Add -T/--starttls parameters to permit to STARTTLS on LDAP connections
Benjamin Renard commited on 2016-11-04 18:00:42
Showing 1 changed files, with 12 additions and 2 deletions.
- check_syncrepl_extended 5f65785..ed30636
| ... | ... |
@@ -59,6 +59,12 @@ parser.add_option( "-c", "--consumer", |
| 59 | 59 |
type='string', |
| 60 | 60 |
help="LDAP consumer URI (example : ldaps://ldapslave.foo:636)") |
| 61 | 61 |
|
| 62 |
+parser.add_option( "-T", "--starttls", |
|
| 63 |
+ dest="starttls", |
|
| 64 |
+ action="store_true", |
|
| 65 |
+ help="Start TLS on LDAP provider/consumers connections", |
|
| 66 |
+ default=False) |
|
| 67 |
+ |
|
| 62 | 68 |
parser.add_option( "-D", "--dn", |
| 63 | 69 |
dest="dn", |
| 64 | 70 |
action="store", |
| ... | ... |
@@ -181,19 +187,23 @@ class LdapServer(object): |
| 181 | 187 |
uri = "" |
| 182 | 188 |
dn = "" |
| 183 | 189 |
pwd = "" |
| 190 |
+ start_tls = False |
|
| 184 | 191 |
|
| 185 | 192 |
con = 0 |
| 186 | 193 |
|
| 187 |
- def __init__(self,uri,dn,pwd): |
|
| 194 |
+ def __init__(self,uri,dn,pwd, start_tls=False): |
|
| 188 | 195 |
self.uri = uri |
| 189 | 196 |
self.dn = dn |
| 190 | 197 |
self.pwd = pwd |
| 198 |
+ self.start_tls = start_tls |
|
| 191 | 199 |
|
| 192 | 200 |
def connect(self): |
| 193 | 201 |
if self.con == 0: |
| 194 | 202 |
try: |
| 195 | 203 |
con = ldap.initialize(self.uri) |
| 196 | 204 |
con.protocol_version = ldap.VERSION3 |
| 205 |
+ if self.start_tls: |
|
| 206 |
+ con.start_tls_s() |
|
| 197 | 207 |
if self.dn: |
| 198 | 208 |
con.simple_bind_s(self.dn,self.pwd) |
| 199 | 209 |
self.con = con |
| ... | ... |
@@ -265,7 +275,7 @@ LdapServersCSN={}
|
| 265 | 275 |
|
| 266 | 276 |
for srv in servers: |
| 267 | 277 |
logging.info('Connect to %s' % srv)
|
| 268 |
- LdapServers[srv]=LdapServer(srv,options.dn,options.pwd) |
|
| 278 |
+ LdapServers[srv]=LdapServer(srv,options.dn,options.pwd,options.starttls) |
|
| 269 | 279 |
|
| 270 | 280 |
if not LdapServers[srv].connect(): |
| 271 | 281 |
if options.nagios: |
| 272 | 282 |