Show More
@@ -113,7 +113,11 b" Here's a typical ldap setup::" | |||||
113 |
|
113 | |||
114 | `Account` and `Password` are optional, and used for two-phase ldap |
|
114 | `Account` and `Password` are optional, and used for two-phase ldap | |
115 | authentication so those are credentials to access Your ldap, if it doesn't |
|
115 | authentication so those are credentials to access Your ldap, if it doesn't | |
116 | support anonymous search/user lookups. |
|
116 | support anonymous search/user lookups. | |
|
117 | ||||
|
118 | Base DN must have %(user)s template inside, it's a placer where Your uid used | |||
|
119 | to login would go, it allows admins to specify not standard schema for uid | |||
|
120 | variable | |||
117 |
|
121 | |||
118 | If all data are entered correctly, and `python-ldap` is properly installed |
|
122 | If all data are entered correctly, and `python-ldap` is properly installed | |
119 | Users should be granted to access RhodeCode wit ldap accounts. When |
|
123 | Users should be granted to access RhodeCode wit ldap accounts. When |
@@ -55,7 +55,6 b' class AuthLdap(object):' | |||||
55 | self.LDAP_SERVER_PORT) |
|
55 | self.LDAP_SERVER_PORT) | |
56 |
|
56 | |||
57 | self.BASE_DN = base_dn |
|
57 | self.BASE_DN = base_dn | |
58 | self.AUTH_DN = "uid=%s,%s" |
|
|||
59 |
|
58 | |||
60 | def authenticate_ldap(self, username, password): |
|
59 | def authenticate_ldap(self, username, password): | |
61 | """Authenticate a user via LDAP and return his/her LDAP properties. |
|
60 | """Authenticate a user via LDAP and return his/her LDAP properties. | |
@@ -70,8 +69,7 b' class AuthLdap(object):' | |||||
70 | from rhodecode.lib.helpers import chop_at |
|
69 | from rhodecode.lib.helpers import chop_at | |
71 |
|
70 | |||
72 | uid = chop_at(username, "@%s" % self.LDAP_SERVER_ADDRESS) |
|
71 | uid = chop_at(username, "@%s" % self.LDAP_SERVER_ADDRESS) | |
73 | dn = self.AUTH_DN % (uid, self.BASE_DN) |
|
72 | ||
74 | log.debug("Authenticating %r at %s", dn, self.LDAP_SERVER) |
|
|||
75 | if "," in username: |
|
73 | if "," in username: | |
76 | raise LdapUsernameError("invalid character in username: ,") |
|
74 | raise LdapUsernameError("invalid character in username: ,") | |
77 | try: |
|
75 | try: | |
@@ -84,11 +82,13 b' class AuthLdap(object):' | |||||
84 | server.protocol = ldap.VERSION3 |
|
82 | server.protocol = ldap.VERSION3 | |
85 |
|
83 | |||
86 | if self.LDAP_BIND_DN and self.LDAP_BIND_PASS: |
|
84 | if self.LDAP_BIND_DN and self.LDAP_BIND_PASS: | |
87 | server.simple_bind_s(self.AUTH_DN % (self.LDAP_BIND_DN, |
|
85 | login_dn = self.BASE_DN % {'user':uid} | |
88 | self.BASE_DN), |
|
86 | server.simple_bind_s(login_dn, self.LDAP_BIND_PASS) | |
89 | self.LDAP_BIND_PASS) |
|
|||
90 |
|
87 | |||
|
88 | dn = self.BASE_DN % {'user':uid} | |||
|
89 | log.debug("Authenticating %r at %s", dn, self.LDAP_SERVER) | |||
91 | server.simple_bind_s(dn, password) |
|
90 | server.simple_bind_s(dn, password) | |
|
91 | ||||
92 | properties = server.search_s(dn, ldap.SCOPE_SUBTREE) |
|
92 | properties = server.search_s(dn, ldap.SCOPE_SUBTREE) | |
93 | if not properties: |
|
93 | if not properties: | |
94 | raise ldap.NO_SUCH_OBJECT() |
|
94 | raise ldap.NO_SUCH_OBJECT() |
@@ -300,6 +300,26 b' class LdapLibValidator(formencode.valida' | |||||
300 | raise LdapImportError |
|
