kallithea Changeset - 6602bf1c5546

Changeset - 6602bf1c5546

Parent rev.

Child rev.

[Not reviewed]

beta

0 1 0

Marcin Kuzminski - 15 years ago 2010-11-16 15:52:20
marcin@python-works.com

ldap two phase auth fix

1 file changed with 10 insertions and 2 deletions:

rhodecode/lib/auth_ldap.py

0 comments (0 inline, 0 general)

rhodecode/lib/auth_ldap.py

➞

Show inline comments

@@ @@ -25,9 +25,10 @@ class PasswordError(Exception):pass @@
 LDAP_USE_LDAPS = False
 ldap_server_type = 'ldap'
-LDAP_SERVER_ADDRESS = '192.168.2.56'
+LDAP_SERVER_ADDRESS = 'myldap.com'
 LDAP_SERVER_PORT = '389'
 #USE FOR READ ONLY BIND TO LDAP SERVER
 LDAP_BIND_DN = ''
 LDAP_BIND_PASS = ''
@@ @@ -37,6 +38,7 @@ LDAP_SERVER = "%s://%s:%s" % (ldap_serve @@
                                        LDAP_SERVER_PORT)
 BASE_DN = "ou=people,dc=server,dc=com"
 AUTH_DN = "uid=%s,%s"
 def authenticate_ldap(username, password):
     """Authenticate a user via LDAP and return his/her LDAP properties.
@@ @@ -52,7 +54,7 @@ def authenticate_ldap(username, password @@
     from rhodecode.lib.helpers import chop_at
     uid = chop_at(username, "@%s" % LDAP_SERVER_ADDRESS)
-    dn = "uid=%s,%s" % (uid, BASE_DN)
+    dn = AUTH_DN % (uid, BASE_DN)
     log.debug("Authenticating %r at %s", dn, LDAP_SERVER)
     if "," in username:
         raise UsernameError("invalid character in username: ,")
@@ @@ -60,6 +62,12 @@ def authenticate_ldap(username, password @@
         #ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/etc/openldap/cacerts')
         server = ldap.initialize(LDAP_SERVER)
         server.protocol = ldap.VERSION3
         if LDAP_BIND_DN and LDAP_BIND_PASS:
             server.simple_bind_s(AUTH_DN % (LDAP_BIND_DN,
                                             LDAP_BIND_PASS),
                                             password)
         server.simple_bind_s(dn, password)
         properties = server.search_s(dn, ldap.SCOPE_SUBTREE)
         if not properties:

0 comments (0 inline, 0 general)