def connect(**kw):
# Sources order, see ldap.conf(3)
# variable $LDAPNOINIT, and if that is not set:
# system file /etc/ldap/ldap.conf,
# user files $HOME/ldaprc, $HOME/.ldaprc, ./ldaprc,
# system file $LDAPCONF,
# user files $HOME/$LDAPRC, $HOME/.$LDAPRC, ./$LDAPRC,
# user files <ldap2pg.yml>...
# variables $LDAP<uppercase option name>.
#
# Extra variable LDAPPASSWORD is supported.
options = gather_options(**kw)
logger.debug("Connecting to LDAP server %s.", options['URI'])
l = ldap_initialize(options['URI'])
if PY2: # pragma: nocover_py3
l = UnicodeModeLDAPObject(l)
l = LDAPLogger(l)
if options.get('USER'):
logger.debug("Trying SASL DIGEST-MD5 auth.")
auth = sasl.sasl({
sasl.CB_AUTHNAME: options['USER'],
sasl.CB_PASS: options['PASSWORD'],
}, 'DIGEST-MD5')
l.sasl_interactive_bind_s("", auth)
else:
logger.debug("Trying simple bind.")
l.simple_bind_s(options['BINDDN'], options['PASSWORD'])
return l
def connect(**kw):
# Sources order, see ldap.conf(3)
# variable $LDAPNOINIT, and if that is not set:
# system file /etc/ldap/ldap.conf, /etc/openldap/ldap.conf
# user files $HOME/ldaprc, $HOME/.ldaprc, ./ldaprc,
# system file $LDAPCONF,
# user files $HOME/$LDAPRC, $HOME/.$LDAPRC, ./$LDAPRC,
# user files <ldap2pg.yml>...
# variables $LDAP<uppercase option name>.
#
# Extra variable LDAPPASSWORD is supported.
options = gather_options(**kw)
logger.info("Connecting to LDAP server %s.", options['URI'])
conn = ldap.initialize(options['URI'])
if PY2: # pragma: nocover_py3
conn = UnicodeModeLDAPObject(conn)
conn = LDAPLogger(conn)
conn.set_option(ldap.OPT_NETWORK_TIMEOUT,
options.get('NETWORK_TIMEOUT', 30))
conn.set_option(ldap.OPT_TIMEOUT, options.get('TIMEOUT', 30))
if options.get('STARTTLS'):
logger.debug("Sending STARTTLS.")
conn.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
conn.start_tls_s()
# Don't follow referrals by default. This is the behaviour of ldapsearch
# and friends. Following referrals leads to strange errors with Active
# directory. REFERRALS can still be activated through ldaprc, env var and
# even YAML. See https://github.com/dalibo/ldap2pg/issues/228 .
conn.set_option(ldap.OPT_REFERRALS, options.get('REFERRALS', False))
if not options.get('SASL_MECH'):
logger.info("Trying simple bind.")
conn.simple_bind_s(options['BINDDN'], options['PASSWORD'])
else:
logger.info("Trying SASL with mechanism %s.", options['SASL_MECH'])
if options.get('BINDDN'):
logger.debug("BINDDN %s is unused with SASL.", options['BINDDN'])
mech = options['SASL_MECH']
if 'DIGEST-MD5' == mech:
auth = sasl.sasl(
{
sasl.CB_AUTHNAME: options['USER'],
sasl.CB_PASS: options['PASSWORD'],
}, mech)
elif 'GSSAPI' == mech:
auth = sasl.gssapi(options.get('SASL_AUTHZID'))
else:
raise UserError("Unmanaged SASL mech %s.", mech)
conn.sasl_interactive_bind_s("", auth)
return conn
def connect(**kw):
# Sources order, see ldap.conf(3)
# variable $LDAPNOINIT, and if that is not set:
# system file /etc/ldap/ldap.conf,
# user files $HOME/ldaprc, $HOME/.ldaprc, ./ldaprc,
# system file $LDAPCONF,
# user files $HOME/$LDAPRC, $HOME/.$LDAPRC, ./$LDAPRC,
# user files <ldap2pg.yml>...
# variables $LDAP<uppercase option name>.
#
# Extra variable LDAPPASSWORD is supported.
options = gather_options(**kw)
logger.debug("Connecting to LDAP server %s.", options['URI'])
conn = ldap.initialize(options['URI'])
if PY2: # pragma: nocover_py3
conn = UnicodeModeLDAPObject(conn)
conn = LDAPLogger(conn)
# Don't follow referrals by default. This is the behaviour of ldapsearch
# and friends. Following referrals leads to strange errors with Active
# directory. REFERRALS can still be activated through ldaprc, env var and
# even YAML. See https://github.com/dalibo/ldap2pg/issues/228 .
conn.set_option(ldap.OPT_REFERRALS, options.get('REFERRALS', False))
if options.get('USER'):
logger.debug("Trying SASL DIGEST-MD5 auth.")
auth = sasl.sasl(
{
sasl.CB_AUTHNAME: options['USER'],
sasl.CB_PASS: options['PASSWORD'],
}, 'DIGEST-MD5')
conn.sasl_interactive_bind_s("", auth)
else:
logger.debug("Trying simple bind.")
conn.simple_bind_s(options['BINDDN'], options['PASSWORD'])
return conn