Changeset - 28060f0ac6c6
Parent rev.
Child rev.
[Not reviewed]
beta
0 1 0
"Lorenzo M. Catucci" - 15 years ago 2011-04-26 14:02:18
lorenzo@sancho.ccd.uniroma2.it
Fetch entry after successful bind for being able to read its attributes.
1 file changed with 2 insertions and 1 deletions:
rhodecode/lib/auth_ldap.py
2
1
0 comments (0 inline, 0 general)
rhodecode/lib/auth_ldap.py
Show inline comments
 
@@ -84,45 +84,46 @@ class AuthLdap(object):
 
            ldap.set_option(ldap.OPT_RESTART, ldap.OPT_ON)
 
            ldap.set_option(ldap.OPT_TIMEOUT, 20)
 
            ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 10)
 
            ldap.set_option(ldap.OPT_TIMELIMIT, 15)
 
            if self.LDAP_USE_LDAPS:
 
                ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, self.TLS_REQCERT)
 
            server = ldap.initialize(self.LDAP_SERVER)
 
            if self.ldap_version == 2:
 
                server.protocol = ldap.VERSION2
 
            else:
 
                server.protocol = ldap.VERSION3
 

			




	
	
	
		
 
            if self.LDAP_BIND_DN and self.LDAP_BIND_PASS:

			




	
	
	
		
 
                server.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS)

			




	
	
	
		
 

			




	
	
	
		
 
            filt = '(&%s(%s=%s))' % (self.LDAP_FILTER, self.attr_login, username)

			




	
	
	
		
 
            log.debug("Authenticating %r filt %s at %s", self.BASE_DN,

			




	
	
	
		
 
                      filt, self.LDAP_SERVER)

			




	
	
	
		
 
            lobjects = server.search_ext_s(self.BASE_DN, self.SEARCH_SCOPE,

			




	
	
	
		
 
                                           filt)

			




	
	
	
		
 

			




	
	
	
		
 
            if not lobjects:

			




	
	
	
		
 
                raise ldap.NO_SUCH_OBJECT()

			




	
	
	
		
 

			




	
	
	
		
 
            for (dn, attrs) in lobjects:

			




	
	
	
		
 
            for (dn, _attrs) in lobjects:

			




	
	
	
		
 
                try:

			




	
	
	
		
 
                    server.simple_bind_s(dn, password)

			




	
	
	
		
 
                    attrs = server.search_ext_s(dn, ldap.SCOPE_BASE, '(objectClass=*)')[0][1]

			




	
	
	
		
 
                    break

			




	
	
	
		
 

			




	
	
	
		
 
                except ldap.INVALID_CREDENTIALS, e:

			




	
	
	
		
 
                    log.debug("LDAP rejected password for user '%s' (%s): %s",

			




	
	
	
		
 
                              uid, username, dn)

			




	
	
	
		
 

			




	
	
	
		
 
            else:

			




	
	
	
		
 
                log.debug("No matching LDAP objects for authentication "

			




	
	
	
		
 
                          "of '%s' (%s)", uid, username)

			




	
	
	
		
 
                raise LdapPasswordError()

			




	
	
	
		
 

			




	
	
	
		
 
        except ldap.NO_SUCH_OBJECT, e:

			




	
	
	
		
 
            log.debug("LDAP says no such user '%s' (%s)", uid, username)

			




	
	
	
		
 
            raise LdapUsernameError()

			




	
	
	
		
 
        except ldap.SERVER_DOWN, e:

			




	
	
	
		
 
            raise LdapConnectionError("LDAP can't access authentication server")

			




	
	
	
		
 

			




	
	
	
		
 
        return (dn, attrs)

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.