##// END OF EJS Templates
fixes #77 and adds extendable base Dn with custom uid specification
marcink -
r775:aaf2fc59 beta
parent child Browse files
Show More
@@ -113,7 +113,11 b" Here's a typical ldap setup::"
113
113
114 `Account` and `Password` are optional, and used for two-phase ldap
114 `Account` and `Password` are optional, and used for two-phase ldap
115 authentication so those are credentials to access Your ldap, if it doesn't
115 authentication so those are credentials to access Your ldap, if it doesn't
116 support anonymous search/user lookups.
116 support anonymous search/user lookups.
117
118 Base DN must have %(user)s template inside, it's a placer where Your uid used
119 to login would go, it allows admins to specify not standard schema for uid
120 variable
117
121
118 If all data are entered correctly, and `python-ldap` is properly installed
122 If all data are entered correctly, and `python-ldap` is properly installed
119 Users should be granted to access RhodeCode wit ldap accounts. When
123 Users should be granted to access RhodeCode wit ldap accounts. When
@@ -55,7 +55,6 b' class AuthLdap(object):'
55 self.LDAP_SERVER_PORT)
55 self.LDAP_SERVER_PORT)
56
56
57 self.BASE_DN = base_dn
57 self.BASE_DN = base_dn
58 self.AUTH_DN = "uid=%s,%s"
59
58
60 def authenticate_ldap(self, username, password):
59 def authenticate_ldap(self, username, password):
61 """Authenticate a user via LDAP and return his/her LDAP properties.
60 """Authenticate a user via LDAP and return his/her LDAP properties.
@@ -70,8 +69,7 b' class AuthLdap(object):'
70 from rhodecode.lib.helpers import chop_at
69 from rhodecode.lib.helpers import chop_at
71
70
72 uid = chop_at(username, "@%s" % self.LDAP_SERVER_ADDRESS)
71 uid = chop_at(username, "@%s" % self.LDAP_SERVER_ADDRESS)
73 dn = self.AUTH_DN % (uid, self.BASE_DN)
72
74 log.debug("Authenticating %r at %s", dn, self.LDAP_SERVER)
75 if "," in username:
73 if "," in username:
76 raise LdapUsernameError("invalid character in username: ,")
74 raise LdapUsernameError("invalid character in username: ,")
77 try:
75 try:
@@ -84,11 +82,13 b' class AuthLdap(object):'
84 server.protocol = ldap.VERSION3
82 server.protocol = ldap.VERSION3
85
83
86 if self.LDAP_BIND_DN and self.LDAP_BIND_PASS:
84 if self.LDAP_BIND_DN and self.LDAP_BIND_PASS:
87 server.simple_bind_s(self.AUTH_DN % (self.LDAP_BIND_DN,
85 login_dn = self.BASE_DN % {'user':uid}
88 self.BASE_DN),
86 server.simple_bind_s(login_dn, self.LDAP_BIND_PASS)
89 self.LDAP_BIND_PASS)
90
87
88 dn = self.BASE_DN % {'user':uid}
89 log.debug("Authenticating %r at %s", dn, self.LDAP_SERVER)
91 server.simple_bind_s(dn, password)
90 server.simple_bind_s(dn, password)
91
92 properties = server.search_s(dn, ldap.SCOPE_SUBTREE)
92 properties = server.search_s(dn, ldap.SCOPE_SUBTREE)
93 if not properties:
93 if not properties:
94 raise ldap.NO_SUCH_OBJECT()
94 raise ldap.NO_SUCH_OBJECT()
@@ -300,6 +300,26 b' class LdapLibValidator(formencode.valida'
300 raise LdapImportError
300 raise LdapImportError
301 return value
301 return value
302
302
303 class BaseDnValidator(formencode.validators.FancyValidator):
304
305 def to_python(self, value, state):
306
307 try:
308 value % {'user':'valid'}
309
310 if value.find('%(user)s') == -1:
311 raise formencode.Invalid(_("You need to specify %(user)s in "
312 "template for example uid=%(user)s "
313 ",dc=company...") ,
314 value, state)
315
316 except KeyError:
317 raise formencode.Invalid(_("Wrong template used, only %(user)s "
318 "is an valid entry") ,
319 value, state)
320
321 return value
322
303 #===============================================================================
323 #===============================================================================
304 # FORMS
324 # FORMS
305 #===============================================================================
325 #===============================================================================
@@ -457,6 +477,6 b' def LdapSettingsForm():'
457 ldap_ldaps = StringBoolean(if_missing=False)
477 ldap_ldaps = StringBoolean(if_missing=False)
458 ldap_dn_user = UnicodeString(strip=True,)
478 ldap_dn_user = UnicodeString(strip=True,)
459 ldap_dn_pass = UnicodeString(strip=True,)
479 ldap_dn_pass = UnicodeString(strip=True,)
460 ldap_base_dn = UnicodeString(strip=True,)
480 ldap_base_dn = All(BaseDnValidator, UnicodeString(strip=True,))
461
481
462 return _LdapSettingsForm
482 return _LdapSettingsForm
@@ -1,7 +1,8 b''
1 from rhodecode import get_version
2 import sys
1 import sys
3 py_version = sys.version_info
2 py_version = sys.version_info
4
3
4 from rhodecode import get_version
5
5 requirements = [
6 requirements = [
6 "Pylons>=1.0.0",
7 "Pylons>=1.0.0",
7 "SQLAlchemy>=0.6.5",
8 "SQLAlchemy>=0.6.5",
@@ -9,7 +10,7 b' requirements = ['
9 "vcs>=0.1.10",
10 "vcs>=0.1.10",
10 "pygments>=1.3.0",
11 "pygments>=1.3.0",
11 "mercurial>=1.7.1",
12 "mercurial>=1.7.1",
12 "whoosh>=1.3.1",
13 "whoosh==1.3.1",
13 "celery>=2.1.3",
14 "celery>=2.1.3",
14 "py-bcrypt",
15 "py-bcrypt",
15 "babel",
16 "babel",
@@ -93,6 +94,10 b' setup('
93 [paste.global_paster_command]
94 [paste.global_paster_command]
94 make-index = rhodecode.lib.indexers:MakeIndex
95 make-index = rhodecode.lib.indexers:MakeIndex
95 upgrade-db = rhodecode.lib.utils:UpgradeDb
96 upgrade-db = rhodecode.lib.utils:UpgradeDb
96
97 celeryd=rhodecode.lib.celerypylons.commands:CeleryDaemonCommand
98 celerybeat=rhodecode.lib.celerypylons.commands:CeleryBeatCommand
99 camqadm=rhodecode.lib.celerypylons.commands:CAMQPAdminCommand
100 celeryev=rhodecode.lib.celerypylons.commands:CeleryEventCommand
101
97 """,
102 """,
98 )
103 )
General Comments 0
You need to be logged in to leave comments. Login now