upstream/kallithea Files · rhodecode/lib/auth_ldap.py

fixed key error on unknown archival

marcink - - Load All Authors

File last commit:

r902:07a6e8c6 beta


                r950:343c28c3

beta

Download file

             auth_ldap.py
        
                    104 lines
            
             | 3.6 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / rhodecode / lib / auth_ldap.py
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        marcink
    
fixed #72 show warning on removal when user still is owner of existing repositories...

              r713
            
      #!/usr/bin/env python

      # encoding: utf-8

      # ldap authentication lib

        marcink
    
fixed copyright year to 2011

              r902
            
      # Copyright (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>

        marcink
    
fixed #72 show warning on removal when user still is owner of existing repositories...

              r713
            
      #

      # This program is free software; you can redistribute it and/or

      # modify it under the terms of the GNU General Public License

      # as published by the Free Software Foundation; version 2

      # of the License or (at your opinion) any later version of the license.

      # 

      # This program is distributed in the hope that it will be useful,

      # but WITHOUT ANY WARRANTY; without even the implied warranty of

      # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

      # GNU General Public License for more details.

      # 

      # You should have received a copy of the GNU General Public License

      # along with this program; if not, write to the Free Software

      # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

      # MA  02110-1301, USA.

      """

      Created on Nov 17, 2010

        marcink
    
added basic ldap auth lib

              r700
            
        marcink
    
fixed #72 show warning on removal when user still is owner of existing repositories...

              r713
            
      @author: marcink

      """

        marcink
    
implements #60, ldap configuration and authentication....

              r705
            
        marcink
    
fixed #72 show warning on removal when user still is owner of existing repositories...

              r713
            
      from rhodecode.lib.exceptions import *

        marcink
    
implements #60, ldap configuration and authentication....

              r705
            
      import logging

      log = logging.getLogger(__name__)

        marcink
    
added basic ldap auth lib

              r700
            
        marcink
    
implements #60, ldap configuration and authentication....

              r705
            
      try:

          import ldap

      except ImportError:

          pass

        marcink
    
added basic ldap auth lib

              r700
            
        marcink
    
implements #60, ldap configuration and authentication....

              r705
            
      class AuthLdap(object):

        marcink
    
added basic ldap auth lib

              r700
            
        marcink
    
implements #60, ldap configuration and authentication....

              r705
            
          def __init__(self, server, base_dn, port=389, bind_dn='', bind_pass='',

                       use_ldaps=False, ldap_version=3):

              self.ldap_version = ldap_version

              if use_ldaps:

                  port = port or 689

              self.LDAP_USE_LDAPS = use_ldaps

              self.LDAP_SERVER_ADDRESS = server

              self.LDAP_SERVER_PORT = port

        marcink
    
added basic ldap auth lib

              r700
            
        marcink
    
implements #60, ldap configuration and authentication....

              r705
            
              #USE FOR READ ONLY BIND TO LDAP SERVER

              self.LDAP_BIND_DN = bind_dn

              self.LDAP_BIND_PASS = bind_pass

        marcink
    
added basic ldap auth lib

              r700
            
        marcink
    
implements #60, ldap configuration and authentication....

              r705
            
              ldap_server_type = 'ldap'

              if self.LDAP_USE_LDAPS:ldap_server_type = ldap_server_type + 's'

              self.LDAP_SERVER = "%s://%s:%s" % (ldap_server_type,

                                                     self.LDAP_SERVER_ADDRESS,

                                                     self.LDAP_SERVER_PORT)

              self.BASE_DN = base_dn

        marcink
    
added basic ldap auth lib

              r700
            
        marcink
    
implements #60, ldap configuration and authentication....

              r705
            
          def authenticate_ldap(self, username, password):

              """Authenticate a user via LDAP and return his/her LDAP properties.

