Mercurial > kallithea

comparison rhodecode/lib/auth_ldap.py @ 713:1bb0fcdec895 beta

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fixed #72 show warning on removal when user still is owner of existing repositories cleaned up exceptions
author Marcin Kuzminski <marcin@python-works.com>
date Thu, 18 Nov 2010 03:29:23 +0100
parents 9e9f1b919c0c
children 554ed64953ff
comparison
equal deleted inserted replaced
712:131c1e335fa7 713:1bb0fcdec895
1 #============================================================================== 1 #!/usr/bin/env python
2 # LDAP 2 # encoding: utf-8
3 #Name = Just a description for the auth modes page 3 # ldap authentication lib
4 #Host = DepartmentName.OrganizationName.local/ IP 4 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
5 #Port = 389 default for ldap 5 #
6 #LDAPS = no set True if You need to use ldaps 6 # This program is free software; you can redistribute it and/or
7 #Account = DepartmentName\UserName (or UserName@MyDomain depending on AD server) 7 # modify it under the terms of the GNU General Public License
8 #Password = <password> 8 # as published by the Free Software Foundation; version 2
9 #Base DN = DC=DepartmentName,DC=OrganizationName,DC=local 9 # of the License or (at your opinion) any later version of the license.
10 #
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
15 #
16 # You should have received a copy of the GNU General Public License
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
19 # MA 02110-1301, USA.
20 """
21 Created on Nov 17, 2010
10 22
11 #============================================================================== 23 @author: marcink
24 """
12 25
13 from rhodecode.lib.exceptions import LdapImportError, UsernameError, \ 26 from rhodecode.lib.exceptions import *
14 PasswordError, ConnectionError
15 import logging 27 import logging
16 28
17 log = logging.getLogger(__name__) 29 log = logging.getLogger(__name__)
18 30
19 try: 31 try:
59 71
60 uid = chop_at(username, "@%s" % self.LDAP_SERVER_ADDRESS) 72 uid = chop_at(username, "@%s" % self.LDAP_SERVER_ADDRESS)
61 dn = self.AUTH_DN % (uid, self.BASE_DN) 73 dn = self.AUTH_DN % (uid, self.BASE_DN)
62 log.debug("Authenticating %r at %s", dn, self.LDAP_SERVER) 74 log.debug("Authenticating %r at %s", dn, self.LDAP_SERVER)
63 if "," in username: 75 if "," in username:
64 raise UsernameError("invalid character in username: ,") 76 raise LdapUsernameError("invalid character in username: ,")
65 try: 77 try:
66 ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/etc/openldap/cacerts') 78 ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/etc/openldap/cacerts')
67 ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 10) 79 ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 10)
68 server = ldap.initialize(self.LDAP_SERVER) 80 server = ldap.initialize(self.LDAP_SERVER)
69 if self.ldap_version == 2: 81 if self.ldap_version == 2:
80 properties = server.search_s(dn, ldap.SCOPE_SUBTREE) 92 properties = server.search_s(dn, ldap.SCOPE_SUBTREE)
81 if not properties: 93 if not properties:
82 raise ldap.NO_SUCH_OBJECT() 94 raise ldap.NO_SUCH_OBJECT()
83 except ldap.NO_SUCH_OBJECT, e: 95 except ldap.NO_SUCH_OBJECT, e:
84 log.debug("LDAP says no such user '%s' (%s)", uid, username) 96 log.debug("LDAP says no such user '%s' (%s)", uid, username)
85 raise UsernameError() 97 raise LdapUsernameError()
86 except ldap.INVALID_CREDENTIALS, e: 98 except ldap.INVALID_CREDENTIALS, e:
87 log.debug("LDAP rejected password for user '%s' (%s)", uid, username) 99 log.debug("LDAP rejected password for user '%s' (%s)", uid, username)
88 raise PasswordError() 100 raise LdapPasswordError()
89 except ldap.SERVER_DOWN, e: 101 except ldap.SERVER_DOWN, e:
90 raise ConnectionError("LDAP can't access authentication server") 102 raise LdapConnectionError("LDAP can't access authentication server")
91 103
92 return properties[0] 104 return properties[0]
93 105