kallithea Changeset - 34a9b64a5e00

Changeset - 34a9b64a5e00

Parent rev.

Child rev.

[Not reviewed]

Merge beta

0 7 0

Marcin Kuzminski - 15 years ago 2011-04-26 20:28:46
marcin@python-works.com

Merge with 74685a31cc43600646843697dfa8bb2094eb1ea5 - contributions to LDAP made by Lorenzo M. Catucci

7 files changed with 38 insertions and 21 deletions:

rhodecode/controllers/admin/ldap_settings.py

rhodecode/lib/auth.py

rhodecode/lib/auth_ldap.py

rhodecode/lib/db_manage.py

rhodecode/model/forms.py

rhodecode/model/settings.py

rhodecode/templates/admin/ldap/ldap.html

0 comments (0 inline, 0 general)

rhodecode/controllers/admin/ldap_settings.py

➞

Show inline comments

@@ @@ -59,6 +59,13 @@ class LdapSettingsController(BaseControl @@
+                           ]
     tls_reqcert_default = 'DEMAND'
     tls_kind_choices = [('PLAIN', _('No encryption'),),
                         ('LDAPS', _('LDAPS connection'),),
                         ('START_TLS', _('START_TLS on LDAP connection'),)
+                        ]
     tls_kind_default = 'PLAIN'
     @LoginRequired()
     @HasPermissionAllDecorator('hg.admin')
     def __before__(self):
@@ @@ -66,12 +73,14 @@ class LdapSettingsController(BaseControl @@
         c.admin_username = session.get('admin_username')
         c.search_scope_choices = self.search_scope_choices
         c.tls_reqcert_choices = self.tls_reqcert_choices
         c.tls_kind_choices = self.tls_kind_choices
         super(LdapSettingsController, self).__before__()
     def index(self):
         defaults = SettingsModel().get_ldap_settings()
         c.search_scope_cur = defaults.get('ldap_search_scope')
         c.tls_reqcert_cur = defaults.get('ldap_tls_reqcert')
         c.tls_kind_cur = defaults.get('ldap_tls_kind')
         return htmlfill.render(
                     render('admin/ldap/ldap.html'),
@@ @@ -84,7 +93,8 @@ class LdapSettingsController(BaseControl @@
         settings_model = SettingsModel()
         _form = LdapSettingsForm([x[0] for x in self.tls_reqcert_choices],
                                  [x[0] for x in self.search_scope_choices])()
                                  [x[0] for x in self.search_scope_choices],
                                  [x[0] for x in self.tls_kind_choices])()
         try:
             form_result = _form.to_python(dict(request.POST))

rhodecode/lib/auth.py

➞

Show inline comments

@@ @@ -190,7 +190,7 @@ def authenticate(username, password): @@
                   'port': ldap_settings.get('ldap_port'),
                   'bind_dn': ldap_settings.get('ldap_dn_user'),
                   'bind_pass': ldap_settings.get('ldap_dn_pass'),
-                  'use_ldaps': str2bool(ldap_settings.get('ldap_ldaps')),
+                  'tls_kind': ldap_settings.get('ldap_tls_kind'),
                   'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'),
                   'ldap_filter': ldap_settings.get('ldap_filter'),
                   'search_scope': ldap_settings.get('ldap_search_scope'),
@@ @@ -205,12 +205,12 @@ def authenticate(username, password): @@
                 log.debug('Got ldap DN response %s', user_dn)
                 user_attrs = {
                     'name': ldap_attrs[ldap_settings\
                                        .get('ldap_attr_firstname')][0],
                     'lastname': ldap_attrs[ldap_settings\
                                            .get('ldap_attr_lastname')][0],
                     'email': ldap_attrs[ldap_settings\
                                         .get('ldap_attr_email')][0],
                     'name': ldap_attrs.get(ldap_settings\
                                        .get('ldap_attr_firstname'), [''])[0],
                     'lastname': ldap_attrs.get(ldap_settings\
                                            .get('ldap_attr_lastname'),[''])[0],
                     'email': ldap_attrs.get(ldap_settings\
                                         .get('ldap_attr_email'), [''])[0],
+                    }
                 if user_model.create_ldap(username, password, user_dn,

