Mercurial > kallithea
comparison rhodecode/model/user.py @ 991:b232a36cc51f issue-108
Improve LDAP authentication
* Adds an LDAP filter for locating the LDAP object
* Adds a search scope policy when using the Base DN
* Adds option required certificate policy when using LDAPS
* Adds attribute mapping for username, firstname, lastname, email
* Initializes rhodecode user using LDAP info (no longer uses "@ldap")
* Remembers the user object (DN) in the user table
* Updates admin interfaces
* Authenticates against actual user objects in LDAP
* Possibly other things.
Really, this should be extended to a list of LDAP configurations, but this is a good start.
author | Thayne Harbaugh <thayne@fusionio.com> |
---|---|
date | Thu, 03 Feb 2011 16:34:40 -0700 |
parents | 83d35d716a02 |
children | 716911af91e1 |
comparison
equal
deleted
inserted
replaced
990:7a1df0130533 | 991:b232a36cc51f |
---|---|
73 except: | 73 except: |
74 log.error(traceback.format_exc()) | 74 log.error(traceback.format_exc()) |
75 self.sa.rollback() | 75 self.sa.rollback() |
76 raise | 76 raise |
77 | 77 |
78 def create_ldap(self, username, password): | 78 def create_ldap(self, username, password, user_dn, attrs): |
79 """ | 79 """ |
80 Checks if user is in database, if not creates this user marked | 80 Checks if user is in database, if not creates this user marked |
81 as ldap user | 81 as ldap user |
82 :param username: | 82 :param username: |
83 :param password: | 83 :param password: |
84 :param user_dn: | |
85 :param attrs: | |
84 """ | 86 """ |
85 from rhodecode.lib.auth import get_crypt_password | 87 from rhodecode.lib.auth import get_crypt_password |
86 log.debug('Checking for such ldap account in RhodeCode database') | 88 log.debug('Checking for such ldap account in RhodeCode database') |
87 if self.get_by_username(username, case_insensitive=True) is None: | 89 if self.get_by_username(username, case_insensitive=True) is None: |
88 try: | 90 try: |
89 new_user = User() | 91 new_user = User() |
90 new_user.username = username.lower()#add ldap account always lowercase | 92 new_user.username = username.lower() # add ldap account always lowercase |
91 new_user.password = get_crypt_password(password) | 93 new_user.password = get_crypt_password(password) |
92 new_user.email = '%s@ldap.server' % username | 94 new_user.email = attrs['email'] |
93 new_user.active = True | 95 new_user.active = True |
94 new_user.is_ldap = True | 96 new_user.ldap_dn = user_dn |
95 new_user.name = '%s@ldap' % username | 97 new_user.name = attrs['name'] |
96 new_user.lastname = '' | 98 new_user.lastname = attrs['lastname'] |
97 | 99 |
98 | 100 |
99 self.sa.add(new_user) | 101 self.sa.add(new_user) |
100 self.sa.commit() | 102 self.sa.commit() |
101 return True | 103 return True |