Mercurial > kallithea
changeset 701:6602bf1c5546 beta
ldap two phase auth fix
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Tue, 16 Nov 2010 15:52:20 +0100 |
| parents | 07fd56c36bfe |
| children | a9158dfa05cc |
| files | rhodecode/lib/auth_ldap.py |
| diffstat | 1 files changed, 10 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/rhodecode/lib/auth_ldap.py Tue Nov 16 09:31:40 2010 +0100 +++ b/rhodecode/lib/auth_ldap.py Tue Nov 16 15:52:20 2010 +0100 @@ -25,9 +25,10 @@ LDAP_USE_LDAPS = False ldap_server_type = 'ldap' -LDAP_SERVER_ADDRESS = '192.168.2.56' +LDAP_SERVER_ADDRESS = 'myldap.com' LDAP_SERVER_PORT = '389' +#USE FOR READ ONLY BIND TO LDAP SERVER LDAP_BIND_DN = '' LDAP_BIND_PASS = '' @@ -37,6 +38,7 @@ LDAP_SERVER_PORT) BASE_DN = "ou=people,dc=server,dc=com" +AUTH_DN = "uid=%s,%s" def authenticate_ldap(username, password): """Authenticate a user via LDAP and return his/her LDAP properties. @@ -52,7 +54,7 @@ from rhodecode.lib.helpers import chop_at uid = chop_at(username, "@%s" % LDAP_SERVER_ADDRESS) - dn = "uid=%s,%s" % (uid, BASE_DN) + dn = AUTH_DN % (uid, BASE_DN) log.debug("Authenticating %r at %s", dn, LDAP_SERVER) if "," in username: raise UsernameError("invalid character in username: ,") @@ -60,6 +62,12 @@ #ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/etc/openldap/cacerts') server = ldap.initialize(LDAP_SERVER) server.protocol = ldap.VERSION3 + + if LDAP_BIND_DN and LDAP_BIND_PASS: + server.simple_bind_s(AUTH_DN % (LDAP_BIND_DN, + LDAP_BIND_PASS), + password) + server.simple_bind_s(dn, password) properties = server.search_s(dn, ldap.SCOPE_SUBTREE) if not properties: