diff options
author | David Hill <dhill@redhat.com> | 2022-03-15 12:21:05 -0400 |
---|---|---|
committer | Pete Zaitcev <zaitcev@kotori.zaitcev.us> | 2023-03-21 23:11:09 -0500 |
commit | f66a7d11b5ad6c6b9b155408863f5de82bb2d973 (patch) | |
tree | 5f4aafd9bc84c12d9797b3b3ba53234e5ccad6cf | |
parent | 433f541b970981d09c0917588b14eea293ea50dd (diff) | |
download | keystone-f66a7d11b5ad6c6b9b155408863f5de82bb2d973.tar.gz |
Print a human readable error if tls certs are not provided
Print a human readable error if tls certs are not provided when using
ldaps:// or use_tls and not providing CA certificates.
Change-Id: I5d3613617278443673a265259351a2e1d5dc7f44
-rw-r--r-- | keystone/identity/backends/ldap/common.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/keystone/identity/backends/ldap/common.py b/keystone/identity/backends/ldap/common.py index 1033a4efd..e1399ec6a 100644 --- a/keystone/identity/backends/ldap/common.py +++ b/keystone/identity/backends/ldap/common.py @@ -603,6 +603,11 @@ def _common_ldap_initialization(url, use_tls=False, tls_cacertfile=None, if not ldap.TLS_AVAIL: raise ValueError(_('Invalid LDAP TLS_AVAIL option: %s. TLS ' 'not available') % ldap.TLS_AVAIL) + if not tls_cacertfile and not tls_cacertdir: + raise ValueError(_('You need to set tls_cacertfile or ' + 'tls_cacertdir if use_tls is true or ' + 'url uses ldaps: scheme.')) + if tls_cacertfile: # NOTE(topol) # python ldap TLS does not verify CACERTFILE or CACERTDIR |