Mercurial > kallithea

comparison rhodecode/lib/auth_ldap.py @ 701:6602bf1c5546 beta

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
ldap two phase auth fix
author Marcin Kuzminski <marcin@python-works.com>
date Tue, 16 Nov 2010 15:52:20 +0100
parents 07fd56c36bfe
children 9e9f1b919c0c
comparison
equal deleted inserted replaced
700:07fd56c36bfe 701:6602bf1c5546
23 class UsernameError(Exception):pass 23 class UsernameError(Exception):pass
24 class PasswordError(Exception):pass 24 class PasswordError(Exception):pass
25 25
26 LDAP_USE_LDAPS = False 26 LDAP_USE_LDAPS = False
27 ldap_server_type = 'ldap' 27 ldap_server_type = 'ldap'
28 LDAP_SERVER_ADDRESS = '192.168.2.56' 28 LDAP_SERVER_ADDRESS = 'myldap.com'
29 LDAP_SERVER_PORT = '389' 29 LDAP_SERVER_PORT = '389'
30 30
31 #USE FOR READ ONLY BIND TO LDAP SERVER
31 LDAP_BIND_DN = '' 32 LDAP_BIND_DN = ''
32 LDAP_BIND_PASS = '' 33 LDAP_BIND_PASS = ''
33 34
34 if LDAP_USE_LDAPS:ldap_server_type = ldap_server_type + 's' 35 if LDAP_USE_LDAPS:ldap_server_type = ldap_server_type + 's'
35 LDAP_SERVER = "%s://%s:%s" % (ldap_server_type, 36 LDAP_SERVER = "%s://%s:%s" % (ldap_server_type,
36 LDAP_SERVER_ADDRESS, 37 LDAP_SERVER_ADDRESS,
37 LDAP_SERVER_PORT) 38 LDAP_SERVER_PORT)
38 39
39 BASE_DN = "ou=people,dc=server,dc=com" 40 BASE_DN = "ou=people,dc=server,dc=com"
41 AUTH_DN = "uid=%s,%s"
40 42
41 def authenticate_ldap(username, password): 43 def authenticate_ldap(username, password):
42 """Authenticate a user via LDAP and return his/her LDAP properties. 44 """Authenticate a user via LDAP and return his/her LDAP properties.
43 45
44 Raises AuthenticationError if the credentials are rejected, or 46 Raises AuthenticationError if the credentials are rejected, or
50 raise Exception('Could not import ldap make sure You install python-ldap') 52 raise Exception('Could not import ldap make sure You install python-ldap')
51 53
52 from rhodecode.lib.helpers import chop_at 54 from rhodecode.lib.helpers import chop_at
53 55
54 uid = chop_at(username, "@%s" % LDAP_SERVER_ADDRESS) 56 uid = chop_at(username, "@%s" % LDAP_SERVER_ADDRESS)
55 dn = "uid=%s,%s" % (uid, BASE_DN) 57 dn = AUTH_DN % (uid, BASE_DN)
56 log.debug("Authenticating %r at %s", dn, LDAP_SERVER) 58 log.debug("Authenticating %r at %s", dn, LDAP_SERVER)
57 if "," in username: 59 if "," in username:
58 raise UsernameError("invalid character in username: ,") 60 raise UsernameError("invalid character in username: ,")
59 try: 61 try:
60 #ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/etc/openldap/cacerts') 62 #ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/etc/openldap/cacerts')
61 server = ldap.initialize(LDAP_SERVER) 63 server = ldap.initialize(LDAP_SERVER)
62 server.protocol = ldap.VERSION3 64 server.protocol = ldap.VERSION3
65
66 if LDAP_BIND_DN and LDAP_BIND_PASS:
67 server.simple_bind_s(AUTH_DN % (LDAP_BIND_DN,
68 LDAP_BIND_PASS),
69 password)
70
63 server.simple_bind_s(dn, password) 71 server.simple_bind_s(dn, password)
64 properties = server.search_s(dn, ldap.SCOPE_SUBTREE) 72 properties = server.search_s(dn, ldap.SCOPE_SUBTREE)
65 if not properties: 73 if not properties:
66 raise ldap.NO_SUCH_OBJECT() 74 raise ldap.NO_SUCH_OBJECT()
67 except ldap.NO_SUCH_OBJECT, e: 75 except ldap.NO_SUCH_OBJECT, e: