summaryrefslogtreecommitdiffstats
path: root/base/server/python/pki/server/deployment/pkiparser.py
diff options
context:
space:
mode:
Diffstat (limited to 'base/server/python/pki/server/deployment/pkiparser.py')
-rw-r--r--base/server/python/pki/server/deployment/pkiparser.py8
1 files changed, 8 insertions, 0 deletions
diff --git a/base/server/python/pki/server/deployment/pkiparser.py b/base/server/python/pki/server/deployment/pkiparser.py
index 1e3912084..6fb9e987d 100644
--- a/base/server/python/pki/server/deployment/pkiparser.py
+++ b/base/server/python/pki/server/deployment/pkiparser.py
@@ -400,6 +400,12 @@ class PKIConfigParser:
if config.str2bool(self.mdict['pki_ds_secure_connection']):
protocol = 'ldaps'
port = self.mdict['pki_ds_ldaps_port']
+ # ldap.set_option(ldap.OPT_DEBUG_LEVEL, 255)
+ ldap.set_option(ldap.OPT_X_TLS_DEMAND, True)
+ ldap.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND)
+ ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,
+ self.mdict['pki_ds_secure_connection_ca_pem_file'])
+ ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
else:
protocol = 'ldap'
port = self.mdict['pki_ds_ldap_port']
@@ -774,6 +780,8 @@ class PKIConfigParser:
"-->"
self.mdict['PKI_CLOSE_SEPARATE_PORTS_WEB_COMMENT_SLOT'] = \
"-->"
+ self.mdict['PKI_DS_SECURE_CONNECTION_SLOT'] = \
+ self.mdict['pki_ds_secure_connection'].lower()
self.mdict['PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT'] = \
self.mdict['pki_https_port']
self.mdict\
generated by cgit (git 2.34.1) at 2024-09-23 16:15:23 +0000