Mercurial > kallithea

annotate rhodecode/lib/auth_ldap.py @ 1549:d6cb805c92fd beta

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
moved kill function to compat
author Marcin Kuzminski <marcin@python-works.com>
date Tue, 11 Oct 2011 20:59:41 -0500
parents d17aa79768f0
children bf263968da47 9b80fb893e7f
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1292
c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents: 1290
diff changeset
1 # -*- coding: utf-8 -*-
c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents: 1290
diff changeset
2 """
c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents: 1290
diff changeset
3 rhodecode.controllers.changelog
c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents: 1290
diff changeset
4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents: 1290
diff changeset
5
c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents: 1290
diff changeset
6 RhodeCode authentication library for LDAP
c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents: 1290
diff changeset
7
c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents: 1290
diff changeset
8 :created_on: Created on Nov 17, 2010
c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents: 1290
diff changeset
9 :author: marcink
c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents: 1290
diff changeset
10 :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents: 1290
diff changeset
11 :license: GPLv3, see COPYING for more details.
c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents: 1290
diff changeset
12 """
1206
a671db5bdd58 fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents: 1203
diff changeset
13 # This program is free software: you can redistribute it and/or modify
a671db5bdd58 fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents: 1203
diff changeset
14 # it under the terms of the GNU General Public License as published by
a671db5bdd58 fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents: 1203
diff changeset
15 # the Free Software Foundation, either version 3 of the License, or
a671db5bdd58 fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents: 1203
diff changeset
16 # (at your option) any later version.
1203
6832ef664673 source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents: 1185
diff changeset
17 #
713
1bb0fcdec895 fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents: 705
diff changeset
18 # This program is distributed in the hope that it will be useful,
1bb0fcdec895 fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents: 705
diff changeset
19 # but WITHOUT ANY WARRANTY; without even the implied warranty of
1bb0fcdec895 fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents: 705
diff changeset
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1bb0fcdec895 fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents: 705
diff changeset
21 # GNU General Public License for more details.
1203
6832ef664673 source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents: 1185
diff changeset
22 #
713
1bb0fcdec895 fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents: 705
diff changeset
23 # You should have received a copy of the GNU General Public License
1206
a671db5bdd58 fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents: 1203
diff changeset
24 # along with this program. If not, see <http://www.gnu.org/licenses/>.
700
07fd56c36bfe added basic ldap auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
25
705
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
26 import logging
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
27
1292
c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents: 1290
diff changeset
28 from rhodecode.lib.exceptions import LdapConnectionError, LdapUsernameError, \
c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents: 1290
diff changeset
29 LdapPasswordError
c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents: 1290
diff changeset
30
705
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
31 log = logging.getLogger(__name__)
700
07fd56c36bfe added basic ldap auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
32
1292
c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents: 1290
diff changeset
33
705
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
34 try:
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
35 import ldap
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
36 except ImportError:
1292
c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents: 1290
diff changeset
37 # means that python-ldap is not installed
705
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
38 pass
700
07fd56c36bfe added basic ldap auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
39
1292
c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents: 1290
diff changeset
40
705
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
41 class AuthLdap(object):
700
07fd56c36bfe added basic ldap auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
42
705
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
43 def __init__(self, server, base_dn, port=389, bind_dn='', bind_pass='',
1292
c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents: 1290
diff changeset
44 tls_kind='PLAIN', tls_reqcert='DEMAND', ldap_version=3,
991
b232a36cc51f Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents: 902
diff changeset
45 ldap_filter='(&(objectClass=user)(!(objectClass=computer)))',
b232a36cc51f Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents: 902
diff changeset
46 search_scope='SUBTREE',
b232a36cc51f Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents: 902
diff changeset
47 attr_login='uid'):
705
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
48 self.ldap_version = ldap_version
1290
74685a31cc43 Enable start_tls connection encryption.
"Lorenzo M. Catucci" <lorenzo@sancho.ccd.uniroma2.it>
parents: 1287
diff changeset
49 ldap_server_type = 'ldap'
74685a31cc43 Enable start_tls connection encryption.
"Lorenzo M. Catucci" <lorenzo@sancho.ccd.uniroma2.it>
parents: 1287
diff changeset
50
74685a31cc43 Enable start_tls connection encryption.
"Lorenzo M. Catucci" <lorenzo@sancho.ccd.uniroma2.it>
parents: 1287
diff changeset
51 self.TLS_KIND = tls_kind
74685a31cc43 Enable start_tls connection encryption.
"Lorenzo M. Catucci" <lorenzo@sancho.ccd.uniroma2.it>
parents: 1287
diff changeset
52
74685a31cc43 Enable start_tls connection encryption.
"Lorenzo M. Catucci" <lorenzo@sancho.ccd.uniroma2.it>
parents: 1287
diff changeset
53 if self.TLS_KIND == 'LDAPS':
705
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
54 port = port or 689
1290
74685a31cc43 Enable start_tls connection encryption.
