kallithea Changeset - 597bc7077f18

Changeset - 597bc7077f18

Parent rev.

Child rev.

[Not reviewed]

beta

0 1 0

Marcin Kuzminski - 15 years ago 2011-03-28 21:28:16
marcin@python-works.com

applied patch from issue #138

1 file changed with 4 insertions and 4 deletions:

rhodecode/lib/auth_ldap.py

0 comments (0 inline, 0 general)

rhodecode/lib/auth_ldap.py

➞

Show inline comments

@@ @@ -71,60 +71,60 @@ class AuthLdap(object): @@
         EnvironmentError if the LDAP server can't be reached.
         :param username: username
         :param password: password
         """
         from rhodecode.lib.helpers import chop_at
         uid = chop_at(username, "@%s" % self.LDAP_SERVER_ADDRESS)
         if "," in username:
             raise LdapUsernameError("invalid character in username: ,")
         try:
             ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, '/etc/openldap/cacerts')
             ldap.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF)
             ldap.set_option(ldap.OPT_RESTART, ldap.OPT_ON)
             ldap.set_option(ldap.OPT_TIMEOUT, 20)
             ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 10)
             ldap.set_option(ldap.OPT_TIMELIMIT, 15)
             if self.LDAP_USE_LDAPS:
                 ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, self.TLS_REQCERT)
             server = ldap.initialize(self.LDAP_SERVER)
             if self.ldap_version == 2:
                 server.protocol = ldap.VERSION2
             else:
                 server.protocol = ldap.VERSION3
             if self.LDAP_BIND_DN and self.LDAP_BIND_PASS:
                 server.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS)
             filt = '(&%s(%s=%s))' % (self.LDAP_FILTER, self.attr_login, username)
             log.debug("Authenticating %r filt %s at %s", self.BASE_DN,
                       filt, self.LDAP_SERVER)
             lobjects = server.search_ext_s(self.BASE_DN, self.SEARCH_SCOPE,
                                            filt)
             if not lobjects:
                 raise ldap.NO_SUCH_OBJECT()
             for (dn, attrs) in lobjects:
                 try:
                     server.simple_bind_s(dn, password)
                     break
                 except ldap.INVALID_CREDENTIALS, e:
                     log.debug("LDAP rejected password for user '%s' (%s): %s",
                               uid, username, dn)
                 else:
                     log.debug("No matching LDAP objects for authentication "
                               "of '%s' (%s)", uid, username)
                     raise LdapPasswordError()
             else:
                 log.debug("No matching LDAP objects for authentication "
                           "of '%s' (%s)", uid, username)
                 raise LdapPasswordError()
         except ldap.NO_SUCH_OBJECT, e:
             log.debug("LDAP says no such user '%s' (%s)", uid, username)
             raise LdapUsernameError()
         except ldap.SERVER_DOWN, e:
             raise LdapConnectionError("LDAP can't access authentication server")
         return (dn, attrs)

0 comments (0 inline, 0 general)