From 7567c9fde0ecfa0fa3bebb11b52706e582a5f85e Mon Sep 17 00:00:00 2001
From: Fredrik Falk <fredrik@falk-net.se>
Date: Thu, 13 Jun 2024 15:09:25 +0200
Subject: [PATCH 1/6] Add additional Tls/SSL arguments

---
 README.rst                  | 12 ++++++++++++
 django_python3_ldap/conf.py | 20 ++++++++++++++++++++
 django_python3_ldap/ldap.py |  5 ++++-
 3 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/README.rst b/README.rst
index 5b5e334..e76bfb9 100644
--- a/README.rst
+++ b/README.rst
@@ -41,6 +41,12 @@ Available settings
     import ssl
     LDAP_AUTH_TLS_VERSION = ssl.PROTOCOL_TLSv1_2
 
+    # Specify which TLS ciphers to use
+    LDAP_AUTH_TLS_VERSION = "ALL"
+
+    # Unspecified Tls keyword arguments applied to the connection on the underlying Ldap3 library.
+    LDAP_AUTH_TLS_ARGS = {}
+
     # The LDAP search base for looking up users.
     LDAP_AUTH_SEARCH_BASE = "ou=people,dc=example,dc=com"
 
@@ -90,10 +96,16 @@ Available settings
     LDAP_AUTH_CONNECTION_USERNAME = None
     LDAP_AUTH_CONNECTION_PASSWORD = None
 
+    # Use SSL on the connection
+    LDAP_AUTH_CONNECT_USE_SSL
+
     # Set connection/receive timeouts (in seconds) on the underlying `ldap3` library.
     LDAP_AUTH_CONNECT_TIMEOUT = None
     LDAP_AUTH_RECEIVE_TIMEOUT = None
 
+    # Unspecified keyword arguments to apply to the connection in the underlying ldap3 library.
+    LDAP_AUTH_CONNECT_ARGS = {}
+
 
 Microsoft Active Directory support
 ----------------------------------
diff --git a/django_python3_ldap/conf.py b/django_python3_ldap/conf.py
index f598759..b30d7b8 100644
--- a/django_python3_ldap/conf.py
+++ b/django_python3_ldap/conf.py
@@ -44,11 +44,21 @@ def __init__(self, settings):
         default=False,
     )
 
+    LDAP_AUTH_TLS_CIPHERS = LazySetting(
+        name="LDAP_AUTH_TLS_CIPHERS",
+        default="ALL",
+    )
+
     LDAP_AUTH_TLS_VERSION = LazySetting(
         name="LDAP_AUTH_TLS_VERSION",
         default=PROTOCOL_TLS,
     )
 
+    LDAP_AUTH_TLS_ARGS = LazySetting(
+        name="LDAP_AUTH_TLS_ARGS",
+        default={},
+    )
+
     LDAP_AUTH_SEARCH_BASE = LazySetting(
         name="LDAP_AUTH_SEARCH_BASE",
         default="ou=people,dc=example,dc=com",
@@ -126,6 +136,16 @@ def __init__(self, settings):
         default=None,
     )
 
+    LDAP_AUTH_CONNECT_ARGS = LazySetting(
+        name="LDAP_AUTH_CONNECT_ARGS",
+        default={},
+    )
+
+    LDAP_AUTH_CONNECT_USE_SSL = LazySetting(
+        name="LDAP_AUTH_CONNECT_USE_SSL",
+        default=False,
+    )
+
     LDAP_AUTH_CONNECT_TIMEOUT = LazySetting(
         name="LDAP_AUTH_CONNECT_TIMEOUT",
         default=None
diff --git a/django_python3_ldap/ldap.py b/django_python3_ldap/ldap.py
index 922e0cd..ec4a0d5 100644
--- a/django_python3_ldap/ldap.py
+++ b/django_python3_ldap/ldap.py
@@ -172,11 +172,14 @@ def connection(**kwargs):
             "allowed_referral_hosts": [("*", True)],
             "get_info": ldap3.NONE,
             "connect_timeout": settings.LDAP_AUTH_CONNECT_TIMEOUT,
+            "use_ssl": settings.LDAP_AUTH_CONNECT_USE_SSL,
+            **settings.LDAP_AUTH_CONNECT_ARGS
         }
         if settings.LDAP_AUTH_USE_TLS:
             server_args["tls"] = ldap3.Tls(
-                ciphers="ALL",
+                ciphers=settings.LDAP_AUTH_TLS_CIPHERS,
                 version=settings.LDAP_AUTH_TLS_VERSION,
+                **settings.LDAP_AUTH_TLS_ARGS
             )
         server_pool.add(
             ldap3.Server(

