0001-ldap-support-trailing-slash-on-tls-errors-58149.patch
src/authentic2/backends/ldap_backend.py | ||
---|---|---|
1788 | 1788 |
return False, 'timeout' |
1789 | 1789 |
except ldap.SERVER_DOWN: |
1790 | 1790 |
if block['use_tls']: |
1791 |
url = block['url'] |
|
1792 |
if url and isinstance(url, (list, tuple)): |
|
1793 |
url = url[0] |
|
1794 |
hostname = url.split('://')[-1] |
|
1795 |
port = 636 |
|
1796 |
if ':' in hostname: |
|
1797 |
hostname, port = hostname.split(':') |
|
1791 |
url = urllib.parse.urlparse(ldap_uri) |
|
1792 |
hostname = url.hostname |
|
1793 |
port = url.port or 636 |
|
1798 | 1794 |
context = ssl.create_default_context() |
1799 | 1795 |
try: |
1800 | 1796 |
with socket.create_connection((hostname, port), timeout=2) as sock: |
tests/test_ldap.py | ||
---|---|---|
1116 | 1116 |
assert force_bytes('name="username"') not in result.content |
1117 | 1117 | |
1118 | 1118 | |
1119 |
def test_tls_connect_on_ldap_errors(db, tls_slapd, settings, client, caplog): |
|
1119 |
@pytest.mark.parametrize('trailing_slash', ('', '/')) |
|
1120 |
def test_tls_connect_on_ldap_errors(db, tls_slapd, settings, client, caplog, trailing_slash): |
|
1120 | 1121 |
conn = tls_slapd.get_connection_admin() |
1121 | 1122 |
conn.modify_s( |
1122 | 1123 |
'cn=config', |
... | ... | |
1129 | 1130 | |
1130 | 1131 |
settings.LDAP_AUTH_SETTINGS = [ |
1131 | 1132 |
{ |
1132 |
'url': [tls_slapd.ldap_url], |
|
1133 |
'url': [tls_slapd.ldap_url + trailing_slash],
|
|
1133 | 1134 |
'basedn': 'o=ôrga', |
1134 | 1135 |
'use_tls': True, |
1135 | 1136 |
'cacertfile': cert_file, |
1136 |
- |