From 5e2ff023f4101fc8953ba865d41bdbcfa74024cc Mon Sep 17 00:00:00 2001 From: Julian Rother <julian@cccv.de> Date: Sun, 12 Dec 2021 03:00:35 +0100 Subject: [PATCH] ldap-sync: Added support for unencrypted LDAP --- files/gitlab-ldap-sync.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/files/gitlab-ldap-sync.py b/files/gitlab-ldap-sync.py index 8f8c0fc..e3b3f47 100644 --- a/files/gitlab-ldap-sync.py +++ b/files/gitlab-ldap-sync.py @@ -42,9 +42,14 @@ import ldap3 import gitlab from systemd.journal import JournalHandler -def connect_ldap(host, port, ca_file, bind_dn, bind_passwd): - tls = ldap3.Tls(validate=ssl.CERT_REQUIRED, ca_certs_file=ca_file) - server = ldap3.Server(host, port=port, use_ssl=True, get_info=ldap3.ALL, tls=tls) +def connect_ldap(host, port, encryption, ca_file, bind_dn, bind_passwd): + if encryption == 'simple_tls': + tls = ldap3.Tls(validate=ssl.CERT_REQUIRED, ca_certs_file=ca_file) + server = ldap3.Server(host, port=port, use_ssl=True, get_info=ldap3.ALL, tls=tls) + elif encryption == 'plain': + server = ldap3.Server(host, port=port, get_info=ldap3.ALL) + else: + raise Exception('Invalid encryption parameter "{}"'.format(encryption)) conn = ldap3.Connection(server, bind_dn, bind_passwd, auto_bind=True) old_search = conn.search def search(*args, **kwargs): @@ -166,7 +171,8 @@ def main(config_path, dry_run=True): config = load_config(config_path) gl = gitlab.Gitlab(config['ldap_sync']['api_url'], config['ldap_sync']['api_token'], ssl_verify=True) conn = connect_ldap(host=config['ldap']['main']['host'], port=config['ldap']['main']['port'], - ca_file=config['ldap']['main']['ca_file'], + encryption=config['ldap']['main']['encryption'], + ca_file=config['ldap']['main'].get('ca_file'), bind_dn=config['ldap']['main']['bind_dn'], bind_passwd=config['ldap']['main']['password']) logging.info('Starting user synchronization') -- GitLab