Mercurial > kallithea
comparison rhodecode/model/user.py @ 991:b232a36cc51f issue-108
Improve LDAP authentication
* Adds an LDAP filter for locating the LDAP object
* Adds a search scope policy when using the Base DN
* Adds option required certificate policy when using LDAPS
* Adds attribute mapping for username, firstname, lastname, email
* Initializes rhodecode user using LDAP info (no longer uses "@ldap")
* Remembers the user object (DN) in the user table
* Updates admin interfaces
* Authenticates against actual user objects in LDAP
* Possibly other things.
Really, this should be extended to a list of LDAP configurations, but this is a good start.
| author | Thayne Harbaugh <thayne@fusionio.com> |
|---|---|
| date | Thu, 03 Feb 2011 16:34:40 -0700 |
| parents | 83d35d716a02 |
| children | 716911af91e1 |
comparison
equal
deleted
inserted
replaced
| 990:7a1df0130533 | 991:b232a36cc51f |
|---|---|
| 73 except: | 73 except: |
| 74 log.error(traceback.format_exc()) | 74 log.error(traceback.format_exc()) |
| 75 self.sa.rollback() | 75 self.sa.rollback() |
| 76 raise | 76 raise |
| 77 | 77 |
| 78 def create_ldap(self, username, password): | 78 def create_ldap(self, username, password, user_dn, attrs): |
| 79 """ | 79 """ |
| 80 Checks if user is in database, if not creates this user marked | 80 Checks if user is in database, if not creates this user marked |
| 81 as ldap user | 81 as ldap user |
| 82 :param username: | 82 :param username: |
| 83 :param password: | 83 :param password: |
| 84 :param user_dn: | |
| 85 :param attrs: | |
| 84 """ | 86 """ |
| 85 from rhodecode.lib.auth import get_crypt_password | 87 from rhodecode.lib.auth import get_crypt_password |
| 86 log.debug('Checking for such ldap account in RhodeCode database') | 88 log.debug('Checking for such ldap account in RhodeCode database') |
| 87 if self.get_by_username(username, case_insensitive=True) is None: | 89 if self.get_by_username(username, case_insensitive=True) is None: |
| 88 try: | 90 try: |
| 89 new_user = User() | 91 new_user = User() |
| 90 new_user.username = username.lower()#add ldap account always lowercase | 92 new_user.username = username.lower() # add ldap account always lowercase |
| 91 new_user.password = get_crypt_password(password) | 93 new_user.password = get_crypt_password(password) |
| 92 new_user.email = '%s@ldap.server' % username | 94 new_user.email = attrs['email'] |
| 93 new_user.active = True | 95 new_user.active = True |
| 94 new_user.is_ldap = True | 96 new_user.ldap_dn = user_dn |
| 95 new_user.name = '%s@ldap' % username | 97 new_user.name = attrs['name'] |
| 96 new_user.lastname = '' | 98 new_user.lastname = attrs['lastname'] |
| 97 | 99 |
| 98 | 100 |
| 99 self.sa.add(new_user) | 101 self.sa.add(new_user) |
| 100 self.sa.commit() | 102 self.sa.commit() |
| 101 return True | 103 return True |