Show More
@@ -43,7 +43,7 b' class AuthLdap(object):' | |||
|
43 | 43 | def __init__(self, server, base_dn, port=389, bind_dn='', bind_pass='', |
|
44 | 44 | tls_kind='PLAIN', tls_reqcert='DEMAND', ldap_version=3, |
|
45 | 45 | ldap_filter='(&(objectClass=user)(!(objectClass=computer)))', |
|
46 |
search_scope |
|
|
46 | search_scope='SUBTREE', attr_login='uid'): | |
|
47 | 47 | self.ldap_version = ldap_version |
|
48 | 48 | ldap_server_type = 'ldap' |
|
49 | 49 | |
@@ -52,9 +52,9 b' class AuthLdap(object):' | |||
|
52 | 52 | if self.TLS_KIND == 'LDAPS': |
|
53 | 53 | port = port or 689 |
|
54 | 54 | ldap_server_type = ldap_server_type + 's' |
|
55 | ||
|
55 | ||
|
56 | 56 | OPT_X_TLS_DEMAND = 2 |
|
57 |
self.TLS_REQCERT = getattr(ldap, 'OPT_X_TLS_%s' % tls_reqcert, |
|
|
57 | self.TLS_REQCERT = getattr(ldap, 'OPT_X_TLS_%s' % tls_reqcert, | |
|
58 | 58 | OPT_X_TLS_DEMAND) |
|
59 | 59 | self.LDAP_SERVER_ADDRESS = server |
|
60 | 60 | self.LDAP_SERVER_PORT = port |
@@ -73,7 +73,8 b' class AuthLdap(object):' | |||
|
73 | 73 | self.attr_login = attr_login |
|
74 | 74 | |
|
75 | 75 | def authenticate_ldap(self, username, password): |
|
76 | """Authenticate a user via LDAP and return his/her LDAP properties. | |
|
76 | """ | |
|
77 | Authenticate a user via LDAP and return his/her LDAP properties. | |
|
77 | 78 | |
|
78 | 79 | Raises AuthenticationError if the credentials are rejected, or |
|
79 | 80 | EnvironmentError if the LDAP server can't be reached. |
@@ -87,13 +88,14 b' class AuthLdap(object):' | |||
|
87 | 88 | uid = chop_at(username, "@%s" % self.LDAP_SERVER_ADDRESS) |
|
88 | 89 | |
|
89 | 90 | if not password: |
|
90 |
log.debug("Attempt to authenticate LDAP user |
|
|
91 | log.debug("Attempt to authenticate LDAP user " | |
|
92 | "with blank password rejected.") | |
|
91 | 93 | raise LdapPasswordError() |
|
92 | 94 | if "," in username: |
|
93 | 95 | raise LdapUsernameError("invalid character in username: ,") |
|
94 | 96 | try: |
|
95 | if hasattr(ldap,'OPT_X_TLS_CACERTDIR'): | |
|
96 |
ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, |
|
|
97 | if hasattr(ldap, 'OPT_X_TLS_CACERTDIR'): | |
|
98 | ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, | |
|
97 | 99 | '/etc/openldap/cacerts') |
|
98 | 100 | ldap.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF) |
|
99 | 101 | ldap.set_option(ldap.OPT_RESTART, ldap.OPT_ON) |
@@ -114,12 +116,12 b' class AuthLdap(object):' | |||
|
114 | 116 | if self.LDAP_BIND_DN and self.LDAP_BIND_PASS: |
|
115 | 117 | server.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS) |
|
116 | 118 | |
|
117 | filt = '(&%s(%s=%s))' % (self.LDAP_FILTER, self.attr_login, | |
|
119 | filter_ = '(&%s(%s=%s))' % (self.LDAP_FILTER, self.attr_login, | |
|
118 | 120 | username) |
|
119 | log.debug("Authenticating %r filt %s at %s", self.BASE_DN, | |
|
120 | filt, self.LDAP_SERVER) | |
|
121 | log.debug("Authenticating %r filter %s at %s", self.BASE_DN, | |
|
