Show More
| @@ -604,19 +604,19 b' class AuthLdapBase(object):' | |||||
| 604 | if not full_resolve: |
|
604 | if not full_resolve: | |
| 605 | return '{}:{}'.format(host, port) |
|
605 | return '{}:{}'.format(host, port) | |
| 606 |
|
606 | |||
| 607 | log.debug('LDAP: Resolving IP for LDAP host %s', host) |
|
607 | log.debug('LDAP: Resolving IP for LDAP host `%s`', host) | |
| 608 | try: |
|
608 | try: | |
| 609 | ip = socket.gethostbyname(host) |
|
609 | ip = socket.gethostbyname(host) | |
| 610 |
log.debug('Got LDAP |
|
610 | log.debug('LDAP: Got LDAP host `%s` ip %s', host, ip) | |
| 611 | except Exception: |
|
611 | except Exception: | |
| 612 | raise LdapConnectionError( |
|
612 | raise LdapConnectionError('Failed to resolve host: `{}`'.format(host)) | |
| 613 | 'Failed to resolve host: `{}`'.format(host)) |
|
|||
| 614 |
|
613 | |||
| 615 | log.debug('LDAP: Checking if IP %s is accessible', ip) |
|
614 | log.debug('LDAP: Checking if IP %s is accessible', ip) | |
| 616 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) |
|
615 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
| 617 | try: |
|
616 | try: | |
| 618 | s.connect((ip, int(port))) |
|
617 | s.connect((ip, int(port))) | |
| 619 | s.shutdown(socket.SHUT_RD) |
|
618 | s.shutdown(socket.SHUT_RD) | |
|
|
619 | log.debug('LDAP: connection to %s successful', ip) | |||
| 620 | except Exception: |
|
620 | except Exception: | |
| 621 | raise LdapConnectionError( |
|
621 | raise LdapConnectionError( | |
| 622 | 'Failed to connect to host: `{}:{}`'.format(host, port)) |
|
622 | 'Failed to connect to host: `{}:{}`'.format(host, port)) | |
| @@ -145,16 +145,16 b' class AuthLdap(AuthLdapBase):' | |||||
| 145 | log.debug('Trying simple_bind with password and given login DN: %r', |
|
145 | log.debug('Trying simple_bind with password and given login DN: %r', | |
| 146 | self.LDAP_BIND_DN) |
|
146 | self.LDAP_BIND_DN) | |
| 147 | ldap_conn.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS) |
|
147 | ldap_conn.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS) | |
| 148 |
|
148 | log.debug('simple_bind successful') | ||
| 149 | return ldap_conn |
|
149 | return ldap_conn | |
| 150 |
|
150 | |||
| 151 | def fetch_attrs_from_simple_bind(self, server, dn, username, password): |
|
151 | def fetch_attrs_from_simple_bind(self, server, dn, username, password): | |
| 152 | try: |
|
152 | try: | |
| 153 | log.debug('Trying simple bind with %r', dn) |
|
153 | log.debug('Trying simple bind with %r', dn) | |
| 154 | server.simple_bind_s(dn, safe_str(password)) |
|
154 | server.simple_bind_s(dn, safe_str(password)) | |
| 155 |
|
|
155 | _dn, attrs = server.search_ext_s( | |
| 156 | dn, ldap.SCOPE_BASE, '(objectClass=*)', )[0] |
|
156 | dn, ldap.SCOPE_BASE, '(objectClass=*)', )[0] | |
| 157 | _, attrs = user |
|
157 | ||
| 158 | return attrs |
|
158 | return attrs | |
| 159 |
|
159 | |||
| 160 | except ldap.INVALID_CREDENTIALS: |
|
160 | except ldap.INVALID_CREDENTIALS: | |
| @@ -272,7 +272,7 b' class LdapSettingsSchema(AuthnPluginSett' | |||||
| 272 | 'uid=root,cn=users,dc=mydomain,dc=com, or admin@mydomain.com'), |
|
272 | 'uid=root,cn=users,dc=mydomain,dc=com, or admin@mydomain.com'), | |
| 273 | missing='', |
|
273 | missing='', | |
| 274 | preparer=strip_whitespace, |
|
274 | preparer=strip_whitespace, | |
| 275 |
title=_(' |
|
275 | title=_('Bind account'), | |
| 276 | widget='string') |
|
276 | widget='string') | |
| 277 | dn_pass = colander.SchemaNode( |
|
277 | dn_pass = colander.SchemaNode( | |
| 278 | colander.String(), |
|
278 | colander.String(), | |
| @@ -280,7 +280,7 b' class LdapSettingsSchema(AuthnPluginSett' | |||||
| 280 | description=_('Password to authenticate for given user DN.'), |
|
280 | description=_('Password to authenticate for given user DN.'), | |
| 281 | missing='', |
|
281 | missing='', | |
| 282 | preparer=strip_whitespace, |
|
282 | preparer=strip_whitespace, | |
| 283 |
title=_(' |
|
283 | title=_('Bind account password'), | |
| 284 | widget='password') |
|
284 | widget='password') | |
| 285 | tls_kind = colander.SchemaNode( |
|
285 | tls_kind = colander.SchemaNode( | |
| 286 | colander.String(), |
|
286 | colander.String(), | |
| @@ -318,7 +318,7 b' class LdapSettingsSchema(AuthnPluginSett' | |||||
| 318 | colander.String(), |
|
318 | colander.String(), | |
| 319 | default='', |
|
319 | default='', | |
| 320 | description=_('Base DN to search. Dynamic bind is supported. Add `$login` marker ' |
|
320 | description=_('Base DN to search. Dynamic bind is supported. Add `$login` marker ' | |
| 321 |
'in it to be replaced with current user |
|
321 | 'in it to be replaced with current user username \n' | |
| 322 | '(e.g., dc=mydomain,dc=com, or ou=Users,dc=mydomain,dc=com)'), |
|
322 | '(e.g., dc=mydomain,dc=com, or ou=Users,dc=mydomain,dc=com)'), | |
| 323 | missing='', |
|
323 | missing='', | |
| 324 | preparer=strip_whitespace, |
|
324 | preparer=strip_whitespace, | |
General Comments 0
You need to be logged in to leave comments.
Login now