##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

ldap two phase auth fix
marcink -
r701:6602bf1c beta
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -25,9 +25,10 b' class PasswordError(Exception):pass'
25 25
26 26 LDAP_USE_LDAPS = False
27 27 ldap_server_type = 'ldap'
28 LDAP_SERVER_ADDRESS = '192.168.2.56'
28 LDAP_SERVER_ADDRESS = 'myldap.com'
29 29 LDAP_SERVER_PORT = '389'
30 30
31 #USE FOR READ ONLY BIND TO LDAP SERVER
31 32 LDAP_BIND_DN = ''
32 33 LDAP_BIND_PASS = ''
33 34
@@ -37,6 +38,7 b' LDAP_SERVER = "%s://%s:%s" % (ldap_serve'
37 38 LDAP_SERVER_PORT)
38 39
39 40 BASE_DN = "ou=people,dc=server,dc=com"
41 AUTH_DN = "uid=%s,%s"
40 42
41 43 def authenticate_ldap(username, password):
42 44 """Authenticate a user via LDAP and return his/her LDAP properties.
@@ -52,7 +54,7 b' def authenticate_ldap(username, password'
52 54 from rhodecode.lib.helpers import chop_at
53 55
54 56 uid = chop_at(username, "@%s" % LDAP_SERVER_ADDRESS)
55 dn = "uid=%s,%s" % (uid, BASE_DN)
57 dn = AUTH_DN % (uid, BASE_DN)
56 58 log.debug("Authenticating %r at %s", dn, LDAP_SERVER)
57 59 if "," in username:
58 60 raise UsernameError("invalid character in username: ,")
@@ -60,6 +62,12 b' def authenticate_ldap(username, password'
60 62 #ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/etc/openldap/cacerts')
61 63 server = ldap.initialize(LDAP_SERVER)
62 64 server.protocol = ldap.VERSION3
65
66 if LDAP_BIND_DN and LDAP_BIND_PASS:
67 server.simple_bind_s(AUTH_DN % (LDAP_BIND_DN,
68 LDAP_BIND_PASS),
69 password)
70
63 71 server.simple_bind_s(dn, password)
64 72 properties = server.search_s(dn, ldap.SCOPE_SUBTREE)
65 73 if not properties:
General Comments 0
You need to be logged in to leave comments. Login now