From 7567c9fde0ecfa0fa3bebb11b52706e582a5f85e Mon Sep 17 00:00:00 2001
From: Fredrik Falk <fredrik@falk-net.se>
Date: Thu, 13 Jun 2024 15:09:25 +0200
Subject: [PATCH] Add additional Tls/SSL arguments

---
 README.rst                  | 12 ++++++++++++
 django_python3_ldap/conf.py | 20 ++++++++++++++++++++
 django_python3_ldap/ldap.py |  5 ++++-
 3 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/README.rst b/README.rst
index 5b5e334..e76bfb9 100644
--- a/README.rst
+++ b/README.rst
@@ -41,6 +41,12 @@ Available settings
     import ssl
     LDAP_AUTH_TLS_VERSION = ssl.PROTOCOL_TLSv1_2
 
+    # Specify which TLS ciphers to use
+    LDAP_AUTH_TLS_VERSION = "ALL"
+
+    # Unspecified Tls keyword arguments applied to the connection on the underlying Ldap3 library.
+    LDAP_AUTH_TLS_ARGS = {}
+
     # The LDAP search base for looking up users.
     LDAP_AUTH_SEARCH_BASE = "ou=people,dc=example,dc=com"
 
@@ -90,10 +96,16 @@ Available settings
     LDAP_AUTH_CONNECTION_USERNAME = None
     LDAP_AUTH_CONNECTION_PASSWORD = None
 
+    # Use SSL on the connection
+    LDAP_AUTH_CONNECT_USE_SSL
+
     # Set connection/receive timeouts (in seconds) on the underlying `ldap3` library.
     LDAP_AUTH_CONNECT_TIMEOUT = None
     LDAP_AUTH_RECEIVE_TIMEOUT = None
 
+    # Unspecified keyword arguments to apply to the connection in the underlying ldap3 library.
+    LDAP_AUTH_CONNECT_ARGS = {}
+
 
 Microsoft Active Directory support
 ----------------------------------
diff --git a/django_python3_ldap/conf.py b/django_python3_ldap/conf.py
index f598759..b30d7b8 100644
--- a/django_python3_ldap/conf.py
+++ b/django_python3_ldap/conf.py
@@ -44,11 +44,21 @@ def __init__(self, settings):
         default=False,
     )
 
+    LDAP_AUTH_TLS_CIPHERS = LazySetting(
+        name="LDAP_AUTH_TLS_CIPHERS",
+        default="ALL",
+    )
+
     LDAP_AUTH_TLS_VERSION = LazySetting(
         name="LDAP_AUTH_TLS_VERSION",
         default=PROTOCOL_TLS,
     )
 
+    LDAP_AUTH_TLS_ARGS = LazySetting(
+        name="LDAP_AUTH_TLS_ARGS",
+        default={},
+    )
+
     LDAP_AUTH_SEARCH_BASE = LazySetting(
         name="LDAP_AUTH_SEARCH_BASE",
         default="ou=people,dc=example,dc=com",
@@ -126,6 +136,16 @@ def __init__(self, settings):
         default=None,
     )
 
+    LDAP_AUTH_CONNECT_ARGS = LazySetting(
+        name="LDAP_AUTH_CONNECT_ARGS",
+        default={},
+    )
+
+    LDAP_AUTH_CONNECT_USE_SSL = LazySetting(
+        name="LDAP_AUTH_CONNECT_USE_SSL",
+        default=False,
+    )
+
     LDAP_AUTH_CONNECT_TIMEOUT = LazySetting(
         name="LDAP_AUTH_CONNECT_TIMEOUT",
         default=None
diff --git a/django_python3_ldap/ldap.py b/django_python3_ldap/ldap.py
index 922e0cd..ec4a0d5 100644
--- a/django_python3_ldap/ldap.py
+++ b/django_python3_ldap/ldap.py
@@ -172,11 +172,14 @@ def connection(**kwargs):
             "allowed_referral_hosts": [("*", True)],
             "get_info": ldap3.NONE,
             "connect_timeout": settings.LDAP_AUTH_CONNECT_TIMEOUT,
+            "use_ssl": settings.LDAP_AUTH_CONNECT_USE_SSL,
+            **settings.LDAP_AUTH_CONNECT_ARGS
         }
         if settings.LDAP_AUTH_USE_TLS:
             server_args["tls"] = ldap3.Tls(
-                ciphers="ALL",
+                ciphers=settings.LDAP_AUTH_TLS_CIPHERS,
                 version=settings.LDAP_AUTH_TLS_VERSION,
+                **settings.LDAP_AUTH_TLS_ARGS
             )
         server_pool.add(
             ldap3.Server(