Enable ldap  = checked                 #controls if ldap access is enabled

 Host         = host.domain.org         #actual ldap server to connect

 Port         = 389 or 689 for ldaps    #ldap server ports

 Enable LDAPS = unchecked               #enable disable ldaps

 Account      = <account>               #access for ldap server(if required)

 Password     = <password>              #password for ldap server(if required)

 Base DN      = uid=%(user)s,CN=users,DC=host,DC=domain,DC=org

`Account` and `Password` are optional, and used for two-phase ldap 

authentication so those are credentials to access Your ldap, if it doesn't 

If all data are entered correctly, and `python-ldap` is properly installed

Users should be granted to access RhodeCode wit ldap accounts. When 

logging at the first time an special ldap account is created inside RhodeCode, 

so You can control over permissions even on ldap users. If such user exists 

already in RhodeCode database ldap user with the same username would be not 

able to access RhodeCode.

If You have problems with ldap access and believe You entered correct 

information check out the RhodeCode logs,any error messages sent from 

ldap will be saved there.

        #USE FOR READ ONLY BIND TO LDAP SERVER

        self.LDAP_BIND_DN = bind_dn

        self.LDAP_BIND_PASS = bind_pass

        ldap_server_type = 'ldap'

        if self.LDAP_USE_LDAPS:ldap_server_type = ldap_server_type + 's'

        self.LDAP_SERVER = "%s://%s:%s" % (ldap_server_type,

                                               self.LDAP_SERVER_ADDRESS,

                                               self.LDAP_SERVER_PORT)

        self.BASE_DN = base_dn

    def authenticate_ldap(self, username, password):

        """Authenticate a user via LDAP and return his/her LDAP properties.

        Raises AuthenticationError if the credentials are rejected, or

        EnvironmentError if the LDAP server can't be reached.

        :param username: username

        :param password: password

        """

        from rhodecode.lib.helpers import chop_at

        uid = chop_at(username, "@%s" % self.LDAP_SERVER_ADDRESS)

        if "," in username:

            raise LdapUsernameError("invalid character in username: ,")

        try:

            ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, '/etc/openldap/cacerts')

            ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 10)

            server = ldap.initialize(self.LDAP_SERVER)

            if self.ldap_version == 2:

                server.protocol = ldap.VERSION2

            else:

                server.protocol = ldap.VERSION3

            if self.LDAP_BIND_DN and self.LDAP_BIND_PASS:

            server.simple_bind_s(dn, password)

            properties = server.search_s(dn, ldap.SCOPE_SUBTREE)

            if not properties:

                raise ldap.NO_SUCH_OBJECT()

        except ldap.NO_SUCH_OBJECT, e:

            log.debug("LDAP says no such user '%s' (%s)", uid, username)

            raise LdapUsernameError()

        except ldap.INVALID_CREDENTIALS, e:

            log.debug("LDAP rejected password for user '%s' (%s)", uid, username)

            raise LdapPasswordError()

        except ldap.SERVER_DOWN, e:

            raise LdapConnectionError("LDAP can't access authentication server")

        return value

class LdapLibValidator(formencode.validators.FancyValidator):

    def to_python(self, value, state):

        try:

            import ldap

        except ImportError:

            raise LdapImportError

        return value

#===============================================================================

# FORMS        

#===============================================================================

class LoginForm(formencode.Schema):

    allow_extra_fields = True

    filter_extra_fields = True

    username = UnicodeString(

                             strip=True,

                             min=1,

                             not_empty=True,

                             messages={

                                       'empty':_('Please enter a login'),

def LdapSettingsForm():

    class _LdapSettingsForm(formencode.Schema):

        allow_extra_fields = True

        filter_extra_fields = True

        pre_validators = [LdapLibValidator]

        ldap_active = StringBoolean(if_missing=False)

        ldap_host = UnicodeString(strip=True,)

        ldap_port = Number(strip=True,)

        ldap_ldaps = StringBoolean(if_missing=False)

        ldap_dn_user = UnicodeString(strip=True,)

        ldap_dn_pass = UnicodeString(strip=True,)

    return _LdapSettingsForm

import sys

py_version = sys.version_info

requirements = [

        "Pylons>=1.0.0",

        "SQLAlchemy>=0.6.5",

        "Mako>=0.3.6",

        "vcs>=0.1.10",

        "pygments>=1.3.0",

        "mercurial>=1.7.1",

        "celery>=2.1.3",

        "py-bcrypt",

        "babel",

    ]

classifiers = ['Development Status :: 4 - Beta',

                   'Environment :: Web Environment',

                   'Framework :: Pylons',

                   'Intended Audience :: Developers',

                   'License :: OSI Approved :: BSD License',

                   'Operating System :: OS Independent',

                   'Programming Language :: Python', ]

    zip_safe=False,

    paster_plugins=['PasteScript', 'Pylons'],

    entry_points="""

    [paste.app_factory]

    main = rhodecode.config.middleware:make_app

    [paste.app_install]

    main = pylons.util:PylonsInstaller

    [paste.global_paster_command]

    make-index = rhodecode.lib.indexers:MakeIndex

    upgrade-db = rhodecode.lib.utils:UpgradeDb

    """,

)