CERT', False)
app.config.setdefault('LDAP_CERT_PATH', '/path/to/cert')
app.config.setdefault('LDAP_BASE_DN', None)
app.config.setdefault('LDAP_OBJECTS_DN', 'distinguishedName')
app.config.setdefault('LDAP_USER_FIELDS', [])
app.config.setdefault('LDAP_USER_OBJECT_FILTER',
'(&(objectclass=Person)(userPrincipalName=%s))')
app.config.setdefault('LDAP_USER_GROUPS_FIELD', 'memberOf')
app.config.setdefault('LDAP_GROUP_FIELDS', [])
app.config.setdefault('LDAP_GROUP_OBJECT_FILTER',
'(&(objectclass=Group)(userPrincipalName=%s))')
app.config.setdefault('LDAP_GROUP_MEMBERS_FIELD', 'member')
app.config.setdefault('LDAP_LOGIN_VIEW', 'login')
app.config.setdefault('LDAP_REALM_NAME', 'LDAP authentication')
app.config.setdefault('LDAP_OPENLDAP', False)
app.config.setdefault('LDAP_GROUP_MEMBER_FILTER', '*')
app.config.setdefault('LDAP_GROUP_MEMBER_FILTER_FIELD', '*')
app.config.setdefault('LDAP_CUSTOM_OPTIONS', None)
if app.config['LDAP_USE_SSL'] or app.config['LDAP_USE_TLS']:
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,
ldap.OPT_X_TLS_NEVER)
if app.config['LDAP_REQUIRE_CERT']:
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,
ldap.OPT_X_TLS_DEMAND)
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,
current_app.config['LDAP_CERT_PATH'])
for option in ['USERNAME', 'PASSWORD', 'BASE_DN']:
if app.config['LDAP_{0}'.format(option)] is None:
raise LDAPException('LDAP_{0} cannot be None!'.format(option))