1 files changed, 10 insertions, 1 deletions

diff --git a/collectors/python.d.plugin/openldap/openldap.chart.py b/collectors/python.d.plugin/openldap/openldap.chart.py
index 768ed01e8..3266ce400 100644
--- a/collectors/python.d.plugin/openldap/openldap.chart.py
+++ b/collectors/python.d.plugin/openldap/openldap.chart.py
@@ -14,6 +14,8 @@ from bases.FrameworkServices.SimpleService import SimpleService
 
 DEFAULT_SERVER = 'localhost'
 DEFAULT_PORT = '389'
+DEFAULT_TLS = False
+DEFAULT_CERT_CHECK = True
 DEFAULT_TIMEOUT = 1
 
 ORDER = [
@@ -139,6 +141,8 @@ class Service(SimpleService):
         self.username = configuration.get('username')
         self.password = configuration.get('password')
         self.timeout = configuration.get('timeout', DEFAULT_TIMEOUT)
+        self.use_tls = configuration.get('use_tls', DEFAULT_TLS)
+        self.cert_check = configuration.get('cert_check', DEFAULT_CERT_CHECK)
         self.alive = False
         self.conn = None
 
@@ -150,8 +154,13 @@ class Service(SimpleService):
 
     def connect(self):
         try:
-            self.conn = ldap.initialize('ldap://%s:%s' % (self.server, self.port))
+            if self.use_tls:
+                self.conn = ldap.initialize('ldaps://%s:%s' % (self.server, self.port))
+            else:
+                self.conn = ldap.initialize('ldap://%s:%s' % (self.server, self.port))
             self.conn.set_option(ldap.OPT_NETWORK_TIMEOUT, self.timeout)
+            if self.use_tls and not self.cert_check:
+                self.conn.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
             if self.username and self.password:
                 self.conn.simple_bind(self.username, self.password)
         except ldap.LDAPError as error: