From 5e2ff023f4101fc8953ba865d41bdbcfa74024cc Mon Sep 17 00:00:00 2001
From: Julian Rother <julian@cccv.de>
Date: Sun, 12 Dec 2021 03:00:35 +0100
Subject: [PATCH] ldap-sync: Added support for unencrypted LDAP

---
 files/gitlab-ldap-sync.py | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/files/gitlab-ldap-sync.py b/files/gitlab-ldap-sync.py
index 8f8c0fc..e3b3f47 100644
--- a/files/gitlab-ldap-sync.py
+++ b/files/gitlab-ldap-sync.py
@@ -42,9 +42,14 @@ import ldap3
 import gitlab
 from systemd.journal import JournalHandler
 
-def connect_ldap(host, port, ca_file, bind_dn, bind_passwd):
-	tls = ldap3.Tls(validate=ssl.CERT_REQUIRED, ca_certs_file=ca_file)
-	server = ldap3.Server(host, port=port, use_ssl=True, get_info=ldap3.ALL, tls=tls)
+def connect_ldap(host, port, encryption, ca_file, bind_dn, bind_passwd):
+	if encryption == 'simple_tls':
+		tls = ldap3.Tls(validate=ssl.CERT_REQUIRED, ca_certs_file=ca_file)
+		server = ldap3.Server(host, port=port, use_ssl=True, get_info=ldap3.ALL, tls=tls)
+	elif encryption == 'plain':
+		server = ldap3.Server(host, port=port, get_info=ldap3.ALL)
+	else:
+		raise Exception('Invalid encryption parameter "{}"'.format(encryption))
 	conn = ldap3.Connection(server, bind_dn, bind_passwd, auto_bind=True)
 	old_search = conn.search
 	def search(*args, **kwargs):
@@ -166,7 +171,8 @@ def main(config_path, dry_run=True):
 	config = load_config(config_path)
 	gl = gitlab.Gitlab(config['ldap_sync']['api_url'], config['ldap_sync']['api_token'], ssl_verify=True)
 	conn = connect_ldap(host=config['ldap']['main']['host'], port=config['ldap']['main']['port'],
-	                    ca_file=config['ldap']['main']['ca_file'],
+	                    encryption=config['ldap']['main']['encryption'],
+	                    ca_file=config['ldap']['main'].get('ca_file'),
 	                    bind_dn=config['ldap']['main']['bind_dn'],
 	                    bind_passwd=config['ldap']['main']['password'])
 	logging.info('Starting user synchronization')
-- 
GitLab