本文整理汇总了Python中ldap.OPT_X_TLS_NEVER属性的典型用法代码示例。如果您正苦于以下问题:Python ldap.OPT_X_TLS_NEVER属性的具体用法?Python ldap.OPT_X_TLS_NEVER怎么用?Python ldap.OPT_X_TLS_NEVER使用的例子?那么恭喜您, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类ldap的用法示例。
在下文中一共展示了ldap.OPT_X_TLS_NEVER属性的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: _connect_to_ldap
# 需要导入模块: import ldap [as 别名]
# 或者: from ldap import OPT_X_TLS_NEVER [as 别名]
def _connect_to_ldap(self):
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
connection = ldap.initialize(self.server_uri)
if self.start_tls:
try:
connection.start_tls_s()
except ldap.LDAPError:
e = get_exception()
self.module.fail_json(msg="Cannot start TLS.", details=str(e))
try:
if self.bind_dn is not None:
connection.simple_bind_s(self.bind_dn, self.bind_pw)
else:
connection.sasl_interactive_bind_s('', ldap.sasl.external())
except ldap.LDAPError:
e = get_exception()
self.module.fail_json(
msg="Cannot bind to the server.", details=str(e))
return connection 示例2: _ldap_connect
# 需要导入模块: import ldap [as 别名]
# 或者: from ldap import OPT_X_TLS_NEVER [as 别名]
def _ldap_connect(self):
"""
Prepare ldap object for binding phase.
"""
try:
connection = ldap.initialize(self._ldap_uri)
connection.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
connection.set_option(ldap.OPT_REFERRALS,
int(self._chase_referrals))
if self._ldap_uri.startswith('ldaps://'):
# Require server certificate but ignore it's validity. (allow self-signed)
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
if self._use_tls:
# Require TLS connection.
ldap.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND)
# Require server certificate but ignore it's validity. (allow self-signed)
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
connection.start_tls_s()
LOG.debug('Connection now using TLS')
return connection
except ldap.LDAPError as e:
LOG.debug('(_ldap_connect) LDAP Error: %s : Type %s' % (str(e), type(e)))
return False 示例3: test_ldap_connect_ldap_start_tls
# 需要导入模块: import ldap [as 别名]
# 或者: from ldap import OPT_X_TLS_NEVER [as 别名]
def test_ldap_connect_ldap_start_tls(self, mock_set_option):
try:
ldapobj = self.mockldap['ldap://testserver.domain.tld']
result = _do_simple_bind('cn=manager,dc=example,dc=com', 'ldaptest',
uri='ldap://testserver.domain.tld',
use_tls=True)
self.assertEquals(ldapobj.methods_called(),
self.connect_methods + ['start_tls_s',
'simple_bind_s', 'whoami_s', 'unbind'])
mock_set_option.assert_has_calls(
[
mock.call(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND),
mock.call(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER),
])
self.assertTrue(result)
finally:
del ldapobj 示例4: _get_conn
# 需要导入模块: import ldap [as 别名]
# 或者: from ldap import OPT_X_TLS_NEVER [as 别名]
def _get_conn(self):
self._log.debug('Setting up LDAP connection')
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
try:
conn = ldap.initialize(self._url)
conn.set_option(ldap.OPT_NETWORK_TIMEOUT, 3)
conn.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF)
conn.simple_bind_s(self._binddn, self._bindpw)
except (
ldap.SERVER_DOWN,
ldap.NO_SUCH_OBJECT,
ldap.INVALID_CREDENTIALS
) as e:
if hasattr(e, 'message') and 'desc' in e.message:
msg = e.message['desc']
else:
msg = e.args[0]['desc']
self._log.debug('%s (%s)' % (msg, self._url))
return False
self._log.debug('LDAP connection established')
return conn 示例5: test_ldap_connect_ldaps
# 需要导入模块: import ldap [as 别名]
# 或者: from ldap import OPT_X_TLS_NEVER [as 别名]
def test_ldap_connect_ldaps(self, mock_set_option):
try:
ldapobj = self.mockldap['ldaps://testserver.domain.tld']
result = _do_simple_bind('cn=manager,dc=example,dc=com', 'ldaptest',
uri='ldaps://testserver.domain.tld')
self.assertEquals(ldapobj.methods_called(),
self.connect_methods + ['simple_bind_s', 'whoami_s', 'unbind'])
mock_set_option.assert_has_calls(
[
mock.call(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER),
])
self.assertTrue(result)
finally:
del ldapobj 示例6: get_ldap_client
# 需要导入模块: import ldap [as 别名]
# 或者: from ldap import OPT_X_TLS_NEVER [as 别名]
def get_ldap_client(self, user=None, password=None):
uri = self.plugin_settings().get(["uri"])
if not uri:
self._logger.debug("No LDAP URI")
return None
if not user:
user = self.plugin_settings().get(["auth_user"])
password = self.plugin_settings().get(["auth_password"])
try:
self._logger.debug("Initializing LDAP connection to %s" % uri)
client = ldap.initialize(uri)
if self.plugin_settings().get(["request_tls_cert"]):
self._logger.debug("Requesting TLS certificate")
client.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
else:
client.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
if user is not None:
self._logger.debug("Binding to LDAP as %s" % user)
client.bind_s(user, password)
return client
except ldap.INVALID_CREDENTIALS:
self._logger.error("Invalid credentials to bind to LDAP as %s" % user)
except ldap.LDAPError as e:
self._logger.error(json.dumps(e.message))
return None 示例7: parse_tls_reqcert_opt
# 需要导入模块: import ldap [as 别名]
# 或者: from ldap import OPT_X_TLS_NEVER [as 别名]
def parse_tls_reqcert_opt(value):
"""Convert `tls_reqcert` option to ldap's `OPT_X_TLS_*` constant."""