300 | raise LdapImportError | |
301 | return value |
|
301 | return value | |
302 |
|
302 | |||
|
303 | class BaseDnValidator(formencode.validators.FancyValidator): | |||
|
304 | ||||
|
305 | def to_python(self, value, state): | |||
|
306 | ||||
|
307 | try: | |||
|
308 | value % {'user':'valid'} | |||
|
309 | ||||
|
310 | if value.find('%(user)s') == -1: | |||
|
311 | raise formencode.Invalid(_("You need to specify %(user)s in " | |||
|
312 | "template for example uid=%(user)s " | |||
|
313 | ",dc=company...") , | |||
|
314 | value, state) | |||
|
315 | ||||
|
316 | except KeyError: | |||
|
317 | raise formencode.Invalid(_("Wrong template used, only %(user)s " | |||
|
318 | "is an valid entry") , | |||
|
319 | value, state) | |||
|
320 | ||||
|
321 | return value | |||
|
322 | ||||
303 | #=============================================================================== |
|
323 | #=============================================================================== | |
304 | # FORMS |
|
324 | # FORMS | |
305 | #=============================================================================== |
|
325 | #=============================================================================== | |
@@ -457,6 +477,6 b' def LdapSettingsForm():' | |||||
457 | ldap_ldaps = StringBoolean(if_missing=False) |
|
477 | ldap_ldaps = StringBoolean(if_missing=False) | |
458 | ldap_dn_user = UnicodeString(strip=True,) |
|
478 | ldap_dn_user = UnicodeString(strip=True,) | |
459 | ldap_dn_pass = UnicodeString(strip=True,) |
|
479 | ldap_dn_pass = UnicodeString(strip=True,) | |
460 | ldap_base_dn = UnicodeString(strip=True,) |
|
480 | ldap_base_dn = All(BaseDnValidator, UnicodeString(strip=True,)) | |
461 |
|
481 | |||
462 | return _LdapSettingsForm |
|
482 | return _LdapSettingsForm |
@@ -1,7 +1,8 b'' | |||||
1 | from rhodecode import get_version |
|
|||
2 |
|
|
1 | import sys | |
3 | py_version = sys.version_info |
|
2 | py_version = sys.version_info | |
4 |
|
3 | |||
|
4 | from rhodecode import get_version | |||
|
5 | ||||
5 | requirements = [ |
|
6 | requirements = [ | |
6 | "Pylons>=1.0.0", |
|
7 | "Pylons>=1.0.0", | |
7 | "SQLAlchemy>=0.6.5", |
|
8 | "SQLAlchemy>=0.6.5", | |
@@ -9,7 +10,7 b' requirements = [' | |||||
9 | "vcs>=0.1.10", |
|
10 | "vcs>=0.1.10", | |
10 | "pygments>=1.3.0", |
|
11 | "pygments>=1.3.0", | |
11 | "mercurial>=1.7.1", |
|
12 | "mercurial>=1.7.1", | |
12 |
"whoosh |
|
13 | "whoosh==1.3.1", | |
13 | "celery>=2.1.3", |
|
14 | "celery>=2.1.3", | |
14 | "py-bcrypt", |
|
15 | "py-bcrypt", | |
15 | "babel", |
|
16 | "babel", | |
@@ -93,6 +94,10 b' setup(' | |||||
93 | [paste.global_paster_command] |
|
94 | [paste.global_paster_command] | |
94 | make-index = rhodecode.lib.indexers:MakeIndex |
|
95 | make-index = rhodecode.lib.indexers:MakeIndex | |
95 | upgrade-db = rhodecode.lib.utils:UpgradeDb |
|
96 | upgrade-db = rhodecode.lib.utils:UpgradeDb | |
96 |
|
97 | celeryd=rhodecode.lib.celerypylons.commands:CeleryDaemonCommand | ||
|
98 | celerybeat=rhodecode.lib.celerypylons.commands:CeleryBeatCommand | |||
|
99 | camqadm=rhodecode.lib.celerypylons.commands:CAMQPAdminCommand | |||
|
100 | celeryev=rhodecode.lib.celerypylons.commands:CeleryEventCommand | |||
|
101 | ||||
97 | """, |
|
102 | """, | |
98 | ) |
|
103 | ) |
General Comments 0
You need to be logged in to leave comments.
Login now