122 | filter_, self.LDAP_SERVER) | |
|
121 | 123 | lobjects = server.search_ext_s(self.BASE_DN, self.SEARCH_SCOPE, |
|
122 | filt) | |
|
124 | filter_) | |
|
123 | 125 | |
|
124 | 126 | if not lobjects: |
|
125 | 127 | raise ldap.NO_SUCH_OBJECT() |
@@ -129,12 +131,13 b' class AuthLdap(object):' | |||
|
129 | 131 | continue |
|
130 | 132 | |
|
131 | 133 | try: |
|
134 | log.debug('Trying simple bind with %s' % dn) | |
|
132 | 135 | server.simple_bind_s(dn, password) |
|
133 | 136 | attrs = server.search_ext_s(dn, ldap.SCOPE_BASE, |
|
134 | 137 | '(objectClass=*)')[0][1] |
|
135 | 138 | break |
|
136 | 139 | |
|
137 |
except ldap.INVALID_CREDENTIALS |
|
|
140 | except ldap.INVALID_CREDENTIALS: | |
|
138 | 141 | log.debug("LDAP rejected password for user '%s' (%s): %s", |
|
139 | 142 | uid, username, dn) |
|
140 | 143 | |
@@ -143,10 +146,10 b' class AuthLdap(object):' | |||
|
143 | 146 | "of '%s' (%s)", uid, username) |
|
144 | 147 | raise LdapPasswordError() |
|
145 | 148 | |
|
146 |
except ldap.NO_SUCH_OBJECT |
|
|
149 | except ldap.NO_SUCH_OBJECT: | |
|
147 | 150 | log.debug("LDAP says no such user '%s' (%s)", uid, username) |
|
148 | 151 | raise LdapUsernameError() |
|
149 |
except ldap.SERVER_DOWN |
|
|
152 | except ldap.SERVER_DOWN: | |
|
150 | 153 | raise LdapConnectionError("LDAP can't access " |
|
151 | 154 | "authentication server") |
|
152 | 155 |
@@ -53,19 +53,20 b' if __platform__ in PLATFORM_OTHERS:' | |||
|
53 | 53 | requirements.append("py-bcrypt") |
|
54 | 54 | |
|
55 | 55 | |
|
56 | #additional files from project that goes somewhere in the filesystem | |
|
57 | #relative to sys.prefix | |
|
56 | # additional files from project that goes somewhere in the filesystem | |
|
57 | # relative to sys.prefix | |
|
58 | 58 | data_files = [] |
|
59 | 59 | |
|
60 | #additional files that goes into package itself | |
|
60 | # additional files that goes into package itself | |
|
61 | 61 | package_data = {'rhodecode': ['i18n/*/LC_MESSAGES/*.mo', ], } |
|
62 | 62 | |
|
63 | 63 | description = ('Mercurial repository browser/management with ' |
|
64 | 64 | 'build in push/pull server and full text search') |
|
65 | 65 | keywords = ' '.join(['rhodecode', 'rhodiumcode', 'mercurial', 'git', |
|
66 | 'code review', 'repo groups', 'ldap' | |
|
66 | 67 | 'repository management', 'hgweb replacement' |
|
67 | 68 | 'hgwebdir', 'gitweb replacement', 'serving hgweb', ]) |
|
68 | #long description | |
|
69 | # long description | |
|
69 | 70 | try: |
|
70 | 71 | readme_file = 'README.rst' |
|
71 | 72 | changelog_file = 'docs/changelog.rst' |
@@ -85,7 +86,7 b' except ImportError:' | |||
|
85 | 86 | from ez_setup import use_setuptools |
|
86 | 87 | use_setuptools() |
|
87 | 88 | from setuptools import setup, find_packages |
|
88 | #packages | |
|
89 | # packages | |
|
89 | 90 | packages = find_packages(exclude=['ez_setup']) |
|
90 | 91 | |
|
91 | 92 | setup( |
General Comments 0
You need to be logged in to leave comments.
Login now