Mercurial > kallithea
changeset 6270:a00a58323729
auth: refactor LDAP authentication - make it more clear in program flow when authentication is accepted
| author | Mads Kiilerich <madski@unity3d.com> |
|---|---|
| date | Mon, 24 Oct 2016 15:18:51 +0200 |
| parents | c073c723e264 |
| children | 5e5496d63785 |
| files | kallithea/lib/auth_modules/auth_ldap.py |
| diffstat | 1 files changed, 10 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/lib/auth_modules/auth_ldap.py Mon Oct 24 15:18:51 2016 +0200 +++ b/kallithea/lib/auth_modules/auth_ldap.py Mon Oct 24 15:18:51 2016 +0200 @@ -148,18 +148,21 @@ try: log.debug('Trying simple bind with %s', dn) server.simple_bind_s(dn, safe_str(password)) - attrs = server.search_ext_s(dn, ldap.SCOPE_BASE, - '(objectClass=*)')[0][1] - break + results = server.search_ext_s(dn, ldap.SCOPE_BASE, + '(objectClass=*)') + if len(results) == 1: + dn_, attrs = results[0] + assert dn_ == dn + return dn, attrs except ldap.INVALID_CREDENTIALS: log.debug("LDAP rejected password for user '%s' (%s): %s", uid, username, dn) + continue # accept authentication as another ldap user with same username - else: - log.debug("No matching LDAP objects for authentication " - "of '%s' (%s)", uid, username) - raise LdapPasswordError() + log.debug("No matching LDAP objects for authentication " + "of '%s' (%s)", uid, username) + raise LdapPasswordError() except ldap.NO_SUCH_OBJECT: log.debug("LDAP says no such user '%s' (%s)", uid, username) @@ -167,8 +170,6 @@ except ldap.SERVER_DOWN: raise LdapConnectionError("LDAP can't access authentication server") - return dn, attrs - class KallitheaAuthPlugin(auth_modules.KallitheaExternalAuthPlugin): def __init__(self):