1
0
mirror of https://github.com/kakwa/ldapcherry synced 2024-11-25 10:44:30 +01:00

begin ldap backend implementation

This commit is contained in:
kakwa 2015-05-20 17:13:18 +02:00
parent fc188df49e
commit 1020c454d0
3 changed files with 98 additions and 2 deletions

View File

@ -75,6 +75,9 @@ ldap.uri = 'ldaps://ldap.ldapcherry.org'
ldap.ca = '/etc/dnscherry/TEST-cacert.pem' ldap.ca = '/etc/dnscherry/TEST-cacert.pem'
ldap.starttls = 'on' ldap.starttls = 'on'
ldap.checkcert = 'off' ldap.checkcert = 'off'
ldap.user.filter.tmpl = '(uid=%(username)s)'
ldap.group.filter.tmpl = '(member=%(userdn)s)'
ad.module = 'ldapcherry.backend.samba4' ad.module = 'ldapcherry.backend.samba4'
ad.auth = 'Administrator' ad.auth = 'Administrator'

View File

@ -10,11 +10,14 @@ class Backend:
def __init__(self): def __init__(self):
pass pass
def add_group(self): def auth(self):
pass
def add_to_group(self):
pass pass
def set_attr(self): def set_attr(self):
pass pass
def rm_group(self): def rm_from_group(self):
pass pass

View File

@ -5,9 +5,99 @@
# LdapCherry # LdapCherry
# Copyright (c) 2014 Carpentier Pierre-Francois # Copyright (c) 2014 Carpentier Pierre-Francois
import cherrypy
import ldap
import logging
import ldapcherry.backend import ldapcherry.backend
class Backend(ldapcherry.backend.Backend): class Backend(ldapcherry.backend.Backend):
def __init__(self, config, logger): def __init__(self, config, logger):
self.config = config
def auth(self, username, password):
binddn = get_user(username)
if binddn:
ldap_client = self._connect()
try:
ldap_client.simple_bind_s(binddn, password)
except ldap.INVALID_CREDENTIALS:
ldap_client.unbind_s()
return False
ldap_client.unbind_s()
return True
else:
return False
def add_to_group(self):
pass pass
def set_attrs(self, attrs):
pass
def rm_from_group(self):
pass
def add_user(self, username):
pass
def del_user(self, username):
pass
def get_user(self, username):
ldap_client = self._connect()
try:
ldap_client.simple_bind_s(self.binddn, self.bindpassword)
except ldap.INVALID_CREDENTIALS:
self._logger(
logging.ERROR,
"Configuration error, wrong credentials, unable to connect to ldap with '" + self.binddn + "'"
)
raise cherrypy.HTTPError("500", "Configuration Error, contact administrator")
except ldap.SERVER_DOWN:
self._logger(
logging.ERROR,
"Unable to contact ldap server '" + self.uri + "', check 'auth.ldap.uri' and ssl/tls configuration"
)
return False
user_filter = self.config['user_filter_tmpl'] % {
'login': username
}
r = ldap_client.search_s(self.userdn,
ldap.SCOPE_SUBTREE,
user_filter
)
if len(r) == 0:
ldap_client.unbind_s()
return False
dn_entry = r[0][0]
return dn_entry
def _connect(self):
ldap_client = ldap.initialize(self.config['uri'])
ldap_client.set_option(ldap.OPT_REFERRALS, 0)
if self.config['starttls'] == 'on':
ldap.set_option(ldap.OPT_X_TLS_DEMAND, True)
if self.config['starttls'] == 'on':
ldap.set_option(ldap.OPT_X_TLS_DEMAND, True)
if self.ca:
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, self.config['ca'])
if self.checkcert == 'off':
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
else:
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,ldap.OPT_X_TLS_DEMAND)
if self.config['starttls'] == 'on':
try:
ldap_client.start_tls_s()
except ldap.OPERATIONS_ERROR:
self._logger(
logging.ERROR,
"cannot use starttls with ldaps:// uri (uri: " + self.uri + ")"
)
raise cherrypy.HTTPError("500", "Configuration Error, contact administrator")
return ldap_client