From b21549b998565b661aa474534475ad85daadda83 Mon Sep 17 00:00:00 2001 From: Peter Marschall Date: Sun, 14 Sep 2025 11:41:10 +0200 Subject: [PATCH] LDAP auth: warn if 'ldap_ssl_ca_file' is set without LDAP encryption --- radicale/auth/ldap.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/radicale/auth/ldap.py b/radicale/auth/ldap.py index 0783cfcf..bd9e851c 100644 --- a/radicale/auth/ldap.py +++ b/radicale/auth/ldap.py @@ -124,6 +124,8 @@ class Auth(auth.BaseAuth): if self._ldap_ssl_ca_file == "" and self._ldap_ssl_verify_mode != ssl.CERT_NONE and self._ldap_security in ("tls", "starttls"): logger.warning("Certificate verification not possible: 'ldap_ssl_ca_file' not set") + if self._ldap_ssl_ca_file and self._ldap_security not in ("tls", "starttls"): + logger.warning("Config setting 'ldap_ssl_ca_file' useless without encrypted LDAP connection") logger.info("auth.ldap_uri : %r" % self._ldap_uri) logger.info("auth.ldap_base : %r" % self._ldap_base)