"Lorenzo M. Catucci" <lorenzo@sancho.ccd.uniroma2.it>
parents: 1287
diff changeset
55 ldap_server_type = ldap_server_type + 's'
74685a31cc43 Enable start_tls connection encryption.
"Lorenzo M. Catucci" <lorenzo@sancho.ccd.uniroma2.it>
parents: 1287
diff changeset
56
991
b232a36cc51f Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents: 902
diff changeset
57 self.TLS_REQCERT = ldap.__dict__['OPT_X_TLS_' + tls_reqcert]
705
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
58 self.LDAP_SERVER_ADDRESS = server
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
59 self.LDAP_SERVER_PORT = port
700
07fd56c36bfe added basic ldap auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
60
705
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
61 #USE FOR READ ONLY BIND TO LDAP SERVER
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
62 self.LDAP_BIND_DN = bind_dn
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
63 self.LDAP_BIND_PASS = bind_pass
700
07fd56c36bfe added basic ldap auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
64
705
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
65 self.LDAP_SERVER = "%s://%s:%s" % (ldap_server_type,
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
66 self.LDAP_SERVER_ADDRESS,
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
67 self.LDAP_SERVER_PORT)
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
68
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
69 self.BASE_DN = base_dn
991
b232a36cc51f Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents: 902
diff changeset
70 self.LDAP_FILTER = ldap_filter
b232a36cc51f Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents: 902
diff changeset
71 self.SEARCH_SCOPE = ldap.__dict__['SCOPE_' + search_scope]
b232a36cc51f Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents: 902
diff changeset
72 self.attr_login = attr_login
b232a36cc51f Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents: 902
diff changeset
73
705
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
74 def authenticate_ldap(self, username, password):
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
75 """Authenticate a user via LDAP and return his/her LDAP properties.
1203
6832ef664673 source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents: 1185
diff changeset
76
705
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
77 Raises AuthenticationError if the credentials are rejected, or
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
78 EnvironmentError if the LDAP server can't be reached.
1203
6832ef664673 source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents: 1185
diff changeset
79
705
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
80 :param username: username
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
81 :param password: password
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
82 """
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
83
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
84 from rhodecode.lib.helpers import chop_at
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
85
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
86 uid = chop_at(username, "@%s" % self.LDAP_SERVER_ADDRESS)
775
aaf2fc59a39a fixes #77 and adds extendable base Dn with custom uid specification
Marcin Kuzminski <marcin@python-works.com>
parents: 739
diff changeset
87
705
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
88 if "," in username:
713
1bb0fcdec895 fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents: 705
diff changeset
89 raise LdapUsernameError("invalid character in username: ,")
705
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
90 try:
739
554ed64953ff fixes #76 added confirmation dialog for user removal.
Marcin Kuzminski <marcin@python-works.com>
parents: 713
diff changeset
91 ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, '/etc/openldap/cacerts')
991
b232a36cc51f Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents: 902
diff changeset
92 ldap.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF)
b232a36cc51f Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents: 902
diff changeset
93 ldap.set_option(ldap.OPT_RESTART, ldap.OPT_ON)
b232a36cc51f Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents: 902
diff changeset
94 ldap.set_option(ldap.OPT_TIMEOUT, 20)
705
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
95 ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 10)
991
b232a36cc51f Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents: 902
diff changeset
96 ldap.set_option(ldap.OPT_TIMELIMIT, 15)
1290
74685a31cc43 Enable start_tls connection encryption.
"Lorenzo M. Catucci" <lorenzo@sancho.ccd.uniroma2.it>
parents: 1287
diff changeset
97 if self.TLS_KIND != 'PLAIN':
991
b232a36cc51f Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents: 902
diff changeset
98 ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, self.TLS_REQCERT)
705
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
99 server = ldap.initialize(self.LDAP_SERVER)
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
100 if self.ldap_version == 2:
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
101 server.protocol = ldap.VERSION2
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
102 else:
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
103 server.protocol = ldap.VERSION3
700
07fd56c36bfe added basic ldap auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
104
1290
74685a31cc43 Enable start_tls connection encryption.
"Lorenzo M. Catucci" <lorenzo@sancho.ccd.uniroma2.it>
parents: 1287
diff changeset
105 if self.TLS_KIND == 'START_TLS':
74685a31cc43 Enable start_tls connection encryption.
"Lorenzo M. Catucci" <lorenzo@sancho.ccd.uniroma2.it>
parents: 1287
diff changeset
106 server.start_tls_s()
74685a31cc43 Enable start_tls connection encryption.
