##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

code garden...
marcink -
r1792:2afa6b8c beta
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -43,7 +43,7 b' class AuthLdap(object):'
43 def __init__(self, server, base_dn, port=389, bind_dn='', bind_pass='',
43 def __init__(self, server, base_dn, port=389, bind_dn='', bind_pass='',
44 tls_kind='PLAIN', tls_reqcert='DEMAND', ldap_version=3,
44 tls_kind='PLAIN', tls_reqcert='DEMAND', ldap_version=3,
45 ldap_filter='(&(objectClass=user)(!(objectClass=computer)))',
45 ldap_filter='(&(objectClass=user)(!(objectClass=computer)))',
46 search_scope = 'SUBTREE', attr_login = 'uid'):
46 search_scope='SUBTREE', attr_login='uid'):
47 self.ldap_version = ldap_version
47 self.ldap_version = ldap_version
48 ldap_server_type = 'ldap'
48 ldap_server_type = 'ldap'
49
49
@@ -52,9 +52,9 b' class AuthLdap(object):'
52 if self.TLS_KIND == 'LDAPS':
52 if self.TLS_KIND == 'LDAPS':
53 port = port or 689
53 port = port or 689
54 ldap_server_type = ldap_server_type + 's'
54 ldap_server_type = ldap_server_type + 's'
55
55
56 OPT_X_TLS_DEMAND = 2
56 OPT_X_TLS_DEMAND = 2
57 self.TLS_REQCERT = getattr(ldap, 'OPT_X_TLS_%s' % tls_reqcert,
57 self.TLS_REQCERT = getattr(ldap, 'OPT_X_TLS_%s' % tls_reqcert,
58 OPT_X_TLS_DEMAND)
58 OPT_X_TLS_DEMAND)
59 self.LDAP_SERVER_ADDRESS = server
59 self.LDAP_SERVER_ADDRESS = server
60 self.LDAP_SERVER_PORT = port
60 self.LDAP_SERVER_PORT = port
@@ -73,7 +73,8 b' class AuthLdap(object):'
73 self.attr_login = attr_login
73 self.attr_login = attr_login
74
74
75 def authenticate_ldap(self, username, password):
75 def authenticate_ldap(self, username, password):
76 """Authenticate a user via LDAP and return his/her LDAP properties.
76 """
77 Authenticate a user via LDAP and return his/her LDAP properties.
77
78
78 Raises AuthenticationError if the credentials are rejected, or
79 Raises AuthenticationError if the credentials are rejected, or
79 EnvironmentError if the LDAP server can't be reached.
80 EnvironmentError if the LDAP server can't be reached.
@@ -87,13 +88,14 b' class AuthLdap(object):'
87 uid = chop_at(username, "@%s" % self.LDAP_SERVER_ADDRESS)
88 uid = chop_at(username, "@%s" % self.LDAP_SERVER_ADDRESS)
88
89
89 if not password:
90 if not password:
90 log.debug("Attempt to authenticate LDAP user with blank password rejected.")
91 log.debug("Attempt to authenticate LDAP user "
92 "with blank password rejected.")
91 raise LdapPasswordError()
93 raise LdapPasswordError()
92 if "," in username:
94 if "," in username:
93 raise LdapUsernameError("invalid character in username: ,")
95 raise LdapUsernameError("invalid character in username: ,")
94 try:
96 try:
95 if hasattr(ldap,'OPT_X_TLS_CACERTDIR'):
97 if hasattr(ldap, 'OPT_X_TLS_CACERTDIR'):
96 ldap.set_option(ldap.OPT_X_TLS_CACERTDIR,
98 ldap.set_option(ldap.OPT_X_TLS_CACERTDIR,
97 '/etc/openldap/cacerts')
99 '/etc/openldap/cacerts')
98 ldap.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF)
100 ldap.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF)
99 ldap.set_option(ldap.OPT_RESTART, ldap.OPT_ON)
101 ldap.set_option(ldap.OPT_RESTART, ldap.OPT_ON)
@@ -114,12 +116,12 b' class AuthLdap(object):'
114 if self.LDAP_BIND_DN and self.LDAP_BIND_PASS:
116 if self.LDAP_BIND_DN and self.LDAP_BIND_PASS:
115 server.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS)
117 server.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS)
116
118
117 filt = '(&%s(%s=%s))' % (self.LDAP_FILTER, self.attr_login,
119 filter_ = '(&%s(%s=%s))' % (self.LDAP_FILTER, self.attr_login,
118 username)
120 username)
119 log.debug("Authenticating %r filt %s at %s", self.BASE_DN,
121 log.debug("Authenticating %r filter %s at %s", self.BASE_DN,
120 filt, self.LDAP_SERVER)
122 filter_, self.LDAP_SERVER)
121 lobjects = server.search_ext_s(self.BASE_DN, self.SEARCH_SCOPE,
123 lobjects = server.search_ext_s(self.BASE_DN, self.SEARCH_SCOPE,
122 filt)
124 filter_)
123
125
124 if not lobjects:
126 if not lobjects:
125 raise ldap.NO_SUCH_OBJECT()
127 raise ldap.NO_SUCH_OBJECT()
@@ -129,12 +131,13 b' class AuthLdap(object):'
129 continue
131 continue
130
132
131 try:
133 try:
134 log.debug('Trying simple bind with %s' % dn)
132 server.simple_bind_s(dn, password)
135 server.simple_bind_s(dn, password)
133 attrs = server.search_ext_s(dn, ldap.SCOPE_BASE,
136 attrs = server.search_ext_s(dn, ldap.SCOPE_BASE,
134 '(objectClass=*)')[0][1]
137 '(objectClass=*)')[0][1]
135 break
138 break
136
139
137 except ldap.INVALID_CREDENTIALS, e:
140 except ldap.INVALID_CREDENTIALS:
138 log.debug("LDAP rejected password for user '%s' (%s): %s",
141 log.debug("LDAP rejected password for user '%s' (%s): %s",
139 uid, username, dn)
142 uid, username, dn)
140
143
@@ -143,10 +146,10 b' class AuthLdap(object):'
143 "of '%s' (%s)", uid, username)
146 "of '%s' (%s)", uid, username)
144 raise LdapPasswordError()
147 raise LdapPasswordError()
145
148
146 except ldap.NO_SUCH_OBJECT, e:
149 except ldap.NO_SUCH_OBJECT:
147 log.debug("LDAP says no such user '%s' (%s)", uid, username)
150 log.debug("LDAP says no such user '%s' (%s)", uid, username)
148 raise LdapUsernameError()
151 raise LdapUsernameError()
149 except ldap.SERVER_DOWN, e:
152 except ldap.SERVER_DOWN:
150 raise LdapConnectionError("LDAP can't access "
153 raise LdapConnectionError("LDAP can't access "
151 "authentication server")
154 "authentication server")
152
155
Show file before | Show file after | Hide comments
@@ -53,19 +53,20 b' if __platform__ in PLATFORM_OTHERS:'
53 requirements.append("py-bcrypt")
53 requirements.append("py-bcrypt")
54
54
55
55
56 #additional files from project that goes somewhere in the filesystem
56 # additional files from project that goes somewhere in the filesystem
57 #relative to sys.prefix
57 # relative to sys.prefix
58 data_files = []
58 data_files = []
59
59
60 #additional files that goes into package itself
60 # additional files that goes into package itself
61 package_data = {'rhodecode': ['i18n/*/LC_MESSAGES/*.mo', ], }
61 package_data = {'rhodecode': ['i18n/*/LC_MESSAGES/*.mo', ], }
62
62
63 description = ('Mercurial repository browser/management with '
63 description = ('Mercurial repository browser/management with '
64 'build in push/pull server and full text search')
64 'build in push/pull server and full text search')
65 keywords = ' '.join(['rhodecode', 'rhodiumcode', 'mercurial', 'git',
65 keywords = ' '.join(['rhodecode', 'rhodiumcode', 'mercurial', 'git',
66 'code review', 'repo groups', 'ldap'
66 'repository management', 'hgweb replacement'
67 'repository management', 'hgweb replacement'
67 'hgwebdir', 'gitweb replacement', 'serving hgweb', ])
68 'hgwebdir', 'gitweb replacement', 'serving hgweb', ])
68 #long description
69 # long description
69 try:
70 try:
70 readme_file = 'README.rst'
71 readme_file = 'README.rst'
71 changelog_file = 'docs/changelog.rst'
72 changelog_file = 'docs/changelog.rst'
@@ -85,7 +86,7 b' except ImportError:'
85 from ez_setup import use_setuptools
86 from ez_setup import use_setuptools
86 use_setuptools()
87 use_setuptools()
87 from setuptools import setup, find_packages
88 from setuptools import setup, find_packages
88 #packages
89 # packages
89 packages = find_packages(exclude=['ez_setup'])
90 packages = find_packages(exclude=['ez_setup'])
90
91
91 setup(
92 setup(
General Comments 0
You need to be logged in to leave comments. Login now