Mercurial > kallithea
comparison rhodecode/model/forms.py @ 991:b232a36cc51f issue-108
Improve LDAP authentication
* Adds an LDAP filter for locating the LDAP object
* Adds a search scope policy when using the Base DN
* Adds option required certificate policy when using LDAPS
* Adds attribute mapping for username, firstname, lastname, email
* Initializes rhodecode user using LDAP info (no longer uses "@ldap")
* Remembers the user object (DN) in the user table
* Updates admin interfaces
* Authenticates against actual user objects in LDAP
* Possibly other things.
Really, this should be extended to a list of LDAP configurations, but this is a good start.
author | Thayne Harbaugh <thayne@fusionio.com> |
---|---|
date | Thu, 03 Feb 2011 16:34:40 -0700 |
parents | 2c8fd84935a4 |
children | d2a840b29858 |
comparison
equal
deleted
inserted
replaced
990:7a1df0130533 | 991:b232a36cc51f |
---|---|
332 import ldap | 332 import ldap |
333 except ImportError: | 333 except ImportError: |
334 raise LdapImportError | 334 raise LdapImportError |
335 return value | 335 return value |
336 | 336 |
337 class BaseDnValidator(formencode.validators.FancyValidator): | 337 class AttrLoginValidator(formencode.validators.FancyValidator): |
338 | 338 |
339 def to_python(self, value, state): | 339 def to_python(self, value, state): |
340 | 340 |
341 try: | 341 if not value or not isinstance(value, (str, unicode)): |
342 value % {'user':'valid'} | 342 raise formencode.Invalid(_("The LDAP Login attribute of the CN must be specified " |
343 | 343 "- this is the name of the attribute that is equivalent to 'username'"), |
344 if value.find('%(user)s') == -1: | 344 value, state) |
345 raise formencode.Invalid(_("You need to specify %(user)s in " | |
346 "template for example uid=%(user)s " | |
347 ",dc=company...") , | |
348 value, state) | |
349 | |
350 except KeyError: | |
351 raise formencode.Invalid(_("Wrong template used, only %(user)s " | |
352 "is an valid entry") , | |
353 value, state) | |
354 | 345 |
355 return value | 346 return value |
356 | 347 |
357 #=============================================================================== | 348 #=============================================================================== |
358 # FORMS | 349 # FORMS |
519 default_create = OneOf(create_choices) | 510 default_create = OneOf(create_choices) |
520 | 511 |
521 return _DefaultPermissionsForm | 512 return _DefaultPermissionsForm |
522 | 513 |
523 | 514 |
524 def LdapSettingsForm(): | 515 def LdapSettingsForm(tls_reqcert_choices, search_scope_choices): |
525 class _LdapSettingsForm(formencode.Schema): | 516 class _LdapSettingsForm(formencode.Schema): |
526 allow_extra_fields = True | 517 allow_extra_fields = True |
527 filter_extra_fields = True | 518 filter_extra_fields = True |
528 pre_validators = [LdapLibValidator] | 519 pre_validators = [LdapLibValidator] |
529 ldap_active = StringBoolean(if_missing=False) | 520 ldap_active = StringBoolean(if_missing=False) |
530 ldap_host = UnicodeString(strip=True,) | 521 ldap_host = UnicodeString(strip=True,) |
531 ldap_port = Number(strip=True,) | 522 ldap_port = Number(strip=True,) |
532 ldap_ldaps = StringBoolean(if_missing=False) | 523 ldap_ldaps = StringBoolean(if_missing=False) |
524 ldap_tls_reqcert = OneOf(tls_reqcert_choices) | |
533 ldap_dn_user = UnicodeString(strip=True,) | 525 ldap_dn_user = UnicodeString(strip=True,) |
534 ldap_dn_pass = UnicodeString(strip=True,) | 526 ldap_dn_pass = UnicodeString(strip=True,) |
535 ldap_base_dn = All(BaseDnValidator, UnicodeString(strip=True,)) | 527 ldap_base_dn = UnicodeString(strip=True,) |
528 ldap_filter = UnicodeString(strip=True,) | |
529 ldap_search_scope = OneOf(search_scope_choices) | |
530 ldap_attr_login = All(AttrLoginValidator, UnicodeString(strip=True,)) | |
531 ldap_attr_firstname = UnicodeString(strip=True,) | |
532 ldap_attr_lastname = UnicodeString(strip=True,) | |
533 ldap_attr_email = UnicodeString(strip=True,) | |
536 | 534 |
537 return _LdapSettingsForm | 535 return _LdapSettingsForm |