Standardize LDAP security configuration naming

DOCUMENTATION.md

@@ -1045,13 +1045,13 @@ Default: (unset)
 
 _(>= 3.3.0)_
 
-Use ssl on the ldap connection (soon to be deprecated, use ldap_encryption instead)
+Use ssl on the ldap connection (soon to be deprecated, use ldap_security instead)
 
-##### ldap_encryption
+##### ldap_security
 
 _(>= 3.5.2)_
 
-Use encryption on the ldap connection. none, ssl, start_tls
+Use encryption on the ldap connection. none, tls, starttls
 
 Default: none
 
@@ -1059,7 +1059,7 @@ Default: none
 
 _(>= 3.3.0)_
 
-The certificate verification mode. Works for ssl and start_tls. NONE, OPTIONAL or REQUIRED
+The certificate verification mode. Works for tls and starttls. NONE, OPTIONAL or REQUIRED
 
 Default: REQUIRED
 

config

@@ -102,13 +102,13 @@
 #ldap_user_attribute = cn
 
 # Use ssl on the ldap connection
-# Soon to be deprecated, use ldap_encryption instead
+# Soon to be deprecated, use ldap_security instead
 #ldap_use_ssl = False
 
-# the encryption mode to be used: ssl, start_tls, default is none
+# the encryption mode to be used: tls, starttls, default is none
-#ldap_encryption = none
+#ldap_security = none
 
-# The certificate verification mode. Works for ssl and start_tls. NONE, OPTIONAL, default is REQUIRED
+# The certificate verification mode. Works for ssl and starttls. NONE, OPTIONAL, default is REQUIRED
 #ldap_ssl_verify_mode = REQUIRED
 
 # The path to the CA file in pem format which is used to certificate the server certificate

radicale/auth/ldap.py

@@ -27,8 +27,8 @@ Following parameters are needed in the configuration:
    ldap_groups_attribute The attribute containing group memberships in the LDAP user entry
 Following parameters controls SSL connections:
    ldap_use_ssl        If ssl encryption should be used (to be deprecated)
-   ldap_encryption    The encryption mode to be used: *none*|ssl|start_tls
+   ldap_security    The encryption mode to be used: *none*|tls|starttls
-   ldap_ssl_verify_mode The certificate verification mode. Works for ssl and start_tls. NONE, OPTIONAL, default is REQUIRED
+   ldap_ssl_verify_mode The certificate verification mode. Works for tls and starttls. NONE, OPTIONAL, default is REQUIRED
    ldap_ssl_ca_file
 
 """
@@ -49,7 +49,7 @@ class Auth(auth.BaseAuth):
     _ldap_groups_attr: str
     _ldap_module_version: int = 3
     _ldap_use_ssl: bool = False
-    _ldap_encryption: str = "none"
+    _ldap_security: str = "none"
     _ldap_ssl_verify_mode: int = ssl.CERT_REQUIRED
     _ldap_ssl_ca_file: str = ""
 