From 9bcf9f22dba279602c9820024bcaa97d00645775 Mon Sep 17 00:00:00 2001
From: Fredrik Falk <fredrik@falk-net.se>
Date: Sat, 15 Jun 2024 15:24:12 +0200
Subject: [PATCH 2/6] Update README.rst

Co-authored-by: Dave Hall <dave@etianen.com>
---
 README.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.rst b/README.rst
index e76bfb9..4ecfc59 100644
--- a/README.rst
+++ b/README.rst
@@ -96,8 +96,8 @@ Available settings
     LDAP_AUTH_CONNECTION_USERNAME = None
     LDAP_AUTH_CONNECTION_PASSWORD = None
 
-    # Use SSL on the connection
-    LDAP_AUTH_CONNECT_USE_SSL
+    # Use SSL on the connection.
+    LDAP_AUTH_CONNECT_USE_SSL = False
 
     # Set connection/receive timeouts (in seconds) on the underlying `ldap3` library.
     LDAP_AUTH_CONNECT_TIMEOUT = None

From c65ab36d76d5a4a6e2b458885b6088ff1efe98c6 Mon Sep 17 00:00:00 2001
From: Fredrik Falk <fredrik@falk-net.se>
Date: Sat, 15 Jun 2024 15:24:18 +0200
Subject: [PATCH 3/6] Update README.rst

Co-authored-by: Dave Hall <dave@etianen.com>
---
 README.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.rst b/README.rst
index 4ecfc59..e970e72 100644
--- a/README.rst
+++ b/README.rst
@@ -41,7 +41,7 @@ Available settings
     import ssl
     LDAP_AUTH_TLS_VERSION = ssl.PROTOCOL_TLSv1_2
 
-    # Specify which TLS ciphers to use
+    # Specify which TLS ciphers to use.
     LDAP_AUTH_TLS_VERSION = "ALL"
 
     # Unspecified Tls keyword arguments applied to the connection on the underlying Ldap3 library.

From 6ce8ed8cbb1ec75bbe775be39a03c20fcc0269e9 Mon Sep 17 00:00:00 2001
From: Fredrik Falk <fredrik@falk-net.se>
Date: Sat, 15 Jun 2024 15:24:30 +0200
Subject: [PATCH 4/6] Update README.rst

Co-authored-by: Dave Hall <dave@etianen.com>
---
 README.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.rst b/README.rst
index e970e72..a018f38 100644
--- a/README.rst
+++ b/README.rst
@@ -44,7 +44,7 @@ Available settings
     # Specify which TLS ciphers to use.
     LDAP_AUTH_TLS_VERSION = "ALL"
 
-    # Unspecified Tls keyword arguments applied to the connection on the underlying Ldap3 library.
+    # Unspecified TLS keyword arguments applied to the connection on the underlying `ldap3` library.
     LDAP_AUTH_TLS_ARGS = {}
 
     # The LDAP search base for looking up users.

From af008a81ad0c5f4ee1f5af13bd8d672eaf5cecff Mon Sep 17 00:00:00 2001
From: Fredrik Falk <fredrik@falk-net.se>
Date: Sat, 15 Jun 2024 15:24:38 +0200
Subject: [PATCH 5/6] Update README.rst

Co-authored-by: Dave Hall <dave@etianen.com>
---
 README.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.rst b/README.rst
index a018f38..76bb808 100644
--- a/README.rst
+++ b/README.rst
@@ -103,7 +103,7 @@ Available settings
     LDAP_AUTH_CONNECT_TIMEOUT = None
     LDAP_AUTH_RECEIVE_TIMEOUT = None
 
-    # Unspecified keyword arguments to apply to the connection in the underlying ldap3 library.
+    # Unspecified keyword arguments to apply to the connection in the underlying `ldap3` library.
     LDAP_AUTH_CONNECT_ARGS = {}
 
 

From 162fa568ed86d4090dbbba30b9ead66454215c52 Mon Sep 17 00:00:00 2001
From: Dave Hall <dave@etianen.com>
Date: Mon, 29 Jul 2024 19:55:52 +0100
Subject: [PATCH 6/6] Update README.rst

---
 README.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.rst b/README.rst
index 1ea898a..9ec6b4e 100644
--- a/README.rst
+++ b/README.rst
@@ -42,7 +42,7 @@ Available settings
     LDAP_AUTH_TLS_VERSION = ssl.PROTOCOL_TLSv1_2
 
     # Specify which TLS ciphers to use.
-    LDAP_AUTH_TLS_VERSION = "ALL"
+    LDAP_AUTH_TLS_CIPHERS = "ALL"
 
     # Unspecified TLS keyword arguments applied to the connection on the underlying `ldap3` library.
     LDAP_AUTH_TLS_ARGS = {}