Skip to content

Commit

Permalink
fix a bug that causes LDAP TLS connection flags to not be set properly
Browse files Browse the repository at this point in the history
co-authored-by: Jim Ladd <[email protected]>
  • Loading branch information
ryanpetrello and Jim Ladd committed Jun 29, 2019
1 parent d438a93 commit caf1f3e
Showing 1 changed file with 15 additions and 0 deletions.
15 changes: 15 additions & 0 deletions awx/sso/backends.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
# All Rights Reserved.

# Python
from collections import OrderedDict
import logging
import uuid

Expand Down Expand Up @@ -54,6 +55,20 @@ def __init__(self, prefix='AUTH_LDAP_', defaults={}):
options[ldap.OPT_NETWORK_TIMEOUT] = 30
self.CONNECTION_OPTIONS = options

# when specifying `.set_option()` calls for TLS in python-ldap, the
# *order* in which you invoke them *matters*, particularly in Python3,
# where dictionary insertion order is persisted
#
# specifically, it is *critical* that `ldap.OPT_X_TLS_NEWCTX` be set *last*
# this manual sorting puts `OPT_X_TLS_NEWCTX` *after* other TLS-related
# options (because their openldap keys are < `ldap.OPT_X_TLS_NEWCTX`
#
# see: https://github.com/python-ldap/python-ldap/issues/55
newctx_option = self.CONNECTION_OPTIONS.pop(ldap.OPT_X_TLS_NEWCTX, None)
self.CONNECTION_OPTIONS = OrderedDict(self.CONNECTION_OPTIONS)
if newctx_option:
self.CONNECTION_OPTIONS[ldap.OPT_X_TLS_NEWCTX] = newctx_option


class LDAPBackend(BaseLDAPBackend):
'''
Expand Down

0 comments on commit caf1f3e

Please sign in to comment.