From 7df4c070e1749beacec3321bb291c60d9d38bc54 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Sun, 28 Sep 2025 10:44:33 +0200 Subject: [PATCH] LDAP auth: fail on illegal values for config settings Thr config settings 'ldap_security' and 'ldap_ssl_verify_mode' only accept a specific set of values: fail if other values are provided. --- radicale/auth/ldap.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/radicale/auth/ldap.py b/radicale/auth/ldap.py index 65eb2c02..5fbe2684 100644 --- a/radicale/auth/ldap.py +++ b/radicale/auth/ldap.py @@ -101,6 +101,8 @@ class Auth(auth.BaseAuth): with open(ldap_secret_file_path, 'r') as file: self._ldap_secret = file.read().rstrip('\n') self._ldap_security = configuration.get("auth", "ldap_security") + if self._ldap_security not in ("none", "tls", "starttls"): + raise RuntimeError("Illegal value for config setting ´ldap_security'") ldap_use_ssl = configuration.get("auth", "ldap_use_ssl") if ldap_use_ssl: logger.warning("Configuration uses deprecated 'ldap_use_ssl': use 'ldap_security' ('none', 'tls', 'starttls') instead.") @@ -115,6 +117,8 @@ class Auth(auth.BaseAuth): self._ldap_ssl_verify_mode = ssl.CERT_NONE elif tmp == "OPTIONAL": self._ldap_ssl_verify_mode = ssl.CERT_OPTIONAL + elif tmp != "REQUIRED": + raise RuntimeError("Illegal value for config setting ´ldap_ssl_verify_mode'") if self._ldap_uri.lower().startswith("ldaps://") and self._ldap_security not in ("tls", "starttls"): logger.info("Inferring 'ldap_security' = tls from 'ldap_uri' starting with 'ldaps://'")