diff --git a/rhodecode/lib/auth_ldap.py b/rhodecode/lib/auth_ldap.py --- a/rhodecode/lib/auth_ldap.py +++ b/rhodecode/lib/auth_ldap.py @@ -25,9 +25,10 @@ class PasswordError(Exception):pass LDAP_USE_LDAPS = False ldap_server_type = 'ldap' -LDAP_SERVER_ADDRESS = '192.168.2.56' +LDAP_SERVER_ADDRESS = 'myldap.com' LDAP_SERVER_PORT = '389' +#USE FOR READ ONLY BIND TO LDAP SERVER LDAP_BIND_DN = '' LDAP_BIND_PASS = '' @@ -37,6 +38,7 @@ LDAP_SERVER = "%s://%s:%s" % (ldap_serve LDAP_SERVER_PORT) BASE_DN = "ou=people,dc=server,dc=com" +AUTH_DN = "uid=%s,%s" def authenticate_ldap(username, password): """Authenticate a user via LDAP and return his/her LDAP properties. @@ -52,7 +54,7 @@ def authenticate_ldap(username, password from rhodecode.lib.helpers import chop_at uid = chop_at(username, "@%s" % LDAP_SERVER_ADDRESS) - dn = "uid=%s,%s" % (uid, BASE_DN) + dn = AUTH_DN % (uid, BASE_DN) log.debug("Authenticating %r at %s", dn, LDAP_SERVER) if "," in username: raise UsernameError("invalid character in username: ,") @@ -60,6 +62,12 @@ def authenticate_ldap(username, password #ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/etc/openldap/cacerts') server = ldap.initialize(LDAP_SERVER) server.protocol = ldap.VERSION3 + + if LDAP_BIND_DN and LDAP_BIND_PASS: + server.simple_bind_s(AUTH_DN % (LDAP_BIND_DN, + LDAP_BIND_PASS), + password) + server.simple_bind_s(dn, password) properties = server.search_s(dn, ldap.SCOPE_SUBTREE) if not properties: