Show More
| @@ -1,78 +1,86 b'' | |||
|
|
1 | 1 | import logging |
|
|
2 | 2 | logging.basicConfig(level=logging.DEBUG) |
|
|
3 | 3 | log = logging.getLogger('ldap') |
|
|
4 | 4 | |
|
|
5 | 5 | #============================================================================== |
|
|
6 | 6 | # LDAP |
|
|
7 | 7 | #Name = Just a description for the auth modes page |
|
|
8 | 8 | #Host = DepartmentName.OrganizationName.local/ IP |
|
|
9 | 9 | #Port = 389 default for ldap |
|
|
10 | 10 | #LDAPS = no set True if You need to use ldaps |
|
|
11 | 11 | #Account = DepartmentName\UserName (or UserName@MyDomain depending on AD server) |
|
|
12 | 12 | #Password = <password> |
|
|
13 | 13 | #Base DN = DC=DepartmentName,DC=OrganizationName,DC=local |
|
|
14 | 14 | # |
|
|
15 | 15 | #On-the-fly user creation = yes |
|
|
16 | 16 | #Attributes |
|
|
17 | 17 | # Login = sAMAccountName |
|
|
18 | 18 | # Firstname = givenName |
|
|
19 | 19 | # Lastname = sN |
|
|
20 | 20 | # Email = mail |
|
|
21 | 21 | |
|
|
22 | 22 | #============================================================================== |
|
|
23 | 23 | class UsernameError(Exception):pass |
|
|
24 | 24 | class PasswordError(Exception):pass |
|
|
25 | 25 | |
|
|
26 | 26 | LDAP_USE_LDAPS = False |
|
|
27 | 27 | ldap_server_type = 'ldap' |
|
|
28 |
LDAP_SERVER_ADDRESS = ' |
|
|
|
28 | LDAP_SERVER_ADDRESS = 'myldap.com' | |
|
|
29 | 29 | LDAP_SERVER_PORT = '389' |
|
|
30 | 30 | |
|
|
31 | #USE FOR READ ONLY BIND TO LDAP SERVER | |
|
|
31 | 32 | LDAP_BIND_DN = '' |
|
|
32 | 33 | LDAP_BIND_PASS = '' |
|
|
33 | 34 | |
|
|
34 | 35 | if LDAP_USE_LDAPS:ldap_server_type = ldap_server_type + 's' |
|
|
35 | 36 | LDAP_SERVER = "%s://%s:%s" % (ldap_server_type, |
|
|
36 | 37 | LDAP_SERVER_ADDRESS, |
|
|
37 | 38 | LDAP_SERVER_PORT) |
|
|
38 | 39 | |
|
|
39 | 40 | BASE_DN = "ou=people,dc=server,dc=com" |
|
|
41 | AUTH_DN = "uid=%s,%s" | |
|
|
40 | 42 | |
|
|
41 | 43 | def authenticate_ldap(username, password): |
|
|
42 | 44 | """Authenticate a user via LDAP and return his/her LDAP properties. |
|
|
43 | 45 | |
|
|
44 | 46 | Raises AuthenticationError if the credentials are rejected, or |
|
|
45 | 47 | EnvironmentError if the LDAP server can't be reached. |
|
|
46 | 48 | """ |
|
|
47 | 49 | try: |
|
|
48 | 50 | import ldap |
|
|
49 | 51 | except ImportError: |
|
|
50 | 52 | raise Exception('Could not import ldap make sure You install python-ldap') |
|
|
51 | 53 | |
|
|
52 | 54 | from rhodecode.lib.helpers import chop_at |
|
|
53 | 55 | |
|
|
54 | 56 | uid = chop_at(username, "@%s" % LDAP_SERVER_ADDRESS) |
|
|
55 |
dn = |
|
|
|
57 | dn = AUTH_DN % (uid, BASE_DN) | |
|
|
56 | 58 | log.debug("Authenticating %r at %s", dn, LDAP_SERVER) |
|
|
57 | 59 | if "," in username: |
|
|
58 | 60 | raise UsernameError("invalid character in username: ,") |
|
|
59 | 61 | try: |
|
|
60 | 62 | #ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/etc/openldap/cacerts') |
|
|
61 | 63 | server = ldap.initialize(LDAP_SERVER) |
|
|
62 | 64 | server.protocol = ldap.VERSION3 |
|
|
65 | ||
|
|
66 | if LDAP_BIND_DN and LDAP_BIND_PASS: | |
|
|
67 | server.simple_bind_s(AUTH_DN % (LDAP_BIND_DN, | |
|
|
68 | LDAP_BIND_PASS), | |
|
|
69 | password) | |
|
|
70 | ||
|
|
63 | 71 | server.simple_bind_s(dn, password) |
|
|
64 | 72 | properties = server.search_s(dn, ldap.SCOPE_SUBTREE) |
|
|
65 | 73 | if not properties: |
|
|
66 | 74 | raise ldap.NO_SUCH_OBJECT() |
|
|
67 | 75 | except ldap.NO_SUCH_OBJECT, e: |
|
|
68 | 76 | log.debug("LDAP says no such user '%s' (%s)", uid, username) |
|
|
69 | 77 | raise UsernameError() |
|
|
70 | 78 | except ldap.INVALID_CREDENTIALS, e: |
|
|
71 | 79 | log.debug("LDAP rejected password for user '%s' (%s)", uid, username) |
|
|
72 | 80 | raise PasswordError() |
|
|
73 | 81 | except ldap.SERVER_DOWN, e: |
|
|
74 | 82 | raise EnvironmentError("can't access authentication server") |
|
|
75 | 83 | return properties |
|
|
76 | 84 | |
|
|
77 | 85 | |
|
|
78 | 86 | print authenticate_ldap('test', 'test') |
General Comments 0
You need to be logged in to leave comments.
Login now