+++ /dev/null
-# GNU MediaGoblin -- federated, autonomous media hosting
-# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-from ldap3 import Server, Connection, SUBTREE
-from ldap3.core.exceptions import LDAPException
-import logging
-
-import six
-
-from mediagoblin.tools import pluginapi
-
-_log = logging.getLogger(__name__)
-
-
-class LDAP(object):
- def __init__(self):
- self.ldap_settings = pluginapi.get_config('mediagoblin.plugins.ldap')
-
- def _connect(self, server):
- _log.info('Connecting to {0}.'.format(server['LDAP_SERVER_URI']))
- self.server = Server(server['LDAP_SERVER_URI'])
-
- if 'LDAP_START_TLS' in server and server['LDAP_START_TLS'] == 'true':
- _log.info('Initiating TLS')
- self.server.start_tls()
-
- def _manager_auth(self, settings, username, password):
- conn = Connection(self.server,
- settings['LDAP_BIND_DN'],
- settings['LDAP_BIND_PW'],
- auto_bind=True)
- found = conn.search(
- search_base=settings['LDAP_SEARCH_BASE'],
- search_filter=settings['LDAP_SEARCH_FILTER'].format(username=username),
- search_scope=SUBTREE,
- attributes=[settings['EMAIL_SEARCH_FIELD']])
- if (not found) or len(conn.entries) > 1:
- return False, None
-
- user = conn.entries[0]
- user_dn = user.entry_dn
- try:
- email = user.entry_attributes_as_dict[settings['EMAIL_SEARCH_FIELD']][0]
- except KeyError:
- email = None
-
- Connection(self.server, user_dn, password, auto_bind=True)
-
- return username, email
-
- def _direct_auth(self, settings, username, password):
- user_dn = settings['LDAP_USER_DN_TEMPLATE'].format(username=username)
- conn = Connection(self.server, user_dn, password, auto_bind=True)
- email_found = conn.search(
- search_base=settings['LDAP_SEARCH_BASE'],
- search_filter='uid={0}'.format(username),
- search_scope=SUBTREE,
- attributes=[settings['EMAIL_SEARCH_FIELD']])
-
- if email_found:
- try:
- email = conn.entries[0].entry_attributes_as_dict[settings['EMAIL_SEARCH_FIELD']][0]
- except KeyError:
- email = None
-
- return username, email
-
- def login(self, username, password):
- for k, v in six.iteritems(self.ldap_settings):
- try:
- self._connect(v)
-
- if 'LDAP_BIND_DN' in v:
- return self._manager_auth(v, username, password)
- else:
- return self._direct_auth(v, username, password)
-
- except LDAPException as e:
- _log.info(e)
-
- return False, None