Show More
@@ -604,19 +604,19 b' class AuthLdapBase(object):' | |||||
604 | if not full_resolve: |
|
604 | if not full_resolve: | |
605 | return '{}:{}'.format(host, port) |
|
605 | return '{}:{}'.format(host, port) | |
606 |
|
606 | |||
607 | log.debug('LDAP: Resolving IP for LDAP host %s', host) |
|
607 | log.debug('LDAP: Resolving IP for LDAP host `%s`', host) | |
608 | try: |
|
608 | try: | |
609 | ip = socket.gethostbyname(host) |
|
609 | ip = socket.gethostbyname(host) | |
610 |
log.debug('Got LDAP |
|
610 | log.debug('LDAP: Got LDAP host `%s` ip %s', host, ip) | |
611 | except Exception: |
|
611 | except Exception: | |
612 | raise LdapConnectionError( |
|
612 | raise LdapConnectionError('Failed to resolve host: `{}`'.format(host)) | |
613 | 'Failed to resolve host: `{}`'.format(host)) |
|
|||
614 |
|
613 | |||
615 | log.debug('LDAP: Checking if IP %s is accessible', ip) |
|
614 | log.debug('LDAP: Checking if IP %s is accessible', ip) | |
616 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) |
|
615 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
617 | try: |
|
616 | try: | |
618 | s.connect((ip, int(port))) |
|
617 | s.connect((ip, int(port))) | |
619 | s.shutdown(socket.SHUT_RD) |
|
618 | s.shutdown(socket.SHUT_RD) | |
|
619 | log.debug('LDAP: connection to %s successful', ip) | |||
620 | except Exception: |
|
620 | except Exception: | |
621 | raise LdapConnectionError( |
|
621 | raise LdapConnectionError( | |
622 | 'Failed to connect to host: `{}:{}`'.format(host, port)) |
|
622 | 'Failed to connect to host: `{}:{}`'.format(host, port)) |
@@ -145,16 +145,16 b' class AuthLdap(AuthLdapBase):' | |||||
145 | log.debug('Trying simple_bind with password and given login DN: %r', |
|
145 | log.debug('Trying simple_bind with password and given login DN: %r', | |
146 | self.LDAP_BIND_DN) |
|
146 | self.LDAP_BIND_DN) | |
147 | ldap_conn.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS) |
|
147 | ldap_conn.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS) | |
148 |
|
148 | log.debug('simple_bind successful') | ||
149 | return ldap_conn |
|
149 | return ldap_conn | |
150 |
|
150 | |||
151 | def fetch_attrs_from_simple_bind(self, server, dn, username, password): |
|
151 | def fetch_attrs_from_simple_bind(self, server, dn, username, password): | |
152 | try: |
|
152 | try: | |
153 | log.debug('Trying simple bind with %r', dn) |
|
153 | log.debug('Trying simple bind with %r', dn) | |
154 | server.simple_bind_s(dn, safe_str(password)) |
|
154 | server.simple_bind_s(dn, safe_str(password)) | |
155 |
|
|
155 | _dn, attrs = server.search_ext_s( | |
156 | dn, ldap.SCOPE_BASE, '(objectClass=*)', )[0] |
|
156 | dn, ldap.SCOPE_BASE, '(objectClass=*)', )[0] | |
157 | _, attrs = user |
|
157 | ||
158 | return attrs |
|
158 | return attrs | |
159 |
|
159 | |||
160 | except ldap.INVALID_CREDENTIALS: |
|
160 | except ldap.INVALID_CREDENTIALS: | |
@@ -206,7 +206,7 b' class AuthLdap(AuthLdapBase):' | |||||
206 | break |
|
206 | break | |
207 | else: |
|
207 | else: | |
208 | raise LdapPasswordError( |
|
208 | raise LdapPasswordError( | |
209 | 'Failed to authenticate user `{}`' |
|
209 | 'Failed to authenticate user `{}` ' | |
210 | 'with given password'.format(username)) |
|
210 | 'with given password'.format(username)) | |
211 |
|
211 | |||
212 | except ldap.NO_SUCH_OBJECT: |
|
212 | except ldap.NO_SUCH_OBJECT: | |
@@ -249,7 +249,7 b' class LdapSettingsSchema(AuthnPluginSett' | |||||
249 | colander.Int(), |
|
249 | colander.Int(), | |
250 | default=389, |
|
250 | default=389, | |
251 | description=_('Custom port that the LDAP server is listening on. ' |
|
251 | description=_('Custom port that the LDAP server is listening on. ' | |
252 | 'Default value is: 389, use 689 for LDAPS(SSL)'), |
|
252 | 'Default value is: 389, use 689 for LDAPS (SSL)'), | |
253 | preparer=strip_whitespace, |
|
253 | preparer=strip_whitespace, | |
254 | title=_('Port'), |
|
254 | title=_('Port'), | |
255 | validator=colander.Range(min=0, max=65536), |
|
255 | validator=colander.Range(min=0, max=65536), | |
@@ -272,7 +272,7 b' class LdapSettingsSchema(AuthnPluginSett' | |||||
272 | 'uid=root,cn=users,dc=mydomain,dc=com, or admin@mydomain.com'), |
|
272 | 'uid=root,cn=users,dc=mydomain,dc=com, or admin@mydomain.com'), | |
273 | missing='', |
|
273 | missing='', | |
274 | preparer=strip_whitespace, |
|
274 | preparer=strip_whitespace, | |
275 |
title=_(' |
|
275 | title=_('Bind account'), | |
276 | widget='string') |
|
276 | widget='string') | |
277 | dn_pass = colander.SchemaNode( |
|
277 | dn_pass = colander.SchemaNode( | |
278 | colander.String(), |
|
278 | colander.String(), | |
@@ -280,7 +280,7 b' class LdapSettingsSchema(AuthnPluginSett' | |||||
280 | description=_('Password to authenticate for given user DN.'), |
|
280 | description=_('Password to authenticate for given user DN.'), | |
281 | missing='', |
|
281 | missing='', | |
282 | preparer=strip_whitespace, |
|
282 | preparer=strip_whitespace, | |
283 |
title=_(' |
|
283 | title=_('Bind account password'), | |
284 | widget='password') |
|
284 | widget='password') | |
285 | tls_kind = colander.SchemaNode( |
|
285 | tls_kind = colander.SchemaNode( | |
286 | colander.String(), |
|
286 | colander.String(), | |
@@ -318,7 +318,7 b' class LdapSettingsSchema(AuthnPluginSett' | |||||
318 | colander.String(), |
|
318 | colander.String(), | |
319 | default='', |
|
319 | default='', | |
320 | description=_('Base DN to search. Dynamic bind is supported. Add `$login` marker ' |
|
320 | description=_('Base DN to search. Dynamic bind is supported. Add `$login` marker ' | |
321 |
'in it to be replaced with current user |
|
321 | 'in it to be replaced with current user username \n' | |
322 | '(e.g., dc=mydomain,dc=com, or ou=Users,dc=mydomain,dc=com)'), |
|
322 | '(e.g., dc=mydomain,dc=com, or ou=Users,dc=mydomain,dc=com)'), | |
323 | missing='', |
|
323 | missing='', | |
324 | preparer=strip_whitespace, |
|
324 | preparer=strip_whitespace, |
General Comments 0
You need to be logged in to leave comments.
Login now