*invalue*. Any change to global settings

.. note::

Most global settings do not affect existing :py:class:`LDAPObject`

connections. Applications should call :py:func:`set_option()` before

they establish connections with :py:func:`initialize`.

and methods :py:meth:`LDAPObject.set_option()` and

:py:meth:`LDAPObject.get_option()` the following option identifiers

are defined as constants:

.. warning::

libldap does not materialize all TLS settings immediately, with the

exception of :py:const:`OPT_X_TLS`. You must use

:py:const:`OPT_X_TLS_NEWCTX` to instruct libldap to apply pending TLS

settings and create a new internal TLS context::

TLS enforcement mode for ``ldap://`` URI. The setting has no affect

when the LDAP connection is already established.

:py:const:`OPT_X_TLS_NEVER`

Don't enforce TLS (default)

:py:const:`OPT_X_TLS_HARD`

Enforce TLS. libldap will automatically perform STARTTLS for plain

LDAP connections.

.. py:data:: OPT_X_TLS_ALL

Value for :py:const:`OPT_X_TLS_CRLCHECK`

Value for :py:const:`OPT_X_TLS_REQUIRE_CERT`

get/set path to directory with CA certs

get/set path to PEM file with CA certs

get/set path to file with PEM encoded cert for client cert authentication,

requires :py:const:`OPT_X_TLS_KEYFILE`.

.. py:data:: OPT_X_TLS_CIPHER

get cipher suite name from TLS session

get/set allowed cipher suites

.. py:data:: OPT_X_TLS_CRLCHECK

get/set CRL check mode. CRL validation needs :py:const:`OPT_X_TLS_CRLFILE`

:py:const:`OPT_X_TLS_NONE`

Don't perform CRL checks

:py:const:`OPT_X_TLS_PEER`

Perform CRL check for peer's end entity cert.

:py:const:`OPT_X_TLS_ALL`

Perform CRL checks for the whole cert chain

.. py:data:: OPT_X_TLS_CRLFILE

get/set path to CRL file

get address of internal memory address of TLS context (**DO NOT USE**)

Value for :py:const:`OPT_X_TLS_REQUIRE_CERT`

Value for :py:const:`OPT_X_TLS` and :py:const:`OPT_X_TLS_REQUIRE_CERT`

get/set path to file with PEM encoded key for client cert authentication,

requires :py:const:`OPT_X_TLS_CERTFILE`.

Value for :py:const:`OPT_X_TLS` and :py:const:`OPT_X_TLS_REQUIRE_CERT`

.. py:data:: OPT_X_TLS_NEWCTX

set and apply TLS settings to underlying TLS context

.. py:data:: OPT_X_TLS_NONE

Value for :py:const:`OPT_X_TLS_CRLCHECK`

.. py:data:: OPT_X_TLS_PACKAGE

Get TLS implementation, known values are

* ``GnuTLS``

* ``MozNSS`` (Mozilla NSS)

* ``OpenSSL``

.. py:data:: OPT_X_TLS_PEER

Value for :py:const:`OPT_X_TLS_CRLCHECK`

.. py:data:: OPT_X_TLS_PEERCERT

Get peer's certificate as BER/DER data structure (not supported)

.. py:data:: OPT_X_TLS_PROTOCOL_MIN

get/set minimum protocol version (wire protocol version as int)

* ``0x300`` for SSL 3.0

* ``0x301`` for TLS 1.0

* ``0x302`` for TLS 1.1

* ``0x303`` for TLS 1.2

* ``0x304`` for TLS 1.3

get/set path to /dev/urandom (**DO NOT USE**)

get/set validation strategy for server cert.

:py:const:`OPT_X_TLS_NEVER`

Don't check server cert and host name

:py:const:`OPT_X_TLS_ALLOW`

Ignore cert validation errors and don't check host name

:py:const:`OPT_X_TLS_TRY`

This value is only used by slapd server internally. (**DO NOT USE**)

:py:const:`OPT_X_TLS_DEMAND`

Validate peer cert chain and host name

:py:const:`OPT_X_TLS_HARD`

Same as :py:const:`OPT_X_TLS_DEMAND`

Value for :py:const:`OPT_X_TLS_REQUIRE_CERT`

.. py:data:: OPT_X_TLS_VERSION

Get negotiated TLS protocol version as string

dev

urandom

all: Modules/constants_generated.h

Modules/constants_generated.h: Lib/ldap/constants.py

$(PYTHON) $^ > $@