              Raises AuthenticationError if the credentials are rejected, or

              EnvironmentError if the LDAP server can't be reached.

        marcink
    
ldap two phase auth fix

              r701
            
        marcink
    
implements #60, ldap configuration and authentication....

              r705
            
              :param username: username

              :param password: password

              """

              from rhodecode.lib.helpers import chop_at

              uid = chop_at(username, "@%s" % self.LDAP_SERVER_ADDRESS)

        marcink
    
fixes #77 and adds extendable base Dn with custom uid specification

              r775
            
        marcink
    
implements #60, ldap configuration and authentication....

              r705
            
              if "," in username:

        marcink
    
fixed #72 show warning on removal when user still is owner of existing repositories...

              r713
            
                  raise LdapUsernameError("invalid character in username: ,")

        marcink
    
implements #60, ldap configuration and authentication....

              r705
            
              try:

        marcink
    
fixes #76 added confirmation dialog for user removal....

              r739
            
                  ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, '/etc/openldap/cacerts')

        marcink
    
implements #60, ldap configuration and authentication....

              r705
            
                  ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 10)

                  server = ldap.initialize(self.LDAP_SERVER)

                  if self.ldap_version == 2:

                      server.protocol = ldap.VERSION2

                  else:

                      server.protocol = ldap.VERSION3

        marcink
    
added basic ldap auth lib

              r700
            
        marcink
    
implements #60, ldap configuration and authentication....

              r705
            
                  if self.LDAP_BIND_DN and self.LDAP_BIND_PASS:

        marcink
    
fixes a bug with two-pass ldap auth (thanks for TK Soh for that)

              r794
            
                      server.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS)

        marcink
    
added basic ldap auth lib

              r700
            
        marcink
    
fixes #77 and adds extendable base Dn with custom uid specification

              r775
            
                  dn = self.BASE_DN % {'user':uid}

                  log.debug("Authenticating %r at %s", dn, self.LDAP_SERVER)

        marcink
    
implements #60, ldap configuration and authentication....

              r705
            
                  server.simple_bind_s(dn, password)

        marcink
    
fixes #77 and adds extendable base Dn with custom uid specification

              r775
            
        marcink
    
implements #60, ldap configuration and authentication....

              r705
            
                  properties = server.search_s(dn, ldap.SCOPE_SUBTREE)

                  if not properties:

                      raise ldap.NO_SUCH_OBJECT()

              except ldap.NO_SUCH_OBJECT, e:

                  log.debug("LDAP says no such user '%s' (%s)", uid, username)

        marcink
    
fixed #72 show warning on removal when user still is owner of existing repositories...

              r713
            
                  raise LdapUsernameError()

        marcink
    
implements #60, ldap configuration and authentication....

              r705
            
              except ldap.INVALID_CREDENTIALS, e:

                  log.debug("LDAP rejected password for user '%s' (%s)", uid, username)

        marcink
    
fixed #72 show warning on removal when user still is owner of existing repositories...

              r713
            
                  raise LdapPasswordError()

        marcink
    
implements #60, ldap configuration and authentication....

              r705
            
              except ldap.SERVER_DOWN, e:

        marcink
    
fixed #72 show warning on removal when user still is owner of existing repositories...

              r713
            
                  raise LdapConnectionError("LDAP can't access authentication server")

        marcink
    
implements #60, ldap configuration and authentication....

              r705
            
              return properties[0]

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

marcink fixed #72 show warning on removal when user still is owner of existing repositories...	r713	#!/usr/bin/env python
		# encoding: utf-8
		# ldap authentication lib
marcink fixed copyright year to 2011	r902	# Copyright (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
marcink fixed #72 show warning on removal when user still is owner of existing repositories...	r713	#
		# This program is free software; you can redistribute it and/or
		# modify it under the terms of the GNU General Public License
		# as published by the Free Software Foundation; version 2
		# of the License or (at your opinion) any later version of the license.
		#
		# This program is distributed in the hope that it will be useful,
		# but WITHOUT ANY WARRANTY; without even the implied warranty of
		# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		# GNU General Public License for more details.
		#
		# You should have received a copy of the GNU General Public License
		# along with this program; if not, write to the Free Software
		# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
		# MA 02110-1301, USA.
		"""
		Created on Nov 17, 2010
marcink added basic ldap auth lib	r700
marcink fixed #72 show warning on removal when user still is owner of existing repositories...	r713	@author: marcink
		"""
marcink implements #60, ldap configuration and authentication....	r705
marcink fixed #72 show warning on removal when user still is owner of existing repositories...	r713	from rhodecode.lib.exceptions import *
marcink implements #60, ldap configuration and authentication....	r705	import logging

