Show More
| @@ -59,6 +59,13 b' class LdapSettingsController(BaseControl' | |||
|
|
59 | 59 | ] |
|
|
60 | 60 | tls_reqcert_default = 'DEMAND' |
|
|
61 | 61 | |
|
|
62 | tls_kind_choices = [('PLAIN', _('No encryption'),), | |
|
|
63 | ('LDAPS', _('LDAPS connection'),), | |
|
|
64 | ('START_TLS', _('START_TLS on LDAP connection'),) | |
|
|
65 | ] | |
|
|
66 | ||
|
|
67 | tls_kind_default = 'PLAIN' | |
|
|
68 | ||
|
|
62 | 69 | @LoginRequired() |
|
|
63 | 70 | @HasPermissionAllDecorator('hg.admin') |
|
|
64 | 71 | def __before__(self): |
| @@ -66,12 +73,14 b' class LdapSettingsController(BaseControl' | |||
|
|
66 | 73 | c.admin_username = session.get('admin_username') |
|
|
67 | 74 | c.search_scope_choices = self.search_scope_choices |
|
|
68 | 75 | c.tls_reqcert_choices = self.tls_reqcert_choices |
|
|
76 | c.tls_kind_choices = self.tls_kind_choices | |
|
|
69 | 77 | super(LdapSettingsController, self).__before__() |
|
|
70 | 78 | |
|
|
71 | 79 | def index(self): |
|
|
72 | 80 | defaults = SettingsModel().get_ldap_settings() |
|
|
73 | 81 | c.search_scope_cur = defaults.get('ldap_search_scope') |
|
|
74 | 82 | c.tls_reqcert_cur = defaults.get('ldap_tls_reqcert') |
|
|
83 | c.tls_kind_cur = defaults.get('ldap_tls_kind') | |
|
|
75 | 84 | |
|
|
76 | 85 | return htmlfill.render( |
|
|
77 | 86 | render('admin/ldap/ldap.html'), |
| @@ -84,7 +93,8 b' class LdapSettingsController(BaseControl' | |||
|
|
84 | 93 | |
|
|
85 | 94 | settings_model = SettingsModel() |
|
|
86 | 95 | _form = LdapSettingsForm([x[0] for x in self.tls_reqcert_choices], |
|
|
87 |
[x[0] for x in self.search_scope_choices] |
|
|
|
96 | [x[0] for x in self.search_scope_choices], | |
|
|
97 | [x[0] for x in self.tls_kind_choices])() | |
|
|
88 | 98 | |
|
|
89 | 99 | try: |
|
|
90 | 100 | form_result = _form.to_python(dict(request.POST)) |
| @@ -190,7 +190,7 b' def authenticate(username, password):' | |||
|
|
190 | 190 | 'port': ldap_settings.get('ldap_port'), |
|
|
191 | 191 | 'bind_dn': ldap_settings.get('ldap_dn_user'), |
|
|
192 | 192 | 'bind_pass': ldap_settings.get('ldap_dn_pass'), |
|
|
193 |
' |
|
|
|
193 | 'tls_kind': ldap_settings.get('ldap_tls_kind'), | |
|
|
194 | 194 | 'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'), |
|
|
195 | 195 | 'ldap_filter': ldap_settings.get('ldap_filter'), |
|
|
196 | 196 | 'search_scope': ldap_settings.get('ldap_search_scope'), |
| @@ -34,14 +34,19 b' except ImportError:' | |||
|
|
34 | 34 | class AuthLdap(object): |
|
|
35 | 35 | |
|
|
36 | 36 | def __init__(self, server, base_dn, port=389, bind_dn='', bind_pass='', |
|
|
37 |
|
|
|
|
37 | tls_kind = 'PLAIN', tls_reqcert='DEMAND', ldap_version=3, | |
|
|
38 | 38 | ldap_filter='(&(objectClass=user)(!(objectClass=computer)))', |
|
|
39 | 39 | search_scope='SUBTREE', |
|
|
40 | 40 | attr_login='uid'): |
|
|
41 | 41 | self.ldap_version = ldap_version |
|
|
42 | if use_ldaps: | |
|
|
42 | ldap_server_type = 'ldap' | |
|
|
43 | ||
|
|
44 | self.TLS_KIND = tls_kind | |
|
|
45 | ||
|
|
46 | if self.TLS_KIND == 'LDAPS': | |
|
|
43 | 47 | port = port or 689 |
|
|
44 | self.LDAP_USE_LDAPS = use_ldaps | |
|
|
48 | ldap_server_type = ldap_server_type + 's' | |
|
|
49 | ||
|
|
45 | 50 | self.TLS_REQCERT = ldap.__dict__['OPT_X_TLS_' + tls_reqcert] |
|
|
46 | 51 | self.LDAP_SERVER_ADDRESS = server |
|
|
47 | 52 | self.LDAP_SERVER_PORT = port |
| @@ -50,8 +55,6 b' class AuthLdap(object):' | |||
|
|
50 | 55 | self.LDAP_BIND_DN = bind_dn |
|
|
51 | 56 | self.LDAP_BIND_PASS = bind_pass |
|
|
52 | 57 | |
|
|
53 | ldap_server_type = 'ldap' | |
|
|
54 | if self.LDAP_USE_LDAPS:ldap_server_type = ldap_server_type + 's' | |
|
|
55 | 58 | self.LDAP_SERVER = "%s://%s:%s" % (ldap_server_type, |
|
|
56 | 59 | self.LDAP_SERVER_ADDRESS, |
|
|
57 | 60 | self.LDAP_SERVER_PORT) |
| @@ -85,7 +88,7 b' class AuthLdap(object):' | |||
|
|
85 | 88 | ldap.set_option(ldap.OPT_TIMEOUT, 20) |
|
|
86 | 89 | ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 10) |
|
|
87 | 90 | ldap.set_option(ldap.OPT_TIMELIMIT, 15) |
|
|
88 |
if self. |
|
|
|
91 | if self.TLS_KIND != 'PLAIN': | |
|
|
89 | 92 | ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, self.TLS_REQCERT) |
|
|
90 | 93 | server = ldap.initialize(self.LDAP_SERVER) |
|
|
91 | 94 | if self.ldap_version == 2: |
| @@ -93,6 +96,9 b' class AuthLdap(object):' | |||
|
|
93 | 96 | else: |
|
|
94 | 97 | server.protocol = ldap.VERSION3 |
|
|
95 | 98 | |
|
|
99 | if self.TLS_KIND == 'START_TLS': | |
|
|
100 | server.start_tls_s() | |
|
|
101 | ||
|
|
96 | 102 | if self.LDAP_BIND_DN and self.LDAP_BIND_PASS: |
|
|
97 | 103 | server.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS) |
|
|
98 | 104 | |
| @@ -312,7 +312,7 b' class DbManage(object):' | |||
|
|
312 | 312 | |
|
|
313 | 313 | try: |
|
|
314 | 314 | for k, v in [('ldap_active', 'false'), ('ldap_host', ''), |
|
|
315 |
('ldap_port', '389'), ('ldap_ld |
|
|
|
315 | ('ldap_port', '389'), ('ldap_tls_kind', 'PLAIN'), | |
|
|
316 | 316 | ('ldap_tls_reqcert', ''), ('ldap_dn_user', ''), |
|
|
317 | 317 | ('ldap_dn_pass', ''), ('ldap_base_dn', ''), |
|
|
318 | 318 | ('ldap_filter', ''), ('ldap_search_scope', ''), |
| @@ -556,7 +556,7 b' def DefaultPermissionsForm(perms_choices' | |||
|
|
556 | 556 | return _DefaultPermissionsForm |
|
|
557 | 557 | |
|
|
558 | 558 | |
|
|
559 | def LdapSettingsForm(tls_reqcert_choices, search_scope_choices): | |
|
|
559 | def LdapSettingsForm(tls_reqcert_choices, search_scope_choices, tls_kind_choices): | |
|
|
560 | 560 | class _LdapSettingsForm(formencode.Schema): |
|
|
561 | 561 | allow_extra_fields = True |
|
|
562 | 562 | filter_extra_fields = True |
| @@ -564,7 +564,7 b' def LdapSettingsForm(tls_reqcert_choices' | |||
|
|
564 | 564 | ldap_active = StringBoolean(if_missing=False) |
|
|
565 | 565 | ldap_host = UnicodeString(strip=True,) |
|
|
566 | 566 | ldap_port = Number(strip=True,) |
|
|
567 | ldap_ldaps = StringBoolean(if_missing=False) | |
|
|
567 | ldap_tls_kind = OneOf(tls_kind_choices) | |
|
|
568 | 568 | ldap_tls_reqcert = OneOf(tls_reqcert_choices) |
|
|
569 | 569 | ldap_dn_user = UnicodeString(strip=True,) |
|
|
570 | 570 | ldap_dn_pass = UnicodeString(strip=True,) |
| @@ -70,7 +70,7 b' class SettingsModel(BaseModel):' | |||
|
|
70 | 70 | ldap_active |
|
|
71 | 71 | ldap_host |
|
|
72 | 72 | ldap_port |
|
|
73 |
ldap_ld |
|
|
|
73 | ldap_tls_kind | |
|
|
74 | 74 | ldap_tls_reqcert |
|
|
75 | 75 | ldap_dn_user |
|
|
76 | 76 | ldap_dn_pass |
| @@ -47,8 +47,8 b'' | |||
|
|
47 | 47 | <div class="input">${h.password('ldap_dn_pass',class_='small')}</div> |
|
|
48 | 48 | </div> |
|
|
49 | 49 | <div class="field"> |
|
|
50 |
<div class="label |
|
|
|
51 |
<div class=" |
|
|
|
50 | <div class="label"><label for="ldap_tls_kind">${_('Connection security')}</label></div> | |
|
|
51 | <div class="select">${h.select('ldap_tls_kind',c.tls_kind_cur,c.tls_kind_choices,class_='small')}</div> | |
|
|
52 | 52 | </div> |
|
|
53 | 53 | <div class="field"> |
|
|
54 | 54 | <div class="label"><label for="ldap_tls_reqcert">${_('Certificate Checks')}</label></div> |
General Comments 0
You need to be logged in to leave comments.
Login now