TLS context
Jacek Konieczny
jajcus at bnet.pl
Mon Nov 12 11:16:06 CET 2001
On Sun, Nov 11, 2001 at 03:20:06PM +0100, Michael Ströder wrote:
> > I have not yet checked if TLS options all global or connection-specific.
>
> I would assume that TLS/SSL options are connection-specific since
> you might have different trusted root CA certs, etc.
I have checked this and it turned out, that mose TLS options are global,
and cannot be set per LDAPObject.
To support global options (which can eventualy be available as object
options) I have moved part of setattr and getattr of LDAPObject to other
functions, which can also be used without object for setting global
options.
Here is (working) fragment of python-ldap program:
import ldap
ldap.set_option("tls_require_cert",1)
ldap.set_option("tls_cacertfile","my_cacerts.pem")
l=ldap.initialize("https://some.ldap.server")
l.tls=ldap.TLS_HARD
l.bind("","")
Should I commit the changes (as soon as I polish them a bit more)?
And is there any way to make it work like this?:
ldap.tls_require_cert=1
It is easy for object (that is the way it is done for LDAPObject), but
is there any way to implement this in module?
And one more thing:
Do we really need suport for OpenLDAP < 2.x?
Now python-ldap compiled with OpenLDAP1 and python-ldap compiled with
OpenLDAP2 are so different as they are different modules. And the code
is quite hard to maintain.
It was long time ago, when OpenLDAP2 was experimental.
Greets,
Jacek
More information about the python-ldap
mailing list