rhodecode/lib/auth_ldap.py

➞

Show inline comments

@@ @@ -34,14 +34,19 @@ except ImportError: @@
 class AuthLdap(object):
     def __init__(self, server, base_dn, port=389, bind_dn='', bind_pass='',
-                 use_ldaps=False, tls_reqcert='DEMAND', ldap_version=3,
+                 tls_kind = 'PLAIN', tls_reqcert='DEMAND', ldap_version=3,
                  ldap_filter='(&(objectClass=user)(!(objectClass=computer)))',
                  search_scope='SUBTREE',
                  attr_login='uid'):
         self.ldap_version = ldap_version
         if use_ldaps:
         ldap_server_type = 'ldap'
         self.TLS_KIND = tls_kind
         if self.TLS_KIND == 'LDAPS':
             port = port or 689
         self.LDAP_USE_LDAPS = use_ldaps
             ldap_server_type = ldap_server_type + 's'
         self.TLS_REQCERT = ldap.__dict__['OPT_X_TLS_' + tls_reqcert]
         self.LDAP_SERVER_ADDRESS = server
         self.LDAP_SERVER_PORT = port
@@ @@ -50,8 +55,6 @@ class AuthLdap(object): @@
         self.LDAP_BIND_DN = bind_dn
         self.LDAP_BIND_PASS = bind_pass
         ldap_server_type = 'ldap'
         if self.LDAP_USE_LDAPS:ldap_server_type = ldap_server_type + 's'
         self.LDAP_SERVER = "%s://%s:%s" % (ldap_server_type,
                                                self.LDAP_SERVER_ADDRESS,
                                                self.LDAP_SERVER_PORT)
@@ @@ -85,7 +88,7 @@ class AuthLdap(object): @@
             ldap.set_option(ldap.OPT_TIMEOUT, 20)
             ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 10)
             ldap.set_option(ldap.OPT_TIMELIMIT, 15)
-            if self.LDAP_USE_LDAPS:
+            if self.TLS_KIND != 'PLAIN':
                 ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, self.TLS_REQCERT)
             server = ldap.initialize(self.LDAP_SERVER)
             if self.ldap_version == 2:
@@ @@ -93,6 +96,9 @@ class AuthLdap(object): @@
             else:
                 server.protocol = ldap.VERSION3
             if self.TLS_KIND == 'START_TLS':
                 server.start_tls_s()
             if self.LDAP_BIND_DN and self.LDAP_BIND_PASS:
                 server.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS)
@@ @@ -105,9 +111,10 @@ class AuthLdap(object): @@
             if not lobjects:
                 raise ldap.NO_SUCH_OBJECT()
-            for (dn, attrs) in lobjects:
+            for (dn, _attrs) in lobjects:
                 try:
                     server.simple_bind_s(dn, password)
                     attrs = server.search_ext_s(dn, ldap.SCOPE_BASE, '(objectClass=*)')[0][1]
                     break
                 except ldap.INVALID_CREDENTIALS, e:

rhodecode/lib/db_manage.py

➞

Show inline comments

@@ @@ -312,7 +312,7 @@ class DbManage(object): @@
         try:
             for k, v in [('ldap_active', 'false'), ('ldap_host', ''),
-                        ('ldap_port', '389'), ('ldap_ldaps', 'false'),
+                        ('ldap_port', '389'), ('ldap_tls_kind', 'PLAIN'),
                         ('ldap_tls_reqcert', ''), ('ldap_dn_user', ''),
                         ('ldap_dn_pass', ''), ('ldap_base_dn', ''),
                         ('ldap_filter', ''), ('ldap_search_scope', ''),

rhodecode/model/forms.py

➞

Show inline comments

@@ @@ -556,7 +556,7 @@ def DefaultPermissionsForm(perms_choices @@
     return _DefaultPermissionsForm
 def LdapSettingsForm(tls_reqcert_choices, search_scope_choices):
+def LdapSettingsForm(tls_reqcert_choices, search_scope_choices, tls_kind_choices):
     class _LdapSettingsForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
@@ @@ -564,7 +564,7 @@ def LdapSettingsForm(tls_reqcert_choices @@
         ldap_active = StringBoolean(if_missing=False)
         ldap_host = UnicodeString(strip=True,)
         ldap_port = Number(strip=True,)
-        ldap_ldaps = StringBoolean(if_missing=False)
+        ldap_tls_kind = OneOf(tls_kind_choices)
         ldap_tls_reqcert = OneOf(tls_reqcert_choices)
         ldap_dn_user = UnicodeString(strip=True,)
         ldap_dn_pass = UnicodeString(strip=True,)

rhodecode/model/settings.py

➞

Show inline comments

@@ @@ -70,7 +70,7 @@ class SettingsModel(BaseModel): @@
         ldap_active
         ldap_host
         ldap_port
-        ldap_ldaps
+        ldap_tls_kind
         ldap_tls_reqcert
         ldap_dn_user
         ldap_dn_pass

rhodecode/templates/admin/ldap/ldap.html

➞

Show inline comments

@@ @@ -47,8 +47,8 @@ @@
                 <div class="input">${h.password('ldap_dn_pass',class_='small')}</div>
             </div>
             <div class="field">
                 <div class="label label-checkbox"><label for="ldap_ldaps">${_('Enable LDAPS')}</label></div>
                 <div class="checkboxes"><div class="checkbox">${h.checkbox('ldap_ldaps',True,class_='small')}</div></div>
                 <div class="label"><label for="ldap_tls_kind">${_('Connection security')}</label></div>
                 <div class="select">${h.select('ldap_tls_kind',c.tls_kind_cur,c.tls_kind_choices,class_='small')}</div>
             </div>
             <div class="field">
                 <div class="label"><label for="ldap_tls_reqcert">${_('Certificate Checks')}</label></div>

0 comments (0 inline, 0 general)