def open_ldap():
"""
Returns a freshly made LDAP object, according to the settings
configured in webfront.conf.
"""
# Get config settings
server = _config.get('ldap', 'server')
port = _config.getint('ldap', 'port')
encryption = _config.get('ldap', 'encryption').lower()
timeout = _config.getfloat('ldap', 'timeout')
# Revert to no encryption if none of the valid settings are found
if encryption not in ('ssl', 'tls', 'none'):
_logger.warning('Unknown encryption setting %r in config file, '
'using no encryption instead',
_config.get('ldap', 'encryption'))
encryption = 'none'
# Debug tracing from python-ldap/openldap to stderr
if _config.getboolean('ldap', 'debug'):
ldap.set_option(ldap.OPT_DEBUG_LEVEL, 255)
# Use STARTTLS if enabled, then fail miserably if the server
# does not support it
if encryption == 'tls':
_logger.debug("Using STARTTLS for ldap connection")
lconn = ldap.open(server, port)
lconn.timeout = timeout
try:
lconn.start_tls_s()
except ldap.PROTOCOL_ERROR:
_logger.error('LDAP server %s does not support the STARTTLS '
'extension. Aborting.', server)
raise NoStartTlsError(server)
except (ldap.SERVER_DOWN, ldap.CONNECT_ERROR):
_logger.exception("LDAP server is down")
raise NoAnswerError(server)
else:
scheme = encryption == 'ssl' and 'ldaps' or 'ldap'
uri = '%s://%s:%s' % (scheme, server, port)
lconn = ldap.initialize(uri)
lconn.timeout = timeout
return lconn
评论列表
文章目录
