ldapi support.

Support for using ldapi Unix socket connections. Build the connection URI differently to suit. Added a new configuration option for specifying the path to the socket. Don't mandate username and password if using ldapi. Signed-off-by: Adar Nimrod <nimrod@shore.co.il>

ldapi support.
f1876a04 · nimrod · 9bfb036d · f1876a04 · f1876a04
Commit f1876a04 authored 4 years ago by nimrod
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -60,6 +60,8 @@ directives:
 ``LDAP_PORT``                      The port number of your LDAP server. Default: 389.
 ``LDAP_SCHEMA``                    The LDAP schema to use between 'ldap' and 'ldaps'.
                                   Default: 'ldap'.
+``LDAP_SOCKET_PATH``               If ``LDAP_SCHEMA`` is set to `ldapi`, the
+                                   path to the Unix socket path. Default: `/`.
 ``LDAP_USERNAME``                  **Required**: The user name used to bind.
 ``LDAP_PASSWORD``                  **Required**: The password used to bind.
 ``LDAP_TIMEOUT``                   How long (seconds) a connection can take to be opened

--- a/flask_simpleldap/__init__.py
+++ b/flask_simpleldap/__init__.py
@@ -34,6 +34,7 @@ class LDAP(object):
        app.config.setdefault("LDAP_HOST", "localhost")
        app.config.setdefault("LDAP_PORT", 389)
        app.config.setdefault("LDAP_SCHEMA", "ldap")
+        app.config.setdefault("LDAP_SOCKET_PATH", "/")
        app.config.setdefault("LDAP_USERNAME", None)
        app.config.setdefault("LDAP_PASSWORD", None)
        app.config.setdefault("LDAP_TIMEOUT", 10)
@@ -68,7 +69,11 @@ class LDAP(object):
            ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
            ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, app.config["LDAP_CERT_PATH"])

-        for option in ["USERNAME", "PASSWORD", "BASE_DN"]:
+        if app.config["LDAP_BASE_DN"] is None:
+            raise LDAPException("LDAP_BASE_DN cannot be None!")
+
+        if app.config["LDAP_SCHEMA"] != "ldapi":
+            for option in ["USERNAME", "PASSWORD"]:
                if app.config["LDAP_{0}".format(option)] is None:
                    raise LDAPException("LDAP_{0} cannot be None!".format(option))

@@ -88,13 +93,18 @@ class LDAP(object):
        """

        try:
-            conn = ldap.initialize(
-                "{0}://{1}:{2}".format(
+            if current_app.config["LDAP_SCHEMA"] == "ldapi":
+                uri = "{0}://{1}".format(
+                    current_app.config["LDAP_SCHEMA"],
+                    current_app.config["LDAP_SOCKET_PATH"],
+                )
+            else:
+                uri = "{0}://{1}:{2}".format(
                    current_app.config["LDAP_SCHEMA"],
                    current_app.config["LDAP_HOST"],
                    current_app.config["LDAP_PORT"],
                )
-            )
+            conn = ldap.initialize(uri)
            conn.set_option(
                ldap.OPT_NETWORK_TIMEOUT, current_app.config["LDAP_TIMEOUT"]
            )