# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from ldap3 import Server, Connection, SUBTREE
from ldap3.core.exceptions import LDAPException
import logging
import six
from mediagoblin.tools import pluginapi
_log = logging.getLogger(__name__)
class LDAP(object):
def __init__(self):
self.ldap_settings = pluginapi.get_config('mediagoblin.plugins.ldap')
def _connect(self, server):
_log.info('Connecting to {0}.'.format(server['LDAP_SERVER_URI']))
self.server = Server(server['LDAP_SERVER_URI'])
if 'LDAP_START_TLS' in server and server['LDAP_START_TLS'] == 'true':
_log.info('Initiating TLS')
self.server.start_tls()
def _manager_auth(self, settings, username, password):
conn = Connection(self.server,
settings['LDAP_BIND_DN'],
settings['LDAP_BIND_PW'],
auto_bind=True)
found = conn.search(
search_base=settings['LDAP_SEARCH_BASE'],
search_filter=settings['LDAP_SEARCH_FILTER'].format(username=username),
search_scope=SUBTREE,
attributes=[settings['EMAIL_SEARCH_FIELD']])
if (not found) or len(conn.entries) > 1:
return False, None
user = conn.entries[0]
user_dn = user.entry_dn
try:
email = user.entry_attributes_as_dict[settings['EMAIL_SEARCH_FIELD']][0]
except KeyError:
email = None
Connection(self.server, user_dn, password, auto_bind=True)
return username, email
def _direct_auth(self, settings, username, password):
user_dn = settings['LDAP_USER_DN_TEMPLATE'].format(username=username)
conn = Connection(self.server, user_dn, password, auto_bind=True)
email_found = conn.search(
search_base=settings['LDAP_SEARCH_BASE'],
search_filter='uid={0}'.format(username),
search_scope=SUBTREE,
attributes=[settings['EMAIL_SEARCH_FIELD']])
if email_found:
try:
email = conn.entries[0].entry_attributes_as_dict[settings['EMAIL_SEARCH_FIELD']][0]
except KeyError:
email = None
return username, email
def login(self, username, password):
for k, v in six.iteritems(self.ldap_settings):
try:
self._connect(v)
if 'LDAP_BIND_DN' in v:
return self._manager_auth(v, username, password)
else:
return self._direct_auth(v, username, password)
except LDAPException as e:
_log.info(e)
return False, None