Mercurial > kallithea

diff rhodecode/lib/auth.py @ 991:b232a36cc51f issue-108

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Improve LDAP authentication * Adds an LDAP filter for locating the LDAP object * Adds a search scope policy when using the Base DN * Adds option required certificate policy when using LDAPS * Adds attribute mapping for username, firstname, lastname, email * Initializes rhodecode user using LDAP info (no longer uses "@ldap") * Remembers the user object (DN) in the user table * Updates admin interfaces * Authenticates against actual user objects in LDAP * Possibly other things. Really, this should be extended to a list of LDAP configurations, but this is a good start.
author Thayne Harbaugh <thayne@fusionio.com>
date Thu, 03 Feb 2011 16:34:40 -0700
parents 62c04c5cc971
children 3790279d2538
line wrap: on
line diff
--- a/rhodecode/lib/auth.py	Tue Feb 01 15:19:42 2011 +0100
+++ b/rhodecode/lib/auth.py	Thu Feb 03 16:34:40 2011 -0700
@@ -103,7 +103,7 @@
     user = user_model.get_by_username(username, cache=False)
 
     log.debug('Authenticating user using RhodeCode account')
-    if user is not None and user.is_ldap is False:
+    if user is not None and not user.ldap_dn:
         if user.active:
 
             if user.username == 'default' and user.active:
@@ -122,7 +122,7 @@
         user_obj = user_model.get_by_username(username, cache=False,
                                             case_insensitive=True)
 
-        if user_obj is not None and user_obj.is_ldap is False:
+        if user_obj is not None and not user_obj.ldap_dn:
             log.debug('this user already exists as non ldap')
             return False
 
@@ -141,15 +141,25 @@
                   'bind_dn':ldap_settings.get('ldap_dn_user'),
                   'bind_pass':ldap_settings.get('ldap_dn_pass'),
                   'use_ldaps':ldap_settings.get('ldap_ldaps'),
+                  'tls_reqcert':ldap_settings.get('ldap_tls_reqcert'),
+                  'ldap_filter':ldap_settings.get('ldap_filter'),
+                  'search_scope':ldap_settings.get('ldap_search_scope'),
+                  'attr_login':ldap_settings.get('ldap_attr_login'),
                   'ldap_version':3,
                   }
             log.debug('Checking for ldap authentication')
             try:
                 aldap = AuthLdap(**kwargs)
-                res = aldap.authenticate_ldap(username, password)
-                log.debug('Got ldap response %s', res)
+                (user_dn, ldap_attrs) = aldap.authenticate_ldap(username, password)
+                log.debug('Got ldap DN response %s', user_dn)
 
-                if user_model.create_ldap(username, password):
+                user_attrs = {
+                    'name'     : ldap_attrs[ldap_settings.get('ldap_attr_firstname')][0],
+                    'lastname' : ldap_attrs[ldap_settings.get('ldap_attr_lastname')][0],
+                    'email'    : ldap_attrs[ldap_settings.get('ldap_attr_email')][0],
+                    }
+
+                if user_model.create_ldap(username, password, user_dn, user_attrs):
                     log.info('created new ldap user')
 
                 return True