From e2be655d74b66e0f50f72fdb52038f3a787c48c8 Mon Sep 17 00:00:00 2001
From: Ozzieisaacs <ozzie.fernandez.isaacs@googlemail.com>
Date: Sun, 22 Nov 2020 08:17:00 +0100
Subject: [PATCH] Update LDAP, fix Windows AD login (#1697)

---
 cps/services/simpleldap.py | 15 ++++-----------
 1 file changed, 4 insertions(+), 11 deletions(-)

diff --git a/cps/services/simpleldap.py b/cps/services/simpleldap.py
index 4e2ce2d1..8d57dc1b 100644
--- a/cps/services/simpleldap.py
+++ b/cps/services/simpleldap.py
@@ -38,6 +38,7 @@ def init_app(app, config):
 
     app.config['LDAP_HOST'] = config.config_ldap_provider_url
     app.config['LDAP_PORT'] = config.config_ldap_port
+    app.config['LDAP_CUSTOM_OPTIONS'] = {pyLDAP.OPT_REFERRALS, 0}
     if config.config_ldap_encryption == 2:
         app.config['LDAP_SCHEMA'] = 'ldaps'
     else:
@@ -54,15 +55,13 @@ def init_app(app, config):
         app.config['LDAP_USERNAME'] = ""
         app.config['LDAP_PASSWORD'] = base64.b64decode("")
     if bool(config.config_ldap_cert_path):
-        # app.config['LDAP_REQUIRE_CERT'] = True
-        # app.config['LDAP_CERT_PATH'] = config.config_ldap_cert_path
-        app.config['LDAP_CUSTOM_OPTIONS'] = {
+        app.config['LDAP_CUSTOM_OPTIONS'].update({
             pyLDAP.OPT_X_TLS_REQUIRE_CERT: pyLDAP.OPT_X_TLS_DEMAND,
             pyLDAP.OPT_X_TLS_CACERTFILE: config.config_ldap_cacert_path,
             pyLDAP.OPT_X_TLS_CERTFILE: config.config_ldap_cert_path,
             pyLDAP.OPT_X_TLS_KEYFILE: config.config_ldap_key_path,
             pyLDAP.OPT_X_TLS_NEWCTX: 0
-            }
+            })
 
     app.config['LDAP_BASE_DN'] = config.config_ldap_dn
     app.config['LDAP_USER_OBJECT_FILTER'] = config.config_ldap_user_object
@@ -73,17 +72,11 @@ def init_app(app, config):
     app.config['LDAP_GROUP_OBJECT_FILTER'] = config.config_ldap_group_object_filter
     app.config['LDAP_GROUP_MEMBERS_FIELD'] = config.config_ldap_group_members_field
 
-
     try:
         _ldap.init_app(app)
     except ValueError:
         if bool(config.config_ldap_cert_path):
-            app.config['LDAP_CUSTOM_OPTIONS'] = {
-                pyLDAP.OPT_X_TLS_REQUIRE_CERT: pyLDAP.OPT_X_TLS_DEMAND,
-                pyLDAP.OPT_X_TLS_CACERTFILE: config.config_ldap_cacert_path,
-                pyLDAP.OPT_X_TLS_CERTFILE: config.config_ldap_cert_path,
-                pyLDAP.OPT_X_TLS_KEYFILE: config.config_ldap_key_path,
-            }
+            app.config['LDAP_CUSTOM_OPTIONS'].pop(pyLDAP.OPT_X_TLS_NEWCTX)
         try:
             _ldap.init_app(app)
         except RuntimeError as e: