security-and-privacy/ldapcherry
security-and-privacy/ldapcherry
1
0
Fork 0
mirror of https://github.com/kakwa/ldapcherry synced 2024-11-22 17:34:21 +01:00
Code Releases Activity

correct the way variables are recovered by ldap backend

Browse Source
This commit is contained in:
kakwa 2015-05-21 19:55:11 +02:00
parent 3ab1cbcdb2
commit cb843a40e5
1 changed files with 19 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
ldapcherry/backend/backendLdap.py
View File

@ -12,9 +12,16 @@ import ldapcherry.backend
class Backend(ldapcherry.backend.Backend): class Backend(ldapcherry.backend.Backend):
def __init__(self, config, logger): def __init__(self, config, logger, name):
self.config = config self.config = config
self._logger = logger self._logger = logger
self.backend_name = name
self.binddn = self.get_param(binddn)
self.ca = self.get_param(ca)
self.checkcert = self.get_param(checkcert)
self.starttls = self.get_param(starttls)
self.uri = self.get_param(uri)
self.user_filter_tmpl = self.get_param(user_filter_tmpl)
def auth(self, username, password): def auth(self, username, password):
@ -53,17 +60,17 @@ class Backend(ldapcherry.backend.Backend):
except ldap.INVALID_CREDENTIALS: except ldap.INVALID_CREDENTIALS:
self._logger( self._logger(
logging.ERROR, logging.ERROR,
"Configuration error, wrong credentials, unable to connect to ldap with '" + self.config['binddn'] + "'" "Configuration error, wrong credentials, unable to connect to ldap with '" + self.binddn + "'",
) )
raise cherrypy.HTTPError("500", "Configuration Error, contact administrator") raise cherrypy.HTTPError("500", "Configuration Error, contact administrator")
except ldap.SERVER_DOWN: except ldap.SERVER_DOWN:
self._logger( self._logger(
logging.ERROR, logging.ERROR,
"Unable to contact ldap server '" + self.config['uri'] + "', check 'auth.ldap.uri' and ssl/tls configuration" "Unable to contact ldap server '" + self.uri + "', check 'auth.ldap.uri' and ssl/tls configuration",
) )
return False return False
user_filter = self.config['user_filter_tmpl'] % { user_filter = self.user_filter_tmpl % {
'login': username 'login': username
} }
@ -79,26 +86,24 @@ class Backend(ldapcherry.backend.Backend):
return dn_entry return dn_entry
def _connect(self): def _connect(self):
ldap_client = ldap.initialize(self.config['uri']) ldap_client = ldap.initialize(self.uri)
ldap_client.set_option(ldap.OPT_REFERRALS, 0) ldap_client.set_option(ldap.OPT_REFERRALS, 0)
if self.config['starttls'] == 'on': if self.starttls == 'on':
ldap.set_option(ldap.OPT_X_TLS_DEMAND, True) ldap.set_option(ldap.OPT_X_TLS_DEMAND, True)
if self.config['starttls'] == 'on': if self.ca:
ldap.set_option(ldap.OPT_X_TLS_DEMAND, True) ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, self.ca)
if self.config['ca']: if self.checkcert == 'off':
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, self.config['ca'])
if self.config['checkcert'] == 'off':
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW) ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
else: else:
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,ldap.OPT_X_TLS_DEMAND) ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,ldap.OPT_X_TLS_DEMAND)
if self.config['starttls'] == 'on': if self.starttls == 'on':
try: try:
ldap_client.start_tls_s() ldap_client.start_tls_s()
except ldap.OPERATIONS_ERROR: except ldap.OPERATIONS_ERROR:
self._logger( self._logger(
logging.ERROR, logging.ERROR,
"cannot use starttls with ldaps:// uri (uri: " + self.config['uri'] + ")" "cannot use starttls with ldaps:// uri (uri: " + self.uri + ")",
) )
raise cherrypy.HTTPError("500", "Configuration Error, contact administrator") raise cherrypy.HTTPError("500", "Configuration Error, contact administrator")
return ldap_client return ldap_client