diff options
| author | Matthew Harmsen <mharmsen@redhat.com> | 2015-03-13 16:53:52 -0600 |
|---|---|---|
| committer | Matthew Harmsen <mharmsen@redhat.com> | 2015-03-13 16:56:22 -0600 |
| commit | a44ccf872262b1289cd2577a6ba55071066a5209 (patch) | |
| tree | fa8bb3b39ca028c1693c69ab397424c90c8890b2 /base/server/python/pki/server/deployment/pkiparser.py | |
| parent | a54e29d5be1b38158cc44a8bdeda5dcb96fd4096 (diff) | |
| download | pki-a44ccf872262b1289cd2577a6ba55071066a5209.tar.gz pki-a44ccf872262b1289cd2577a6ba55071066a5209.tar.xz pki-a44ccf872262b1289cd2577a6ba55071066a5209.zip | |
Allow use of secure LDAPS connection
- PKI TRAC Ticket #1144 - pkispawn needs option to specify ca cert for ldap
Diffstat (limited to 'base/server/python/pki/server/deployment/pkiparser.py')
| -rw-r--r-- | base/server/python/pki/server/deployment/pkiparser.py | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py index 1e3912084..6fb9e987d 100644 --- a/base/server/python/pki/server/deployment/pkiparser.py +++ b/base/server/python/pki/server/deployment/pkiparser.py @@ -400,6 +400,12 @@ class PKIConfigParser: if config.str2bool(self.mdict['pki_ds_secure_connection']): protocol = 'ldaps' port = self.mdict['pki_ds_ldaps_port'] + # ldap.set_option(ldap.OPT_DEBUG_LEVEL, 255) + ldap.set_option(ldap.OPT_X_TLS_DEMAND, True) + ldap.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND) + ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, + self.mdict['pki_ds_secure_connection_ca_pem_file']) + ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND) else: protocol = 'ldap' port = self.mdict['pki_ds_ldap_port'] @@ -774,6 +780,8 @@ class PKIConfigParser: "-->" self.mdict['PKI_CLOSE_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \ "-->" + self.mdict['PKI_DS_SECURE_CONNECTION_SLOT'] = \ + self.mdict['pki_ds_secure_connection'].lower() self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT'] = \ self.mdict['pki_https_port'] self.mdict\ |