Mercurial > kallithea

changeset 700:07fd56c36bfe beta

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
added basic ldap auth lib
author Marcin Kuzminski <marcin@python-works.com>
date Tue, 16 Nov 2010 09:31:40 +0100
parents 52da7cba88a6
children 6602bf1c5546
files rhodecode/lib/auth_ldap.py
diffstat 1 files changed, 78 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/rhodecode/lib/auth_ldap.py	Tue Nov 16 09:31:40 2010 +0100
@@ -0,0 +1,78 @@
+import logging
+logging.basicConfig(level=logging.DEBUG)
+log = logging.getLogger('ldap')
+
+#==============================================================================
+# LDAP
+#Name     = Just a description for the auth modes page
+#Host     = DepartmentName.OrganizationName.local/ IP
+#Port     = 389 default for ldap
+#LDAPS    = no set True if You need to use ldaps
+#Account  = DepartmentName\UserName (or UserName@MyDomain depending on AD server)
+#Password = <password>
+#Base DN  = DC=DepartmentName,DC=OrganizationName,DC=local
+#
+#On-the-fly user creation = yes
+#Attributes
+#  Login     = sAMAccountName
+#  Firstname = givenName
+#  Lastname  = sN
+#  Email     = mail
+
+#==============================================================================
+class UsernameError(Exception):pass
+class PasswordError(Exception):pass
+
+LDAP_USE_LDAPS = False
+ldap_server_type = 'ldap'
+LDAP_SERVER_ADDRESS = '192.168.2.56'
+LDAP_SERVER_PORT = '389'
+
+LDAP_BIND_DN = ''
+LDAP_BIND_PASS = ''
+
+if LDAP_USE_LDAPS:ldap_server_type = ldap_server_type + 's'
+LDAP_SERVER = "%s://%s:%s" % (ldap_server_type,
+                                       LDAP_SERVER_ADDRESS,
+                                       LDAP_SERVER_PORT)
+
+BASE_DN = "ou=people,dc=server,dc=com"
+
+def authenticate_ldap(username, password):
+    """Authenticate a user via LDAP and return his/her LDAP properties.
+
+    Raises AuthenticationError if the credentials are rejected, or
+    EnvironmentError if the LDAP server can't be reached.
+    """
+    try:
+        import ldap
+    except ImportError:
+        raise Exception('Could not import ldap make sure You install python-ldap')
+
+    from rhodecode.lib.helpers import chop_at
+
+    uid = chop_at(username, "@%s" % LDAP_SERVER_ADDRESS)
+    dn = "uid=%s,%s" % (uid, BASE_DN)
+    log.debug("Authenticating %r at %s", dn, LDAP_SERVER)
+    if "," in username:
+        raise UsernameError("invalid character in username: ,")
+    try:
+        #ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/etc/openldap/cacerts')
+        server = ldap.initialize(LDAP_SERVER)
+        server.protocol = ldap.VERSION3
+        server.simple_bind_s(dn, password)
+        properties = server.search_s(dn, ldap.SCOPE_SUBTREE)
+        if not properties:
+            raise ldap.NO_SUCH_OBJECT()
+    except ldap.NO_SUCH_OBJECT, e:
+        log.debug("LDAP says no such user '%s' (%s)", uid, username)
+        raise UsernameError()
+    except ldap.INVALID_CREDENTIALS, e:
+        log.debug("LDAP rejected password for user '%s' (%s)", uid, username)
+        raise PasswordError()
+    except ldap.SERVER_DOWN, e:
+        raise EnvironmentError("can't access authentication server")
+    return properties
+
+
+print authenticate_ldap('test', 'test')