Merge "Print a human readable error if tls certs are not provided"

2023-05-04 23:03:41 +00:00 · 2023-05-04 23:03:41 +00:00 · 1d58835d3e
parent 2bde395ac4 f66a7d11b5
commit 1d58835d3e
1 changed files with 5 additions and 0 deletions
--- a/keystone/identity/backends/ldap/common.py
+++ b/keystone/identity/backends/ldap/common.py
@ -603,6 +603,11 @@ def _common_ldap_initialization(url, use_tls=False, tls_cacertfile=None,
        if not ldap.TLS_AVAIL:
            raise ValueError(_('Invalid LDAP TLS_AVAIL option: %s. TLS '
                               'not available') % ldap.TLS_AVAIL)
+        if not tls_cacertfile and not tls_cacertdir:
+            raise ValueError(_('You need to set tls_cacertfile or '
+                               'tls_cacertdir if use_tls is true or '
+                               'url uses ldaps: scheme.'))
+
        if tls_cacertfile:
            # NOTE(topol)
            # python ldap TLS does not verify CACERTFILE or CACERTDIR