"Lorenzo M. Catucci" <lorenzo@sancho.ccd.uniroma2.it>
parents: 1287
diff changeset
107
705
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
108 if self.LDAP_BIND_DN and self.LDAP_BIND_PASS:
794
22eca93bea97 fixes a bug with two-pass ldap auth (thanks for TK Soh for that)
Marcin Kuzminski <marcin@python-works.com>
parents: 775
diff changeset
109 server.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS)
700
07fd56c36bfe added basic ldap auth lib
Marcin Kuzminski <marcin@python-works.com>
parents:
diff changeset
110
1292
c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents: 1290
diff changeset
111 filt = '(&%s(%s=%s))' % (self.LDAP_FILTER, self.attr_login,
c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents: 1290
diff changeset
112 username)
1170
Marcin Kuzminski <marcin@python-works.com>
parents: 991
diff changeset
113 log.debug("Authenticating %r filt %s at %s", self.BASE_DN,
Marcin Kuzminski <marcin@python-works.com>
parents: 991
diff changeset
114 filt, self.LDAP_SERVER)
Marcin Kuzminski <marcin@python-works.com>
parents: 991
diff changeset
115 lobjects = server.search_ext_s(self.BASE_DN, self.SEARCH_SCOPE,
Marcin Kuzminski <marcin@python-works.com>
parents: 991
diff changeset
116 filt)
991
b232a36cc51f Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents: 902
diff changeset
117
b232a36cc51f Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents: 902
diff changeset
118 if not lobjects:
b232a36cc51f Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents: 902
diff changeset
119 raise ldap.NO_SUCH_OBJECT()
775
aaf2fc59a39a fixes #77 and adds extendable base Dn with custom uid specification
Marcin Kuzminski <marcin@python-works.com>
parents: 739
diff changeset
120
1287
28060f0ac6c6 Fetch entry after successful bind for being able to read its attributes.
"Lorenzo M. Catucci" <lorenzo@sancho.ccd.uniroma2.it>
parents: 1206
diff changeset
121 for (dn, _attrs) in lobjects:
1444
d17aa79768f0 AD fix when search could return empty dn
Marcin Kuzminski <marcin@python-works.com>
parents: 1292
diff changeset
122 if dn is None:
d17aa79768f0 AD fix when search could return empty dn
Marcin Kuzminski <marcin@python-works.com>
parents: 1292
diff changeset
123 continue
d17aa79768f0 AD fix when search could return empty dn
Marcin Kuzminski <marcin@python-works.com>
parents: 1292
diff changeset
124
991
b232a36cc51f Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents: 902
diff changeset
125 try:
b232a36cc51f Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents: 902
diff changeset
126 server.simple_bind_s(dn, password)
1292
c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents: 1290
diff changeset
127 attrs = server.search_ext_s(dn, ldap.SCOPE_BASE,
c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents: 1290
diff changeset
128 '(objectClass=*)')[0][1]
991
b232a36cc51f Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents: 902
diff changeset
129 break
b232a36cc51f Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents: 902
diff changeset
130
b232a36cc51f Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents: 902
diff changeset
131 except ldap.INVALID_CREDENTIALS, e:
1170
Marcin Kuzminski <marcin@python-works.com>
parents: 991
diff changeset
132 log.debug("LDAP rejected password for user '%s' (%s): %s",
Marcin Kuzminski <marcin@python-works.com>
parents: 991
diff changeset
133 uid, username, dn)
991
b232a36cc51f Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents: 902
diff changeset
134
1185
597bc7077f18 applied patch from issue #138
Marcin Kuzminski <marcin@python-works.com>
parents: 1170
diff changeset
135 else:
597bc7077f18 applied patch from issue #138
Marcin Kuzminski <marcin@python-works.com>
parents: 1170
diff changeset
136 log.debug("No matching LDAP objects for authentication "
597bc7077f18 applied patch from issue #138
Marcin Kuzminski <marcin@python-works.com>
parents: 1170
diff changeset
137 "of '%s' (%s)", uid, username)
597bc7077f18 applied patch from issue #138
Marcin Kuzminski <marcin@python-works.com>
parents: 1170
diff changeset
138 raise LdapPasswordError()
991
b232a36cc51f Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents: 902
diff changeset
139
705
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
140 except ldap.NO_SUCH_OBJECT, e:
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
141 log.debug("LDAP says no such user '%s' (%s)", uid, username)
713
1bb0fcdec895 fixed #72 show warning on removal when user still is owner of existing repositories
Marcin Kuzminski <marcin@python-works.com>
parents: 705
diff changeset
142 raise LdapUsernameError()
705
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
143 except ldap.SERVER_DOWN, e:
1292
c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents: 1290
diff changeset
144 raise LdapConnectionError("LDAP can't access "
c0335c1dee36 added some fixes to LDAP form re-submition, new simples ldap-settings getter.
Marcin Kuzminski <marcin@python-works.com>
parents: 1290
diff changeset
145 "authentication server")
705
9e9f1b919c0c implements #60, ldap configuration and authentication.
Marcin Kuzminski <marcin@python-works.com>
parents: 701
diff changeset
146
991
b232a36cc51f Improve LDAP authentication
Thayne Harbaugh <thayne@fusionio.com>
parents: 902
diff changeset
147 return (dn, attrs)