Mercurial > kallithea
comparison rhodecode/lib/auth_ldap.py @ 713:1bb0fcdec895 beta
fixed #72 show warning on removal when user still is owner of existing repositories
cleaned up exceptions
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Thu, 18 Nov 2010 03:29:23 +0100 |
parents | 9e9f1b919c0c |
children | 554ed64953ff |
comparison
equal
deleted
inserted
replaced
712:131c1e335fa7 | 713:1bb0fcdec895 |
---|---|
1 #============================================================================== | 1 #!/usr/bin/env python |
2 # LDAP | 2 # encoding: utf-8 |
3 #Name = Just a description for the auth modes page | 3 # ldap authentication lib |
4 #Host = DepartmentName.OrganizationName.local/ IP | 4 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com> |
5 #Port = 389 default for ldap | 5 # |
6 #LDAPS = no set True if You need to use ldaps | 6 # This program is free software; you can redistribute it and/or |
7 #Account = DepartmentName\UserName (or UserName@MyDomain depending on AD server) | 7 # modify it under the terms of the GNU General Public License |
8 #Password = <password> | 8 # as published by the Free Software Foundation; version 2 |
9 #Base DN = DC=DepartmentName,DC=OrganizationName,DC=local | 9 # of the License or (at your opinion) any later version of the license. |
10 # | |
11 # This program is distributed in the hope that it will be useful, | |
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 # GNU General Public License for more details. | |
15 # | |
16 # You should have received a copy of the GNU General Public License | |
17 # along with this program; if not, write to the Free Software | |
18 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, | |
19 # MA 02110-1301, USA. | |
20 """ | |
21 Created on Nov 17, 2010 | |
10 | 22 |
11 #============================================================================== | 23 @author: marcink |
24 """ | |
12 | 25 |
13 from rhodecode.lib.exceptions import LdapImportError, UsernameError, \ | 26 from rhodecode.lib.exceptions import * |
14 PasswordError, ConnectionError | |
15 import logging | 27 import logging |
16 | 28 |
17 log = logging.getLogger(__name__) | 29 log = logging.getLogger(__name__) |
18 | 30 |
19 try: | 31 try: |
59 | 71 |
60 uid = chop_at(username, "@%s" % self.LDAP_SERVER_ADDRESS) | 72 uid = chop_at(username, "@%s" % self.LDAP_SERVER_ADDRESS) |
61 dn = self.AUTH_DN % (uid, self.BASE_DN) | 73 dn = self.AUTH_DN % (uid, self.BASE_DN) |
62 log.debug("Authenticating %r at %s", dn, self.LDAP_SERVER) | 74 log.debug("Authenticating %r at %s", dn, self.LDAP_SERVER) |
63 if "," in username: | 75 if "," in username: |
64 raise UsernameError("invalid character in username: ,") | 76 raise LdapUsernameError("invalid character in username: ,") |
65 try: | 77 try: |
66 ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/etc/openldap/cacerts') | 78 ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/etc/openldap/cacerts') |
67 ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 10) | 79 ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 10) |
68 server = ldap.initialize(self.LDAP_SERVER) | 80 server = ldap.initialize(self.LDAP_SERVER) |
69 if self.ldap_version == 2: | 81 if self.ldap_version == 2: |
80 properties = server.search_s(dn, ldap.SCOPE_SUBTREE) | 92 properties = server.search_s(dn, ldap.SCOPE_SUBTREE) |
81 if not properties: | 93 if not properties: |
82 raise ldap.NO_SUCH_OBJECT() | 94 raise ldap.NO_SUCH_OBJECT() |
83 except ldap.NO_SUCH_OBJECT, e: | 95 except ldap.NO_SUCH_OBJECT, e: |
84 log.debug("LDAP says no such user '%s' (%s)", uid, username) | 96 log.debug("LDAP says no such user '%s' (%s)", uid, username) |
85 raise UsernameError() | 97 raise LdapUsernameError() |
86 except ldap.INVALID_CREDENTIALS, e: | 98 except ldap.INVALID_CREDENTIALS, e: |
87 log.debug("LDAP rejected password for user '%s' (%s)", uid, username) | 99 log.debug("LDAP rejected password for user '%s' (%s)", uid, username) |
88 raise PasswordError() | 100 raise LdapPasswordError() |
89 except ldap.SERVER_DOWN, e: | 101 except ldap.SERVER_DOWN, e: |
90 raise ConnectionError("LDAP can't access authentication server") | 102 raise LdapConnectionError("LDAP can't access authentication server") |
91 | 103 |
92 return properties[0] | 104 return properties[0] |
93 | 105 |