Merge pull request #89 from Criena/master

erikjohnston · web-flow · commit c4206bdb7c4a · 2020-06-02T17:14:06.000+01:00
Verify certificates when using SSL or TLS
diff --git a/ldap_auth_provider.py b/ldap_auth_provider.py
@@ -19,6 +19,8 @@
 import ldap3
 import ldap3.core.exceptions
 
+import ssl
+
 import logging
 import synapse
 
@@ -88,8 +90,9 @@ def check_password(self, user_id, password):
         localpart = user_id.split(":", 1)[0][1:]
 
         try:
+            tls = ldap3.Tls(validate=ssl.CERT_REQUIRED)
             server = ldap3.ServerPool(
-                [ldap3.Server(uri, get_info=None) for uri in self.ldap_uris],
+                [ldap3.Server(uri, get_info=None, tls=tls) for uri in self.ldap_uris],
             )
             logger.debug(
                 "Attempting LDAP connection with %s",
