search

noirello / bonsai

Simple Python 3 module for LDAP, using libldap2 and winldap C libraries.
MIT License
117 stars 33 forks source link

Cannot use tls #28

Closed garyvdm closed 5 years ago

garyvdm commented 5 years ago

Not sure if I'm doing something wrong or this is a bug. I can't get tls turned on with LDAPClient.

>>> from bonsai import LDAPClient
>>> LDAPClient('ldaps://localhost').tls
False
>>> LDAPClient('ldaps://localhost', tls=True).tls
False

This is with bonsai==1.1.0

noirello commented 5 years ago

Well, took a few minutes even for me to figure out what's happing here. I'm guessing you also solved it, but for anyone who'll stumble across on this issue in the future:

You cannot use ldaps protocol with the ldap_start_tls extension (which means setting the tls parameter to True). It would raise error, thus the module implicitly turns of the ldap_start_tls (changes the tls param to False), when the url starts with the ldaps scheme.

An explicit error message might be better, but I think it's an edge case and the current mechanism is what the user usually wants.