Show More
| @@ -113,7 +113,11 b" Here's a typical ldap setup::" | |||
|
|
113 | 113 | |
|
|
114 | 114 | `Account` and `Password` are optional, and used for two-phase ldap |
|
|
115 | 115 | authentication so those are credentials to access Your ldap, if it doesn't |
|
|
116 | support anonymous search/user lookups. | |
|
|
116 | support anonymous search/user lookups. | |
|
|
117 | ||
|
|
118 | Base DN must have %(user)s template inside, it's a placer where Your uid used | |
|
|
119 | to login would go, it allows admins to specify not standard schema for uid | |
|
|
120 | variable | |
|
|
117 | 121 | |
|
|
118 | 122 | If all data are entered correctly, and `python-ldap` is properly installed |
|
|
119 | 123 | Users should be granted to access RhodeCode wit ldap accounts. When |
| @@ -55,7 +55,6 b' class AuthLdap(object):' | |||
|
|
55 | 55 | self.LDAP_SERVER_PORT) |
|
|
56 | 56 | |
|
|
57 | 57 | self.BASE_DN = base_dn |
|
|
58 | self.AUTH_DN = "uid=%s,%s" | |
|
|
59 | 58 | |
|
|
60 | 59 | def authenticate_ldap(self, username, password): |
|
|
61 | 60 | """Authenticate a user via LDAP and return his/her LDAP properties. |
| @@ -70,8 +69,7 b' class AuthLdap(object):' | |||
|
|
70 | 69 | from rhodecode.lib.helpers import chop_at |
|
|
71 | 70 | |
|
|
72 | 71 | uid = chop_at(username, "@%s" % self.LDAP_SERVER_ADDRESS) |
|
|
73 | dn = self.AUTH_DN % (uid, self.BASE_DN) | |
|
|
74 | log.debug("Authenticating %r at %s", dn, self.LDAP_SERVER) | |
|
|
72 | ||
|
|
75 | 73 | if "," in username: |
|
|
76 | 74 | raise LdapUsernameError("invalid character in username: ,") |
|
|
77 | 75 | try: |
| @@ -84,11 +82,13 b' class AuthLdap(object):' | |||
|
|
84 | 82 | server.protocol = ldap.VERSION3 |
|
|
85 | 83 | |
|
|
86 | 84 | if self.LDAP_BIND_DN and self.LDAP_BIND_PASS: |
|
|
87 | server.simple_bind_s(self.AUTH_DN % (self.LDAP_BIND_DN, | |
|
|
88 | self.BASE_DN), | |
|
|
89 | self.LDAP_BIND_PASS) | |
|
|
85 | login_dn = self.BASE_DN % {'user':uid} | |
|
|
86 | server.simple_bind_s(login_dn, self.LDAP_BIND_PASS) | |
|
|
90 | 87 | |
|
|
88 | dn = self.BASE_DN % {'user':uid} | |
|
|
89 | log.debug("Authenticating %r at %s", dn, self.LDAP_SERVER) | |
|
|
91 | 90 | server.simple_bind_s(dn, password) |
|
|
91 | ||
|
|
92 | 92 | properties = server.search_s(dn, ldap.SCOPE_SUBTREE) |
|
|
93 | 93 | if not properties: |
|
|
94 | 94 | raise ldap.NO_SUCH_OBJECT() |
| @@ -300,6 +300,26 b' class LdapLibValidator(formencode.valida' | |||
|
|
300 | 300 | raise LdapImportError |
|
|
301 | 301 | return value |
|
|
302 | 302 | |
|
|
303 | class BaseDnValidator(formencode.validators.FancyValidator): | |
|
|
304 | ||
|
|
305 | def to_python(self, value, state): | |
|
|
306 | ||
|
|
307 | try: | |
|
|
308 | value % {'user':'valid'} | |
|
|
309 | ||
|
|
310 | if value.find('%(user)s') == -1: | |
|
|
311 | raise formencode.Invalid(_("You need to specify %(user)s in " | |
|
|
312 | "template for example uid=%(user)s " | |
|
|
313 | ",dc=company...") , | |
|
|
314 | value, state) | |
|
|
315 | ||
|
|
316 | except KeyError: | |
|
|
317 | raise formencode.Invalid(_("Wrong template used, only %(user)s " | |
|
|
318 | "is an valid entry") , | |
|
|
319 | value, state) | |
|
|
320 | ||
|
|
321 | return value | |
|
|
322 | ||
|
|
303 | 323 | #=============================================================================== |
|
|
304 | 324 | # FORMS |
|
|
305 | 325 | #=============================================================================== |
| @@ -457,6 +477,6 b' def LdapSettingsForm():' | |||
|
|
457 | 477 | ldap_ldaps = StringBoolean(if_missing=False) |
|
|
458 | 478 | ldap_dn_user = UnicodeString(strip=True,) |
|
|
459 | 479 | ldap_dn_pass = UnicodeString(strip=True,) |
|
|
460 | ldap_base_dn = UnicodeString(strip=True,) | |
|
|
480 | ldap_base_dn = All(BaseDnValidator, UnicodeString(strip=True,)) | |
|
|
461 | 481 | |
|
|
462 | 482 | return _LdapSettingsForm |
| @@ -1,7 +1,8 b'' | |||
|
|
1 | from rhodecode import get_version | |
|
|
2 | 1 |
|
|
|
3 | 2 | py_version = sys.version_info |
|
|
4 | 3 | |
|
|
4 | from rhodecode import get_version | |
|
|
5 | ||
|
|
5 | 6 | requirements = [ |
|
|
6 | 7 | "Pylons>=1.0.0", |
|
|
7 | 8 | "SQLAlchemy>=0.6.5", |
| @@ -9,7 +10,7 b' requirements = [' | |||
|
|
9 | 10 | "vcs>=0.1.10", |
|
|
10 | 11 | "pygments>=1.3.0", |
|
|
11 | 12 | "mercurial>=1.7.1", |
|
|
12 |
"whoosh |
|
|
|
13 | "whoosh==1.3.1", | |
|
|
13 | 14 | "celery>=2.1.3", |
|
|
14 | 15 | "py-bcrypt", |
|
|
15 | 16 | "babel", |
| @@ -93,6 +94,10 b' setup(' | |||
|
|
93 | 94 | [paste.global_paster_command] |
|
|
94 | 95 | make-index = rhodecode.lib.indexers:MakeIndex |
|
|
95 | 96 | upgrade-db = rhodecode.lib.utils:UpgradeDb |
|
|
96 | ||
|
|
97 | celeryd=rhodecode.lib.celerypylons.commands:CeleryDaemonCommand | |
|
|
98 | celerybeat=rhodecode.lib.celerypylons.commands:CeleryBeatCommand | |
|
|
99 | camqadm=rhodecode.lib.celerypylons.commands:CAMQPAdminCommand | |
|
|
100 | celeryev=rhodecode.lib.celerypylons.commands:CeleryEventCommand | |
|
|
101 | ||
|
|
97 | 102 | """, |
|
|
98 | 103 | ) |
General Comments 0
You need to be logged in to leave comments.
Login now