diff options
| author | Zuul <zuul@review.opendev.org> | 2023-05-04 23:03:41 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2023-05-04 23:03:41 +0000 |
| commit | 1d58835d3e388363af9458bb4a145a9472a22e7b (patch) | |
| tree | 21d61a6356829c4b7d714b904a4246b94d5b57be | |
| parent | 2bde395ac4111ddaae40ed8b63c83227a4a0b5a8 (diff) | |
| parent | f66a7d11b5ad6c6b9b155408863f5de82bb2d973 (diff) | |
| download | keystone-1d58835d3e388363af9458bb4a145a9472a22e7b.tar.gz | |
Merge "Print a human readable error if tls certs are not provided"
| -rw-r--r-- | keystone/identity/backends/ldap/common.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/keystone/identity/backends/ldap/common.py b/keystone/identity/backends/ldap/common.py index d9c07fd87..7a366ef01 100644 --- a/keystone/identity/backends/ldap/common.py +++ b/keystone/identity/backends/ldap/common.py @@ -603,6 +603,11 @@ def _common_ldap_initialization(url, use_tls=False, tls_cacertfile=None, if not ldap.TLS_AVAIL: raise ValueError(_('Invalid LDAP TLS_AVAIL option: %s. TLS ' 'not available') % ldap.TLS_AVAIL) + if not tls_cacertfile and not tls_cacertdir: + raise ValueError(_('You need to set tls_cacertfile or ' + 'tls_cacertdir if use_tls is true or ' + 'url uses ldaps: scheme.')) + if tls_cacertfile: # NOTE(topol) # python ldap TLS does not verify CACERTFILE or CACERTDIR |