Print a human readable error if tls certs are not provided

Print a human readable error if tls certs are not provided when using ldaps:// or use_tls and not providing CA certificates. Change-Id: I5d3613617278443673a265259351a2e1d5dc7f44
2022-03-15 12:21:05 -04:00 · 2022-03-15 12:21:05 -04:00 · f66a7d11b5
parent 433f541b97
commit f66a7d11b5
1 changed files with 5 additions and 0 deletions
--- a/keystone/identity/backends/ldap/common.py
+++ b/keystone/identity/backends/ldap/common.py
@ -603,6 +603,11 @@ def _common_ldap_initialization(url, use_tls=False, tls_cacertfile=None,
        if not ldap.TLS_AVAIL:
            raise ValueError(_('Invalid LDAP TLS_AVAIL option: %s. TLS '
                               'not available') % ldap.TLS_AVAIL)
+        if not tls_cacertfile and not tls_cacertdir:
+            raise ValueError(_('You need to set tls_cacertfile or '
+                               'tls_cacertdir if use_tls is true or '
+                               'url uses ldaps: scheme.'))
+
        if tls_cacertfile:
            # NOTE(topol)
            # python ldap TLS does not verify CACERTFILE or CACERTDIR