Invalid tls_req_cert constant as default

There are several occurances where the argument default of tls_req_cert is set to 'demand'. This is an invalid option for the function _common_ldap_initialization, which expects one of the values of the dict LDAP_TLS_CERTS, not a key. If tls_req_cert='demand' is given to _common_ldap_initialization, you'll get: "LDAP TLS: invalid TLS_REQUIRE_CERT Option=demand" Change-Id: I2da2c041bac25ca7ebab8c32b464164279a6bd69
2016-07-26 11:59:27 -07:00 · 2016-07-26 11:59:27 -07:00 · 6ab44443d4
parent 8a669fabad
commit 6ab44443d4
1 changed files with 14 additions and 14 deletions
--- a/keystone/identity/backends/ldap/common.py
+++ b/keystone/identity/backends/ldap/common.py
@ -429,10 +429,10 @@ class LDAPHandler(object):
    @abc.abstractmethod
    def connect(self, url, page_size=0, alias_dereferencing=None,
                use_tls=False, tls_cacertfile=None, tls_cacertdir=None,
-                tls_req_cert='demand', chase_referrals=None, debug_level=None,
-                use_pool=None, pool_size=None, pool_retry_max=None,
-                pool_retry_delay=None, pool_conn_timeout=None,
-                pool_conn_lifetime=None):
+                tls_req_cert=ldap.OPT_X_TLS_DEMAND, chase_referrals=None,
+                debug_level=None, use_pool=None, pool_size=None,
+                pool_retry_max=None, pool_retry_delay=None,
+                pool_conn_timeout=None, pool_conn_lifetime=None):
        raise exception.NotImplemented()  # pragma: no cover

    @abc.abstractmethod
@ -500,10 +500,10 @@ class PythonLDAPHandler(LDAPHandler):

    def connect(self, url, page_size=0, alias_dereferencing=None,
                use_tls=False, tls_cacertfile=None, tls_cacertdir=None,
-                tls_req_cert='demand', chase_referrals=None, debug_level=None,
-                use_pool=None, pool_size=None, pool_retry_max=None,
-                pool_retry_delay=None, pool_conn_timeout=None,
-                pool_conn_lifetime=None):
+                tls_req_cert=ldap.OPT_X_TLS_DEMAND, chase_referrals=None,
+                debug_level=None, use_pool=None, pool_size=None,
+                pool_retry_max=None, pool_retry_delay=None,
+                pool_conn_timeout=None, pool_conn_lifetime=None):

        _common_ldap_initialization(url=url,
                                    use_tls=use_tls,
@ -687,10 +687,10 @@ class PooledLDAPHandler(LDAPHandler):

    def connect(self, url, page_size=0, alias_dereferencing=None,
                use_tls=False, tls_cacertfile=None, tls_cacertdir=None,
-                tls_req_cert='demand', chase_referrals=None, debug_level=None,
-                use_pool=None, pool_size=None, pool_retry_max=None,
-                pool_retry_delay=None, pool_conn_timeout=None,
-                pool_conn_lifetime=None):
+                tls_req_cert=ldap.OPT_X_TLS_DEMAND, chase_referrals=None,
+                debug_level=None, use_pool=None, pool_size=None,
+                pool_retry_max=None, pool_retry_delay=None,
+                pool_conn_timeout=None, pool_conn_lifetime=None):

        _common_ldap_initialization(url=url,
                                    use_tls=use_tls,
@ -877,8 +877,8 @@ class KeystoneLDAPHandler(LDAPHandler):

    def connect(self, url, page_size=0, alias_dereferencing=None,
                use_tls=False, tls_cacertfile=None, tls_cacertdir=None,
-                tls_req_cert='demand', chase_referrals=None, debug_level=None,
-                use_pool=None, pool_size=None,
+                tls_req_cert=ldap.OPT_X_TLS_DEMAND, chase_referrals=None,
+                debug_level=None, use_pool=None, pool_size=None,
                pool_retry_max=None, pool_retry_delay=None,
                pool_conn_timeout=None, pool_conn_lifetime=None):
        self.page_size = page_size