		log = logging.getLogger(__name__)
marcink added basic ldap auth lib	r700
marcink implements #60, ldap configuration and authentication....	r705	try:
		import ldap
		except ImportError:
		pass
marcink added basic ldap auth lib	r700
marcink implements #60, ldap configuration and authentication....	r705	class AuthLdap(object):
marcink added basic ldap auth lib	r700
marcink implements #60, ldap configuration and authentication....	r705	def __init__(self, server, base_dn, port=389, bind_dn='', bind_pass='',
		use_ldaps=False, ldap_version=3):
		self.ldap_version = ldap_version
		if use_ldaps:
		port = port or 689
		self.LDAP_USE_LDAPS = use_ldaps
		self.LDAP_SERVER_ADDRESS = server
		self.LDAP_SERVER_PORT = port
marcink added basic ldap auth lib	r700
marcink implements #60, ldap configuration and authentication....	r705	#USE FOR READ ONLY BIND TO LDAP SERVER
		self.LDAP_BIND_DN = bind_dn
		self.LDAP_BIND_PASS = bind_pass
marcink added basic ldap auth lib	r700
marcink implements #60, ldap configuration and authentication....	r705	ldap_server_type = 'ldap'
		if self.LDAP_USE_LDAPS:ldap_server_type = ldap_server_type + 's'
		self.LDAP_SERVER = "%s://%s:%s" % (ldap_server_type,
		self.LDAP_SERVER_ADDRESS,
		self.LDAP_SERVER_PORT)

		self.BASE_DN = base_dn
marcink added basic ldap auth lib	r700
marcink implements #60, ldap configuration and authentication....	r705	def authenticate_ldap(self, username, password):
		"""Authenticate a user via LDAP and return his/her LDAP properties.

		Raises AuthenticationError if the credentials are rejected, or
		EnvironmentError if the LDAP server can't be reached.
marcink ldap two phase auth fix	r701
marcink implements #60, ldap configuration and authentication....	r705	:param username: username
		:param password: password
		"""

		from rhodecode.lib.helpers import chop_at

		uid = chop_at(username, "@%s" % self.LDAP_SERVER_ADDRESS)
marcink fixes #77 and adds extendable base Dn with custom uid specification	r775
marcink implements #60, ldap configuration and authentication....	r705	if "," in username:
marcink fixed #72 show warning on removal when user still is owner of existing repositories...	r713	raise LdapUsernameError("invalid character in username: ,")
marcink implements #60, ldap configuration and authentication....	r705	try:
marcink fixes #76 added confirmation dialog for user removal....	r739	ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, '/etc/openldap/cacerts')
marcink implements #60, ldap configuration and authentication....	r705	ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 10)
		server = ldap.initialize(self.LDAP_SERVER)
		if self.ldap_version == 2:
		server.protocol = ldap.VERSION2
		else:
		server.protocol = ldap.VERSION3
marcink added basic ldap auth lib	r700
marcink implements #60, ldap configuration and authentication....	r705	if self.LDAP_BIND_DN and self.LDAP_BIND_PASS:
marcink fixes a bug with two-pass ldap auth (thanks for TK Soh for that)	r794	server.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS)
marcink added basic ldap auth lib	r700
marcink fixes #77 and adds extendable base Dn with custom uid specification	r775	dn = self.BASE_DN % {'user':uid}
		log.debug("Authenticating %r at %s", dn, self.LDAP_SERVER)
marcink implements #60, ldap configuration and authentication....	r705	server.simple_bind_s(dn, password)
marcink fixes #77 and adds extendable base Dn with custom uid specification	r775
marcink implements #60, ldap configuration and authentication....	r705	properties = server.search_s(dn, ldap.SCOPE_SUBTREE)
		if not properties:
		raise ldap.NO_SUCH_OBJECT()
		except ldap.NO_SUCH_OBJECT, e:
		log.debug("LDAP says no such user '%s' (%s)", uid, username)
marcink fixed #72 show warning on removal when user still is owner of existing repositories...	r713	raise LdapUsernameError()
marcink implements #60, ldap configuration and authentication....	r705	except ldap.INVALID_CREDENTIALS, e:
		log.debug("LDAP rejected password for user '%s' (%s)", uid, username)
marcink fixed #72 show warning on removal when user still is owner of existing repositories...	r713	raise LdapPasswordError()
marcink implements #60, ldap configuration and authentication....	r705	except ldap.SERVER_DOWN, e:
marcink fixed #72 show warning on removal when user still is owner of existing repositories...	r713	raise LdapConnectionError("LDAP can't access authentication server")
marcink implements #60, ldap configuration and authentication....	r705
		return properties[0]