def __init__(self, bind_dn, bind_pw, batch_mods=False, sasl=False, ro=False): """Handler for bindings to CSH LDAP. Keyword arguments: batch_mods -- whether or not to batch LDAP writes (default False) sasl -- whether or not to bypass bind_dn and bind_pw and use SASL bind """ if ro: print("########################################\n" "# #\n" "# CSH LDAP IS IN READ ONLY MODE #\n" "# #\n" "########################################") self.__con__ = ReconnectLDAPObject(self.__ldap_uri__) if sasl: self.__con__.sasl_non_interactive_bind_s('') else: self.__con__.simple_bind_s(bind_dn, bind_pw) self.__mod_queue__ = {} self.__pending_mod_dn__ = [] self.__batch_mods__ = batch_mods self.__ro__ = ro
def __init__(self, bind_dn, bind_pw, batch_mods=False, sasl=False, ro=False): """Handler for bindings to CSH LDAP. Keyword arguments: batch_mods -- whether or not to batch LDAP writes (default False) sasl -- whether or not to bypass bind_dn and bind_pw and use SASL bind ro -- whether or not CSH LDAP is in read only mode (default False) """ if ro: print("########################################\n" "# #\n" "# CSH LDAP IS IN READ ONLY MODE #\n" "# #\n" "########################################") ldap_srvs = srvlookup.lookup("ldap", "tcp", self.__domain__) ldap_uris = "" for uri in ldap_srvs: ldap_uris += "ldaps://"+uri.hostname+"," self.__con__ = ReconnectLDAPObject(ldap_uris) # Allow connections with self-signed certs self.__con__.set_option(self.__con__.OPT_X_TLS_REQUIRE_CERT, self.__con__.OPT_X_TLS_ALLOW) if sasl: self.__con__.sasl_non_interactive_bind_s('') else: self.__con__.simple_bind_s(bind_dn, bind_pw) self.__mod_queue__ = {} self.__pending_mod_dn__ = [] self.__batch_mods__ = batch_mods self.__ro__ = ro
def ldap_init(ro, ldap_url, bind_dn, bind_pw, user_ou, group_ou, committee_ou): global user_search_ou, group_search_ou, committee_search_ou, ldap_conn, read_only read_only = ro user_search_ou = user_ou group_search_ou = group_ou committee_search_ou = committee_ou ldap_conn = ReconnectLDAPObject(ldap_url) ldap_conn.simple_bind_s(bind_dn, bind_pw)
def ldap_connect(settings, use_cache=True): """Establishes an LDAP connection. Establishes a connection to the LDAP server from the `uri` in the ``settings``. To establish a connection, the settings must be specified: - ``uri``: valid URI which points to a LDAP server, - ``bind_dn``: `dn` used to initially bind every LDAP connection - ``bind_password``" password used for the initial bind - ``tls``: ``True`` if the connection should use TLS encryption - ``starttls``: ``True`` to negotiate TLS with the server `Note`: ``starttls`` is ignored if the URI uses LDAPS and ``tls`` is set to ``True``. This function re-uses an existing LDAP connection if there is one available in the application context, unless caching is disabled. :param settings: dict -- The settings for a LDAP provider. :param use_cache: bool -- If the connection should be cached. :return: The ldap connection. """ if use_cache: cache = _get_ldap_cache() cache_key = frozenset( (k, hash(v)) for k, v in iteritems(settings) if k in conn_keys) conn = cache.get(cache_key) if conn is not None: return conn uri_info = urlparse(settings['uri']) use_ldaps = uri_info.scheme == 'ldaps' credentials = (settings['bind_dn'], settings['bind_password']) ldap_connection = ReconnectLDAPObject(settings['uri']) ldap_connection.protocol_version = ldap.VERSION3 ldap_connection.set_option(ldap.OPT_REFERRALS, 0) ldap_connection.set_option( ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND if use_ldaps else ldap.OPT_X_TLS_NEVER) ldap_connection.set_option( ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND if settings['verify_cert'] else ldap.OPT_X_TLS_ALLOW) # force the creation of a new TLS context. This must be the last TLS option. # see: http://stackoverflow.com/a/27713355/298479 ldap_connection.set_option(ldap.OPT_X_TLS_NEWCTX, 0) if use_ldaps and settings['starttls']: warn( "Unable to start TLS, LDAP connection already secured over SSL (LDAPS)" ) elif settings['starttls']: ldap_connection.start_tls_s() # TODO: allow anonymous bind ldap_connection.simple_bind_s(*credentials) if use_cache: cache[cache_key] = ldap_connection return ldap_connection
def connect(self): try: self.connection = ReconnectLDAPObject(self.uri) if self.user is not None: self.connection.simple_bind_s(self.user, self.password) except: logger.exception("LDAP connection failed") return False return True
def _cursor(self): if self.connection is None: # self.connection = ldap.initialize(self.settings_dict['NAME']) self.connection = ReconnectLDAPObject(self.settings_dict['NAME']) self.connection.simple_bind_s( self.settings_dict['USER'], self.settings_dict['PASSWORD']) return DatabaseCursor(self.connection)
def ldap_client(self): if not self._ldap_client: self._ldap_client = ReconnectLDAPObject( self.ldap_url, retry_max=self.ldap_retry_max, retry_delay=self.ldap_retry_delay) self._ldap_client.set_option(ldap.OPT_PROTOCOL_VERSION, 3) self._ldap_client.set_option(ldap.OPT_REFERRALS, 0) return self._ldap_client
def __init__(self, ldap_uri, base_dn, admin_user, admin_password, home_base_directory=None, group_id=None): self.ldap_uri = ldap_uri self.ldap_com = ReconnectLDAPObject(ldap_uri, retry_max=10, retry_delay=3) # self.ldap_com = ldap.initialize(ldap_uri) self.ldap_base_dn = base_dn if home_base_directory is not None: self.HOME_BASE_DIRECTORY = home_base_directory if group_id is not None: self.GROUP_ID_NUMBER = "%s" % group_id self.ldap_admin = "cn=%s,%s" % (admin_user, self.ldap_base_dn) self.people_base_cn = "ou=People,%s" % self.ldap_base_dn self.ldap_com.bind_s(self.ldap_admin, admin_password)
def __init__(self, bind_dn, bind_pw, batch_mods=False, sasl=False, ro=False): """Handler for bindings to CSH LDAP. Keyword arguments: batch_mods -- whether or not to batch LDAP writes (default False) sasl -- whether or not to bypass bind_dn and bind_pw and use SASL bind ro -- whether or not CSH LDAP is in read only mode (default False) """ if ro: print("########################################\n" "# #\n" "# CSH LDAP IS IN READ ONLY MODE #\n" "# #\n" "########################################") ldap_srvs = srvlookup.lookup("ldap", "tcp", self.__domain__) self.ldap_uris = ['ldaps://' + uri.hostname for uri in ldap_srvs] self.server_uri = None self.__con__ = None for uri in self.ldap_uris: try: self.__con__ = ReconnectLDAPObject(uri) self.server_uri = uri except (ldap.SERVER_DOWN, ldap.TIMEOUT): continue if self.__con__ is None: raise ldap.SERVER_DOWN if sasl: self.__con__.sasl_non_interactive_bind_s('') else: self.__con__.simple_bind_s(bind_dn, bind_pw) self.__mod_queue__ = {} self.__pending_mod_dn__ = [] self.__batch_mods__ = batch_mods self.__ro__ = ro
def ldap_init(app): app.config['LDAP_CONN'] = ReconnectLDAPObject(app.config['LDAP_URL']) app.config['LDAP_CONN'].simple_bind_s(app.config['LDAP_BIND_DN'], app.config['LDAP_BIND_PW'])