From bed40b0d05bc58a30bd026008fad94980052bb55 Mon Sep 17 00:00:00 2001
From: mbchristoff <49072643+mbchristoff@users.noreply.github.com>
Date: Thu, 14 May 2020 16:41:42 +0200
Subject: [PATCH] Add STARTTLS option. (#277)

* Add STARTTLS option.
---
 configuration/ldap_config.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/configuration/ldap_config.py b/configuration/ldap_config.py
index ba2067c..19277e1 100644
--- a/configuration/ldap_config.py
+++ b/configuration/ldap_config.py
@@ -37,6 +37,9 @@ AUTH_LDAP_BIND_PASSWORD = os.environ.get('AUTH_LDAP_BIND_PASSWORD', read_secret(
 # Set a string template that describes any user’s distinguished name based on the username.
 AUTH_LDAP_USER_DN_TEMPLATE = os.environ.get('AUTH_LDAP_USER_DN_TEMPLATE', None)
 
+# Enable STARTTLS for ldap authentication.
+AUTH_LDAP_START_TLS = os.environ.get('AUTH_LDAP_START_TLS', 'False').lower() == 'true'
+
 # Include this setting if you want to ignore certificate errors. This might be needed to accept a self-signed cert.
 # Note that this is a NetBox-specific setting which sets:
 #     ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)