]>
git.immae.eu Git - perso/Immae/Config/Nix/NUR.git/blob - pkgs/webapps/mediagoblin/ldap_fix.py
1 # GNU MediaGoblin -- federated, autonomous media hosting
2 # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU Affero General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU Affero General Public License for more details.
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 from ldap3
import Server
, Connection
, SUBTREE
17 from ldap3
.core
.exceptions
import LDAPException
22 from mediagoblin
.tools
import pluginapi
24 _log
= logging
.getLogger(__name__
)
29 self
.ldap_settings
= pluginapi
.get_config('mediagoblin.plugins.ldap')
31 def _connect(self
, server
):
32 _log
.info('Connecting to {0}.'.format(server
['LDAP_SERVER_URI']))
33 self
.server
= Server(server
['LDAP_SERVER_URI'])
35 if 'LDAP_START_TLS' in server
and server
['LDAP_START_TLS'] == 'true':
36 _log
.info('Initiating TLS')
37 self
.server
.start_tls()
39 def _manager_auth(self
, settings
, username
, password
):
40 conn
= Connection(self
.server
,
41 settings
['LDAP_BIND_DN'],
42 settings
['LDAP_BIND_PW'],
45 search_base
=settings
['LDAP_SEARCH_BASE'],
46 search_filter
=settings
['LDAP_SEARCH_FILTER'].format(username
=username
),
48 attributes
=[settings
['EMAIL_SEARCH_FIELD']])
49 if (not found
) or len(conn
.entries
) > 1:
52 user
= conn
.entries
[0]
53 user_dn
= user
.entry_dn
55 email
= user
.entry_attributes_as_dict
[settings
['EMAIL_SEARCH_FIELD']][0]
59 Connection(self
.server
, user_dn
, password
, auto_bind
=True)
61 return username
, email
63 def _direct_auth(self
, settings
, username
, password
):
64 user_dn
= settings
['LDAP_USER_DN_TEMPLATE'].format(username
=username
)
65 conn
= Connection(self
.server
, user_dn
, password
, auto_bind
=True)
66 email_found
= conn
.search(
67 search_base
=settings
['LDAP_SEARCH_BASE'],
68 search_filter
='uid={0}'.format(username
),
70 attributes
=[settings
['EMAIL_SEARCH_FIELD']])
74 email
= conn
.entries
[0].entry_attributes_as_dict
[settings
['EMAIL_SEARCH_FIELD']][0]
78 return username
, email
80 def login(self
, username
, password
):
81 for k
, v
in six
.iteritems(self
.ldap_settings
):
85 if 'LDAP_BIND_DN' in v
:
86 return self
._manager
_auth
(v
, username
, password
)
88 return self
._direct
_auth
(v
, username
, password
)
90 except LDAPException
as e
: