exception when using LDAP over SSL on some distros
Message-ID: <5b895a66.QwoCcTjISYNP8aqa%lm(a)mathias-kettner.de>
User-Agent: Heirloom mailx 12.5 6/20/10
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Module: check_mk
Branch: master
Commit: 43fe038a43feb1b15b8c38067f45611a12cabd64
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=43fe038a43feb1…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Fri Aug 31 16:06:39 2018 +0200
6526 FIX LDAP: Fixed another "ValueError: option error" exception when using
LDAP over SSL on some distros
This addition to werk #6424 fixes another case where ValueErrors could occur while setting
up LDAP connections
over SSL.
Change-Id: Ia41d687def304d64094ffa6aff8c8f4d9b1dc9a5
---
.werks/6526 | 12 ++++++++++++
cmk/gui/plugins/userdb/ldap_connector.py | 10 +++++++++-
2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/.werks/6526 b/.werks/6526
new file mode 100644
index 0000000..f51598a
--- /dev/null
+++ b/.werks/6526
@@ -0,0 +1,12 @@
+Title: LDAP: Fixed another "ValueError: option error" exception when using LDAP
over SSL on some distros
+Level: 1
+Component: multisite
+Class: fix
+Compatible: compat
+Edition: cre
+State: unknown
+Version: 1.6.0i1
+Date: 1535725756
+
+This addition to werk #6424 fixes another case where ValueErrors could occur while
setting up LDAP connections
+over SSL.
diff --git a/cmk/gui/plugins/userdb/ldap_connector.py
b/cmk/gui/plugins/userdb/ldap_connector.py
index bed2629..5e7c836 100644
--- a/cmk/gui/plugins/userdb/ldap_connector.py
+++ b/cmk/gui/plugins/userdb/ldap_connector.py
@@ -237,7 +237,15 @@ class LDAPUserConnector(UserConnector):
conn.set_option(ldap.OPT_X_TLS_CACERTFILE,
"%s/var/ssl/ca-certificates.crt" %
cmk.paths.omd_root)
- conn.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
+ # Caused trouble on older systems or systems with some special
configuration or set of
+ # libraries. For example we saw a Ubuntu 17.10 system with libldap
2.4.45+dfsg-1ubuntu1 and
+ # libgnutls30 3.5.8-6ubuntu3 raising "ValueError: option error"
while another system with
+ # the exact same liraries did not. Try to do this on systems that support
this call and ignore
+ # the errors on other systems.
+ try:
+ conn.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
+ except ValueError:
+ pass
self.default_bind(conn)
return conn, None