return {
'never': ldap.OPT_X_TLS_NEVER,
'allow': ldap.OPT_X_TLS_ALLOW,
'try': ldap.OPT_X_TLS_TRY,
'demand': ldap.OPT_X_TLS_DEMAND,
'hard': ldap.OPT_X_TLS_HARD
}[value.lower()] if value else None 示例8: ldap_init_conn
# 需要导入模块: import ldap [as 别名]
# 或者: from ldap import OPT_X_TLS_NEVER [as 别名]
def ldap_init_conn(self):
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
conn = ldap.initialize(Setting().get('ldap_uri'))
conn.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF)
conn.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
conn.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND)
conn.set_option(ldap.OPT_X_TLS_DEMAND, True)
conn.set_option(ldap.OPT_DEBUG_LEVEL, 255)
conn.protocol_version = ldap.VERSION3
return conn 示例9: _connect
# 需要导入模块: import ldap [as 别名]
# 或者: from ldap import OPT_X_TLS_NEVER [as 别名]
def _connect(self):
"""Initialize an ldap client"""
ldap_client = ldap.initialize(self.uri)
ldap.set_option(ldap.OPT_REFERRALS, 0)
ldap.set_option(ldap.OPT_TIMEOUT, self.timeout)
if self.starttls == 'on':
ldap.set_option(ldap.OPT_X_TLS_DEMAND, True)
else:
ldap.set_option(ldap.OPT_X_TLS_DEMAND, False)
# set the CA file if declared and if necessary
if self.ca and self.checkcert == 'on':
# check if the CA file actually exists
if os.path.isfile(self.ca):
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, self.ca)
else:
raise CaFileDontExist(self.ca)
if self.checkcert == 'off':
# this is dark magic
# remove any of these two lines and it doesn't work
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
ldap_client.set_option(
ldap.OPT_X_TLS_REQUIRE_CERT,
ldap.OPT_X_TLS_NEVER
)
else:
# this is even darker magic
ldap_client.set_option(
ldap.OPT_X_TLS_REQUIRE_CERT,
ldap.OPT_X_TLS_DEMAND
)
# it doesn't make sense to set it to never
# (== don't check certifate)
# but it only works with this option...
# ... and it checks the certificat
# (I've lost my sanity over this)
ldap.set_option(
ldap.OPT_X_TLS_REQUIRE_CERT,
ldap.OPT_X_TLS_NEVER
)
if self.starttls == 'on':
try:
ldap_client.start_tls_s()
except Exception as e:
self._exception_handler(e)
return ldap_client 示例10: init_app
# 需要导入模块: import ldap [as 别名]
# 或者: from ldap import OPT_X_TLS_NEVER [as 别名]
def init_app(app):
"""Initialize the `app` for use with this :class:`~LDAP`. This is
called automatically if `app` is passed to :meth:`~LDAP.__init__`.
:param flask.Flask app: the application to configure for use with
this :class:`~LDAP`
"""
app.config.setdefault('LDAP_HOST', 'localhost')
app.config.setdefault('LDAP_PORT', 389)
app.config.setdefault('LDAP_SCHEMA', 'ldap')
app.config.setdefault('LDAP_USERNAME', None)
app.config.setdefault('LDAP_PASSWORD', None)
app.config.setdefault('LDAP_TIMEOUT', 10)
app.config.setdefault('LDAP_USE_SSL', False)
app.config.setdefault('LDAP_USE_TLS', False)
app.config.setdefault('LDAP_REQUIRE_CERT', False)
app.config.setdefault('LDAP_CERT_PATH', '/path/to/cert')
app.config.setdefault('LDAP_BASE_DN', None)
app.config.setdefault('LDAP_OBJECTS_DN', 'distinguishedName')
app.config.setdefault('LDAP_USER_FIELDS', [])
app.config.setdefault('LDAP_USER_OBJECT_FILTER',
'(&(objectclass=Person)(userPrincipalName=%s))')
app.config.setdefault('LDAP_USER_GROUPS_FIELD', 'memberOf')
app.config.setdefault('LDAP_GROUP_FIELDS', [])
app.config.setdefault('LDAP_GROUP_OBJECT_FILTER',
'(&(objectclass=Group)(userPrincipalName=%s))')
app.config.setdefault('LDAP_GROUP_MEMBERS_FIELD', 'member')
app.config.setdefault('LDAP_LOGIN_VIEW', 'login')
app.config.setdefault('LDAP_REALM_NAME', 'LDAP authentication')
app.config.setdefault('LDAP_OPENLDAP', False)
app.config.setdefault('LDAP_GROUP_MEMBER_FILTER', '*')
app.config.setdefault('LDAP_GROUP_MEMBER_FILTER_FIELD', '*')
app.config.setdefault('LDAP_CUSTOM_OPTIONS', None)
if app.config['LDAP_USE_SSL'] or app.config['LDAP_USE_TLS']:
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,
ldap.OPT_X_TLS_NEVER)
if app.config['LDAP_REQUIRE_CERT']:
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,
ldap.OPT_X_TLS_DEMAND)
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,
current_app.config['LDAP_CERT_PATH'])
for option in ['USERNAME', 'PASSWORD', 'BASE_DN']:
if app.config['LDAP_{0}'.format(option)] is None:
raise LDAPException('LDAP_{0} cannot be None!'.format(option))