kallithea: rhodecode/lib/auth

annotate rhodecode/lib/auth_ldap.py @ 700:07fd56c36bfe beta

added basic ldap auth lib

author	Marcin Kuzminski <marcin@python-works.com>
date	Tue, 16 Nov 2010 09:31:40 +0100
parents
children	6602bf1c5546

rev	line source
700 07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	1 import logging
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	2 logging.basicConfig(level=logging.DEBUG)
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	3 log = logging.getLogger('ldap')
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	4
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	5 #==============================================================================
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	6 # LDAP
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	7 #Name = Just a description for the auth modes page
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	8 #Host = DepartmentName.OrganizationName.local/ IP
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	9 #Port = 389 default for ldap
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	10 #LDAPS = no set True if You need to use ldaps
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	11 #Account = DepartmentName\UserName (or UserName@MyDomain depending on AD server)
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	12 #Password = <password>
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	13 #Base DN = DC=DepartmentName,DC=OrganizationName,DC=local
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	14 #
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	15 #On-the-fly user creation = yes
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	16 #Attributes
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	17 # Login = sAMAccountName
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	18 # Firstname = givenName
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	19 # Lastname = sN
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	20 # Email = mail
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	21
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	22 #==============================================================================
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	23 class UsernameError(Exception):pass
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	24 class PasswordError(Exception):pass
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	25
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	26 LDAP_USE_LDAPS = False
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	27 ldap_server_type = 'ldap'
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	28 LDAP_SERVER_ADDRESS = '192.168.2.56'
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	29 LDAP_SERVER_PORT = '389'
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	30
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	31 LDAP_BIND_DN = ''
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	32 LDAP_BIND_PASS = ''
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	33
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	34 if LDAP_USE_LDAPS:ldap_server_type = ldap_server_type + 's'
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	35 LDAP_SERVER = "%s://%s:%s" % (ldap_server_type,
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	36 LDAP_SERVER_ADDRESS,
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	37 LDAP_SERVER_PORT)
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	38
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	39 BASE_DN = "ou=people,dc=server,dc=com"
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	40
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	41 def authenticate_ldap(username, password):
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	42 """Authenticate a user via LDAP and return his/her LDAP properties.
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	43
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	44 Raises AuthenticationError if the credentials are rejected, or
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	45 EnvironmentError if the LDAP server can't be reached.
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	46 """
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	47 try:
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	48 import ldap
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	49 except ImportError:
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	50 raise Exception('Could not import ldap make sure You install python-ldap')
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	51
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	52 from rhodecode.lib.helpers import chop_at
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	53
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	54 uid = chop_at(username, "@%s" % LDAP_SERVER_ADDRESS)
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	55 dn = "uid=%s,%s" % (uid, BASE_DN)
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	56 log.debug("Authenticating %r at %s", dn, LDAP_SERVER)
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	57 if "," in username:
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	58 raise UsernameError("invalid character in username: ,")
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	59 try:
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	60 #ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/etc/openldap/cacerts')
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	61 server = ldap.initialize(LDAP_SERVER)
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	62 server.protocol = ldap.VERSION3
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	63 server.simple_bind_s(dn, password)
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	64 properties = server.search_s(dn, ldap.SCOPE_SUBTREE)
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	65 if not properties:
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	66 raise ldap.NO_SUCH_OBJECT()
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	67 except ldap.NO_SUCH_OBJECT, e:
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	68 log.debug("LDAP says no such user '%s' (%s)", uid, username)
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	69 raise UsernameError()
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	70 except ldap.INVALID_CREDENTIALS, e:
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	71 log.debug("LDAP rejected password for user '%s' (%s)", uid, username)
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	72 raise PasswordError()
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	73 except ldap.SERVER_DOWN, e:
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	74 raise EnvironmentError("can't access authentication server")
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	75 return properties
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	76
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	77
07fd56c36bfe added basic ldap auth lib Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	78 print authenticate_ldap('test', 'test')

Mercurial > kallithea

annotate rhodecode/lib/auth_ldap.py @ 700:07fd56c36bfe beta