@@ -84,12 +84,12 @@ class Auth(auth.BaseAuth):
                 self._ldap_secret = file.read().rstrip('\n')
         if self._ldap_module_version == 3:
             self._ldap_use_ssl = configuration.get("auth", "ldap_use_ssl")
-            self._ldap_encryption = configuration.get("auth", "ldap_encryption")
+            self._ldap_security = configuration.get("auth", "ldap_security")
-            self._use_encryption = self._ldap_use_ssl or self._ldap_encryption in ("ssl", "start_tls")
+            self._use_encryption = self._ldap_use_ssl or self._ldap_security in ("tls", "starttls")
-            if self._ldap_use_ssl and self._ldap_encryption == "start_tls":
+            if self._ldap_use_ssl and self._ldap_security == "starttls":
-                raise RuntimeError("Cannot set both 'ldap_use_ssl = True' and 'ldap_encryption' = 'start_tls'")
+                raise RuntimeError("Cannot set both 'ldap_use_ssl = True' and 'ldap_security' = 'starttls'")
             if self._ldap_use_ssl:
-                logger.warning("Configuration uses soon to be deprecated 'ldap_use_ssl', use 'ldap_encryption' ('none', 'ssl', 'start_tls') instead.")
+                logger.warning("Configuration uses soon to be deprecated 'ldap_use_ssl', use 'ldap_security' ('none', 'tls', 'starttls') instead.")
             if self._use_encryption:
                 self._ldap_ssl_ca_file = configuration.get("auth", "ldap_ssl_ca_file")
                 tmp = configuration.get("auth", "ldap_ssl_verify_mode")
@@ -122,7 +122,7 @@ class Auth(auth.BaseAuth):
             logger.error("auth.ldap_secret         : (not provided)")
             raise RuntimeError("LDAP authentication requires ldap_secret for ldap_reader_dn")
         logger.info("auth.ldap_use_ssl         : %s" % self._ldap_use_ssl)
-        logger.info("auth.ldap_encryption      : %s" % self._ldap_encryption)
+        logger.info("auth.ldap_security      : %s" % self._ldap_security)
         if self._use_encryption:
             logger.info("auth.ldap_ssl_verify_mode : %s" % self._ldap_ssl_verify_mode)
             if self._ldap_ssl_ca_file:
@@ -206,7 +206,7 @@ class Auth(auth.BaseAuth):
                         validate=self._ldap_ssl_verify_mode,
                         ca_certs_file=self._ldap_ssl_ca_file
                         )
-                if self._ldap_use_ssl or self._ldap_encryption == "ssl":
+                if self._ldap_use_ssl or self._ldap_security == "tls":
                     logger.debug("_login3 using ssl (reader)")
                     server = self.ldap3.Server(self._ldap_uri, use_ssl=True, tls=tls)
                 else:
@@ -216,8 +216,8 @@ class Auth(auth.BaseAuth):
                 server = self.ldap3.Server(self._ldap_uri)
             try:
                 conn = self.ldap3.Connection(server, self._ldap_reader_dn, password=self._ldap_secret, auto_bind=False, raise_exceptions=True)
-                if self._ldap_encryption == "start_tls":
+                if self._ldap_security == "starttls":
-                    logger.debug("_login3 using start_tls (reader)")
+                    logger.debug("_login3 using starttls (reader)")
                     conn.start_tls()
             except self.ldap3.core.exceptions.LDAPStartTLSError as e:
                 raise RuntimeError(f"_login3 StartTLS Error: {e}")
@@ -252,8 +252,8 @@ class Auth(auth.BaseAuth):
             """Try to bind as the user itself"""
             try:
                 conn = self.ldap3.Connection(server, user_dn, password=password, auto_bind=False)
-                if self._ldap_encryption == "start_tls":
+                if self._ldap_security == "starttls":
-                    logger.debug("_login3 using start_tls (user)")
+                    logger.debug("_login3 using starttls (user)")
                     conn.start_tls()
             except self.ldap3.core.exceptions.LDAPStartTLSError as e:
                 raise RuntimeError(f"_login3 StartTLS Error: {e}")

radicale/config.py

@@ -297,15 +297,15 @@ DEFAULT_CONFIG_SCHEMA: types.CONFIG_SCHEMA = OrderedDict([
             "type": str}),
         ("ldap_use_ssl", {
             "value": "False",
-            "help": "Use ssl on the ldap connection. Soon to be deprecated, use ldap_encryption instead",
+            "help": "Use ssl on the ldap connection. Soon to be deprecated, use ldap_security instead",
             "type": bool}),
-        ("ldap_encryption", {
+        ("ldap_security", {
             "value": "none",
-            "help": "the encryption mode to be used: *none*|ssl|start_tls",
+            "help": "the encryption mode to be used: *none*|tls|starttls",
             "type": str}),
         ("ldap_ssl_verify_mode", {
             "value": "REQUIRED",
-            "help": "The certificate verification mode. Works for ssl and start_tls. NONE, OPTIONAL, default is REQUIRED",
+            "help": "The certificate verification mode. Works for tls and starttls. NONE, OPTIONAL, default is REQUIRED",
             "type": str}),
         ("ldap_ssl_ca_file", {
             "value": "",