upstream/kallithea Commit - r701:6602bf1c

25

26

LDAP_USE_LDAPS = False

26

LDAP_USE_LDAPS = False

27

ldap_server_type = 'ldap'

27

ldap_server_type = 'ldap'

28

LDAP_SERVER_ADDRESS = '~~192.168.2.56~~'

28

LDAP_SERVER_ADDRESS = 'myldap.com'

29

LDAP_SERVER_PORT = '389'

29

LDAP_SERVER_PORT = '389'

30

31

#USE FOR READ ONLY BIND TO LDAP SERVER

31

LDAP_BIND_DN = ''

32

LDAP_BIND_DN = ''

32

LDAP_BIND_PASS = ''

33

LDAP_BIND_PASS = ''

33

34

37

LDAP_SERVER_PORT)

38

LDAP_SERVER_PORT)

38

39

BASE_DN = "ou=people,dc=server,dc=com"

40

BASE_DN = "ou=people,dc=server,dc=com"

41

AUTH_DN = "uid=%s,%s"

40

42

41

def authenticate_ldap(username, password):

43

def authenticate_ldap(username, password):

42

"""Authenticate a user via LDAP and return his/her LDAP properties.

44

"""Authenticate a user via LDAP and return his/her LDAP properties.

52

from rhodecode.lib.helpers import chop_at

54

from rhodecode.lib.helpers import chop_at

53

55

54

uid = chop_at(username, "@%s" % LDAP_SERVER_ADDRESS)

56

uid = chop_at(username, "@%s" % LDAP_SERVER_ADDRESS)

55

dn = ~~"uid=~~%s,%s" % (uid, BASE_DN)

57

dn = AUTH_DN % (uid, BASE_DN)

56

log.debug("Authenticating %r at %s", dn, LDAP_SERVER)

58

log.debug("Authenticating %r at %s", dn, LDAP_SERVER)

57

if "," in username:

59

if "," in username:

58

raise UsernameError("invalid character in username: ,")

60

raise UsernameError("invalid character in username: ,")

60

#ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/etc/openldap/cacerts')

62

#ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/etc/openldap/cacerts')

61

server = ldap.initialize(LDAP_SERVER)

63

server = ldap.initialize(LDAP_SERVER)

62

server.protocol = ldap.VERSION3

64

server.protocol = ldap.VERSION3

65

66

if LDAP_BIND_DN and LDAP_BIND_PASS:

67

server.simple_bind_s(AUTH_DN % (LDAP_BIND_DN,

68

LDAP_BIND_PASS),

69

password)

70

63

server.simple_bind_s(dn, password)

71

server.simple_bind_s(dn, password)

64

properties = server.search_s(dn, ldap.SCOPE_SUBTREE)

72

properties = server.search_s(dn, ldap.SCOPE_SUBTREE)

65

if not properties:

73

if not properties:

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             LDAP_USE_LDAPS = False
             ldap_server_type = 'ldap'
-            LDAP_SERVER_ADDRESS = '192.168.2.56'
+            LDAP_SERVER_ADDRESS = 'myldap.com'
             LDAP_SERVER_PORT = '389'
+            #USE FOR READ ONLY BIND TO LDAP SERVER
             LDAP_BIND_DN = ''
             LDAP_BIND_PASS = ''
                                                    LDAP_SERVER_PORT)
             BASE_DN = "ou=people,dc=server,dc=com"
+            AUTH_DN = "uid=%s,%s"
             def authenticate_ldap(username, password):
                 """Authenticate a user via LDAP and return his/her LDAP properties.
                 from rhodecode.lib.helpers import chop_at
                 uid = chop_at(username, "@%s" % LDAP_SERVER_ADDRESS)
-                dn = "uid=%s,%s" % (uid, BASE_DN)
+                dn = AUTH_DN % (uid, BASE_DN)
                 log.debug("Authenticating %r at %s", dn, LDAP_SERVER)
                 if "," in username:
                     raise UsernameError("invalid character in username: ,")
                     #ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/etc/openldap/cacerts')
                     server = ldap.initialize(LDAP_SERVER)
                     server.protocol = ldap.VERSION3
+                    if LDAP_BIND_DN and LDAP_BIND_PASS:
+                        server.simple_bind_s(AUTH_DN % (LDAP_BIND_DN,
+                                                        LDAP_BIND_PASS),
+                                                        password)
                     server.simple_bind_s(dn, password)
                     properties = server.search_s(dn, ldap.SCOPE_SUBTREE)
                     if not properties: