# HG changeset patch
# User Marcin Kuzminski <marcin@python-works.com>
# Date 1289919140 -3600
# Node ID 6602bf1c5546f9afd86479a0667ca8992974deaf
# Parent  07fd56c36bfee25e696c2612d724082611daa874
ldap two phase auth fix

diff -r 07fd56c36bfe -r 6602bf1c5546 rhodecode/lib/auth_ldap.py
--- a/rhodecode/lib/auth_ldap.py	Tue Nov 16 09:31:40 2010 +0100
+++ b/rhodecode/lib/auth_ldap.py	Tue Nov 16 15:52:20 2010 +0100
@@ -25,9 +25,10 @@
 
 LDAP_USE_LDAPS = False
 ldap_server_type = 'ldap'
-LDAP_SERVER_ADDRESS = '192.168.2.56'
+LDAP_SERVER_ADDRESS = 'myldap.com'
 LDAP_SERVER_PORT = '389'
 
+#USE FOR READ ONLY BIND TO LDAP SERVER
 LDAP_BIND_DN = ''
 LDAP_BIND_PASS = ''
 
@@ -37,6 +38,7 @@
                                        LDAP_SERVER_PORT)
 
 BASE_DN = "ou=people,dc=server,dc=com"
+AUTH_DN = "uid=%s,%s"
 
 def authenticate_ldap(username, password):
     """Authenticate a user via LDAP and return his/her LDAP properties.
@@ -52,7 +54,7 @@
     from rhodecode.lib.helpers import chop_at
 
     uid = chop_at(username, "@%s" % LDAP_SERVER_ADDRESS)
-    dn = "uid=%s,%s" % (uid, BASE_DN)
+    dn = AUTH_DN % (uid, BASE_DN)
     log.debug("Authenticating %r at %s", dn, LDAP_SERVER)
     if "," in username:
         raise UsernameError("invalid character in username: ,")
@@ -60,6 +62,12 @@
         #ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/etc/openldap/cacerts')
         server = ldap.initialize(LDAP_SERVER)
         server.protocol = ldap.VERSION3
+        
+        if LDAP_BIND_DN and LDAP_BIND_PASS:
+            server.simple_bind_s(AUTH_DN % (LDAP_BIND_DN,
+                                            LDAP_BIND_PASS),
+                                            password)
+        
         server.simple_bind_s(dn, password)
         properties = server.search_s(dn, ldap.SCOPE_SUBTREE)
         if not properties: