kallithea Changeset - 22eca93bea97

Changeset - 22eca93bea97

Parent rev.

Child rev.

[Not reviewed]

beta

0 1 0

Marcin Kuzminski - 15 years ago 2010-11-29 13:55:47
marcin@python-works.com

fixes a bug with two-pass ldap auth (thanks for TK Soh for that)

1 file changed with 1 insertions and 2 deletions:

rhodecode/lib/auth_ldap.py

0 comments (0 inline, 0 general)

rhodecode/lib/auth_ldap.py

➞

Show inline comments

@@ @@ -37,69 +37,68 @@ class AuthLdap(object): @@
     def __init__(self, server, base_dn, port=389, bind_dn='', bind_pass='',
                  use_ldaps=False, ldap_version=3):
         self.ldap_version = ldap_version
         if use_ldaps:
             port = port or 689
         self.LDAP_USE_LDAPS = use_ldaps
         self.LDAP_SERVER_ADDRESS = server
         self.LDAP_SERVER_PORT = port
         #USE FOR READ ONLY BIND TO LDAP SERVER
         self.LDAP_BIND_DN = bind_dn
         self.LDAP_BIND_PASS = bind_pass
         ldap_server_type = 'ldap'
         if self.LDAP_USE_LDAPS:ldap_server_type = ldap_server_type + 's'
         self.LDAP_SERVER = "%s://%s:%s" % (ldap_server_type,
                                                self.LDAP_SERVER_ADDRESS,
                                                self.LDAP_SERVER_PORT)
         self.BASE_DN = base_dn
     def authenticate_ldap(self, username, password):
         """Authenticate a user via LDAP and return his/her LDAP properties.
         Raises AuthenticationError if the credentials are rejected, or
         EnvironmentError if the LDAP server can't be reached.
         :param username: username
         :param password: password
         """
         from rhodecode.lib.helpers import chop_at
         uid = chop_at(username, "@%s" % self.LDAP_SERVER_ADDRESS)
         if "," in username:
             raise LdapUsernameError("invalid character in username: ,")
         try:
             ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, '/etc/openldap/cacerts')
             ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 10)
             server = ldap.initialize(self.LDAP_SERVER)
             if self.ldap_version == 2:
                 server.protocol = ldap.VERSION2
             else:
                 server.protocol = ldap.VERSION3
             if self.LDAP_BIND_DN and self.LDAP_BIND_PASS:
                 login_dn = self.BASE_DN % {'user':uid}
                 server.simple_bind_s(login_dn, self.LDAP_BIND_PASS)
                 server.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS)
             dn = self.BASE_DN % {'user':uid}
             log.debug("Authenticating %r at %s", dn, self.LDAP_SERVER)
             server.simple_bind_s(dn, password)
             properties = server.search_s(dn, ldap.SCOPE_SUBTREE)
             if not properties:
                 raise ldap.NO_SUCH_OBJECT()
         except ldap.NO_SUCH_OBJECT, e:
             log.debug("LDAP says no such user '%s' (%s)", uid, username)
             raise LdapUsernameError()
         except ldap.INVALID_CREDENTIALS, e:
             log.debug("LDAP rejected password for user '%s' (%s)", uid, username)
             raise LdapPasswordError()
         except ldap.SERVER_DOWN, e:
             raise LdapConnectionError("LDAP can't access authentication server")
         return properties[0]

0 comments (0 inline, 0 general)