Mercurial > kallithea

comparison rhodecode/model/forms.py @ 991:b232a36cc51f issue-108

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Improve LDAP authentication * Adds an LDAP filter for locating the LDAP object * Adds a search scope policy when using the Base DN * Adds option required certificate policy when using LDAPS * Adds attribute mapping for username, firstname, lastname, email * Initializes rhodecode user using LDAP info (no longer uses "@ldap") * Remembers the user object (DN) in the user table * Updates admin interfaces * Authenticates against actual user objects in LDAP * Possibly other things. Really, this should be extended to a list of LDAP configurations, but this is a good start.
author Thayne Harbaugh <thayne@fusionio.com>
date Thu, 03 Feb 2011 16:34:40 -0700
parents 2c8fd84935a4
children d2a840b29858
comparison
equal deleted inserted replaced
990:7a1df0130533 991:b232a36cc51f
332 import ldap 332 import ldap
333 except ImportError: 333 except ImportError:
334 raise LdapImportError 334 raise LdapImportError
335 return value 335 return value
336 336
337 class BaseDnValidator(formencode.validators.FancyValidator): 337 class AttrLoginValidator(formencode.validators.FancyValidator):
338 338
339 def to_python(self, value, state): 339 def to_python(self, value, state):
340 340
341 try: 341 if not value or not isinstance(value, (str, unicode)):
342 value % {'user':'valid'} 342 raise formencode.Invalid(_("The LDAP Login attribute of the CN must be specified "
343 343 "- this is the name of the attribute that is equivalent to 'username'"),
344 if value.find('%(user)s') == -1: 344 value, state)
345 raise formencode.Invalid(_("You need to specify %(user)s in "
346 "template for example uid=%(user)s "
347 ",dc=company...") ,
348 value, state)
349
350 except KeyError:
351 raise formencode.Invalid(_("Wrong template used, only %(user)s "
352 "is an valid entry") ,
353 value, state)
354 345
355 return value 346 return value
356 347
357 #=============================================================================== 348 #===============================================================================
358 # FORMS 349 # FORMS
519 default_create = OneOf(create_choices) 510 default_create = OneOf(create_choices)
520 511
521 return _DefaultPermissionsForm 512 return _DefaultPermissionsForm
522 513
523 514
524 def LdapSettingsForm(): 515 def LdapSettingsForm(tls_reqcert_choices, search_scope_choices):
525 class _LdapSettingsForm(formencode.Schema): 516 class _LdapSettingsForm(formencode.Schema):
526 allow_extra_fields = True 517 allow_extra_fields = True
527 filter_extra_fields = True 518 filter_extra_fields = True
528 pre_validators = [LdapLibValidator] 519 pre_validators = [LdapLibValidator]
529 ldap_active = StringBoolean(if_missing=False) 520 ldap_active = StringBoolean(if_missing=False)
530 ldap_host = UnicodeString(strip=True,) 521 ldap_host = UnicodeString(strip=True,)
531 ldap_port = Number(strip=True,) 522 ldap_port = Number(strip=True,)
532 ldap_ldaps = StringBoolean(if_missing=False) 523 ldap_ldaps = StringBoolean(if_missing=False)
524 ldap_tls_reqcert = OneOf(tls_reqcert_choices)
533 ldap_dn_user = UnicodeString(strip=True,) 525 ldap_dn_user = UnicodeString(strip=True,)
534 ldap_dn_pass = UnicodeString(strip=True,) 526 ldap_dn_pass = UnicodeString(strip=True,)
535 ldap_base_dn = All(BaseDnValidator, UnicodeString(strip=True,)) 527 ldap_base_dn = UnicodeString(strip=True,)
528 ldap_filter = UnicodeString(strip=True,)
529 ldap_search_scope = OneOf(search_scope_choices)
530 ldap_attr_login = All(AttrLoginValidator, UnicodeString(strip=True,))
531 ldap_attr_firstname = UnicodeString(strip=True,)
532 ldap_attr_lastname = UnicodeString(strip=True,)
533 ldap_attr_email = UnicodeString(strip=True,)
536 534
537 return _LdapSettingsForm 535 return _LdapSettingsForm