mirror of
https://github.com/kakwa/ldapcherry
synced 2024-11-22 01:14:21 +01:00
begin ldap backend implementation
This commit is contained in:
parent
fc188df49e
commit
1020c454d0
@ -75,6 +75,9 @@ ldap.uri = 'ldaps://ldap.ldapcherry.org'
|
||||
ldap.ca = '/etc/dnscherry/TEST-cacert.pem'
|
||||
ldap.starttls = 'on'
|
||||
ldap.checkcert = 'off'
|
||||
ldap.user.filter.tmpl = '(uid=%(username)s)'
|
||||
ldap.group.filter.tmpl = '(member=%(userdn)s)'
|
||||
|
||||
|
||||
ad.module = 'ldapcherry.backend.samba4'
|
||||
ad.auth = 'Administrator'
|
||||
|
@ -10,11 +10,14 @@ class Backend:
|
||||
def __init__(self):
|
||||
pass
|
||||
|
||||
def add_group(self):
|
||||
def auth(self):
|
||||
pass
|
||||
|
||||
def add_to_group(self):
|
||||
pass
|
||||
|
||||
def set_attr(self):
|
||||
pass
|
||||
|
||||
def rm_group(self):
|
||||
def rm_from_group(self):
|
||||
pass
|
||||
|
@ -5,9 +5,99 @@
|
||||
# LdapCherry
|
||||
# Copyright (c) 2014 Carpentier Pierre-Francois
|
||||
|
||||
import cherrypy
|
||||
import ldap
|
||||
import logging
|
||||
import ldapcherry.backend
|
||||
|
||||
class Backend(ldapcherry.backend.Backend):
|
||||
|
||||
def __init__(self, config, logger):
|
||||
self.config = config
|
||||
|
||||
def auth(self, username, password):
|
||||
|
||||
binddn = get_user(username)
|
||||
if binddn:
|
||||
ldap_client = self._connect()
|
||||
try:
|
||||
ldap_client.simple_bind_s(binddn, password)
|
||||
except ldap.INVALID_CREDENTIALS:
|
||||
ldap_client.unbind_s()
|
||||
return False
|
||||
ldap_client.unbind_s()
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
|
||||
def add_to_group(self):
|
||||
pass
|
||||
|
||||
def set_attrs(self, attrs):
|
||||
pass
|
||||
|
||||
def rm_from_group(self):
|
||||
pass
|
||||
|
||||
def add_user(self, username):
|
||||
pass
|
||||
|
||||
def del_user(self, username):
|
||||
pass
|
||||
|
||||
def get_user(self, username):
|
||||
ldap_client = self._connect()
|
||||
try:
|
||||
ldap_client.simple_bind_s(self.binddn, self.bindpassword)
|
||||
except ldap.INVALID_CREDENTIALS:
|
||||
self._logger(
|
||||
logging.ERROR,
|
||||
"Configuration error, wrong credentials, unable to connect to ldap with '" + self.binddn + "'"
|
||||
)
|
||||
raise cherrypy.HTTPError("500", "Configuration Error, contact administrator")
|
||||
except ldap.SERVER_DOWN:
|
||||
self._logger(
|
||||
logging.ERROR,
|
||||
"Unable to contact ldap server '" + self.uri + "', check 'auth.ldap.uri' and ssl/tls configuration"
|
||||
)
|
||||
return False
|
||||
|
||||
user_filter = self.config['user_filter_tmpl'] % {
|
||||
'login': username
|
||||
}
|
||||
|
||||
r = ldap_client.search_s(self.userdn,
|
||||
ldap.SCOPE_SUBTREE,
|
||||
user_filter
|
||||
)
|
||||
if len(r) == 0:
|
||||
ldap_client.unbind_s()
|
||||
return False
|
||||
|
||||
dn_entry = r[0][0]
|
||||
return dn_entry
|
||||
|
||||
def _connect(self):
|
||||
ldap_client = ldap.initialize(self.config['uri'])
|
||||
ldap_client.set_option(ldap.OPT_REFERRALS, 0)
|
||||
if self.config['starttls'] == 'on':
|
||||
ldap.set_option(ldap.OPT_X_TLS_DEMAND, True)
|
||||
if self.config['starttls'] == 'on':
|
||||
ldap.set_option(ldap.OPT_X_TLS_DEMAND, True)
|
||||
if self.ca:
|
||||
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, self.config['ca'])
|
||||
if self.checkcert == 'off':
|
||||
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
|
||||
else:
|
||||
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,ldap.OPT_X_TLS_DEMAND)
|
||||
|
||||
if self.config['starttls'] == 'on':
|
||||
try:
|
||||
ldap_client.start_tls_s()
|
||||
except ldap.OPERATIONS_ERROR:
|
||||
self._logger(
|
||||
logging.ERROR,
|
||||
"cannot use starttls with ldaps:// uri (uri: " + self.uri + ")"
|
||||
)
|
||||
raise cherrypy.HTTPError("500", "Configuration Error, contact administrator")
|
||||
return ldap_client
|
||||
|
Loading…
Reference in New Issue
Block a user