Show More
| @@ -0,0 +1,78 b'' | |||||
|
|
1 | import logging | |||
|
|
2 | logging.basicConfig(level=logging.DEBUG) | |||
|
|
3 | log = logging.getLogger('ldap') | |||
|
|
4 | ||||
|
|
5 | #============================================================================== | |||
|
|
6 | # LDAP | |||
|
|
7 | #Name = Just a description for the auth modes page | |||
|
|
8 | #Host = DepartmentName.OrganizationName.local/ IP | |||
|
|
9 | #Port = 389 default for ldap | |||
|
|
10 | #LDAPS = no set True if You need to use ldaps | |||
|
|
11 | #Account = DepartmentName\UserName (or UserName@MyDomain depending on AD server) | |||
|
|
12 | #Password = <password> | |||
|
|
13 | #Base DN = DC=DepartmentName,DC=OrganizationName,DC=local | |||
|
|
14 | # | |||
|
|
15 | #On-the-fly user creation = yes | |||
|
|
16 | #Attributes | |||
|
|
17 | # Login = sAMAccountName | |||
|
|
18 | # Firstname = givenName | |||
|
|
19 | # Lastname = sN | |||
|
|
20 | # Email = mail | |||
|
|
21 | ||||
|
|
22 | #============================================================================== | |||
|
|
23 | class UsernameError(Exception):pass | |||
|
|
24 | class PasswordError(Exception):pass | |||
|
|
25 | ||||
|
|
26 | LDAP_USE_LDAPS = False | |||
|
|
27 | ldap_server_type = 'ldap' | |||
|
|
28 | LDAP_SERVER_ADDRESS = '192.168.2.56' | |||
|
|
29 | LDAP_SERVER_PORT = '389' | |||
|
|
30 | ||||
|
|
31 | LDAP_BIND_DN = '' | |||
|
|
32 | LDAP_BIND_PASS = '' | |||
|
|
33 | ||||
|
|
34 | if LDAP_USE_LDAPS:ldap_server_type = ldap_server_type + 's' | |||
|
|
35 | LDAP_SERVER = "%s://%s:%s" % (ldap_server_type, | |||
|
|
36 | LDAP_SERVER_ADDRESS, | |||
|
|
37 | LDAP_SERVER_PORT) | |||
|
|
38 | ||||
|
|
39 | BASE_DN = "ou=people,dc=server,dc=com" | |||
|
|
40 | ||||
|
|
41 | def authenticate_ldap(username, password): | |||
|
|
42 | """Authenticate a user via LDAP and return his/her LDAP properties. | |||
|
|
43 | ||||
|
|
44 | Raises AuthenticationError if the credentials are rejected, or | |||
|
|
45 | EnvironmentError if the LDAP server can't be reached. | |||
|
|
46 | """ | |||
|
|
47 | try: | |||
|
|
48 | import ldap | |||
|
|
49 | except ImportError: | |||
|
|
50 | raise Exception('Could not import ldap make sure You install python-ldap') | |||
|
|
51 | ||||
|
|
52 | from rhodecode.lib.helpers import chop_at | |||
|
|
53 | ||||
|
|
54 | uid = chop_at(username, "@%s" % LDAP_SERVER_ADDRESS) | |||
|
|
55 | dn = "uid=%s,%s" % (uid, BASE_DN) | |||
|
|
56 | log.debug("Authenticating %r at %s", dn, LDAP_SERVER) | |||
|
|
57 | if "," in username: | |||
|
|
58 | raise UsernameError("invalid character in username: ,") | |||
|
|
59 | try: | |||
|
|
60 | #ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/etc/openldap/cacerts') | |||
|
|
61 | server = ldap.initialize(LDAP_SERVER) | |||
|
|
62 | server.protocol = ldap.VERSION3 | |||
|
|
63 | server.simple_bind_s(dn, password) | |||
|
|
64 | properties = server.search_s(dn, ldap.SCOPE_SUBTREE) | |||
|
|
65 | if not properties: | |||
|
|
66 | raise ldap.NO_SUCH_OBJECT() | |||
|
|
67 | except ldap.NO_SUCH_OBJECT, e: | |||
|
|
68 | log.debug("LDAP says no such user '%s' (%s)", uid, username) | |||
|
|
69 | raise UsernameError() | |||
|
|
70 | except ldap.INVALID_CREDENTIALS, e: | |||
|
|
71 | log.debug("LDAP rejected password for user '%s' (%s)", uid, username) | |||
|
|
72 | raise PasswordError() | |||
|
|
73 | except ldap.SERVER_DOWN, e: | |||
|
|
74 | raise EnvironmentError("can't access authentication server") | |||
|
|
75 | return properties | |||
|
|
76 | ||||
|
|
77 | ||||
|
|
78 | print authenticate_ldap('test', 'test') | |||
General Comments 0
You need to be logged in to leave comments.
Login now