def __init__(self,
ldap_connection,
base_dn,
attributes=None,
searchfilter='(objectClass=*)',
start_tls=None,
bind_dn='',
bind_pass=''):
"init"
dict.__init__(self)
if hasattr(attributes, 'split'):
attributes = attributes.split(',')
elif hasattr(attributes, '__iter__'):
attributes = list(attributes)
elif attributes is not None:
raise ValueError('The needed LDAP attributes are not valid')
self.conn = make_ldap_connection(ldap_connection)
if start_tls:
try:
self.conn.start_tls_s()
except:
raise ValueError('Cannot upgrade the connection')
self.bind_dn = bind_dn
self.bind_pass = bind_pass
self.base_dn = base_dn
self.attributes = attributes
self.searchfilter = searchfilter
def __init__(self, ldap_connection, base_dn, attributes=None,
searchfilter='(objectClass=*)', start_tls=None,
bind_dn='', bind_pass=''):
"init"
dict.__init__(self)
if hasattr(attributes, 'split'):
attributes = attributes.split(',')
elif hasattr(attributes, '__iter__'):
attributes = list(attributes)
elif attributes is not None:
raise ValueError('The needed LDAP attributes are not valid')
self.conn = make_ldap_connection(ldap_connection)
if start_tls:
try:
self.conn.start_tls_s()
except:
raise ValueError('Cannot upgrade the connection')
self.bind_dn = bind_dn
self.bind_pass = bind_pass
self.base_dn = base_dn
self.attributes = attributes
self.searchfilter = searchfilter
def authenticate(self, environ, identity):
"Authenticate identity"
try:
if check_failed_logins(environ):
raise TypeError
login = identity['login']
username, domain = login.split('@')
ldapsettings = self.dbsession.query(self.ldapsettingsmodel,
self.authsettingsmodel.address,
self.authsettingsmodel.port,
self.authsettingsmodel.split_address,
self.domainmodel.name)\
.join(self.authsettingsmodel)\
.join(self.domainmodel)\
.filter(self.authsettingsmodel.enabled == True)\
.filter(self.domainmodel.status == True)\
.filter(or_(self.domainmodel.name == domain,
func._(and_(\
self.domainmodel.id == self.alias.domain_id,
self.alias.name == domain,
self.alias.status == True)
)
)).all()
(settings,
address,
port,
split_address,
domain_name) = ldapsettings[0]
ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 5)
ldap_uri = make_ldap_uri(address, port)
ldap_connection = make_ldap_connection(ldap_uri)
kwargs = dict(naming_attribute=settings.nameattribute,
returned_id=self.returned_id,
bind_dn=settings.binddn,
bind_pass=settings.bindpw,
start_tls=settings.usetls)
if domain != domain_name:
# override alias domain
domain = domain_name
if settings.usesearch:
ldap_module = 'LDAPSearchAuthenticatorPlugin'
# build_search_filters(kwargs, settings.search_scope,
# settings.searchfilter, domain,
# login, username)
kwargs['search_scope'] = settings.search_scope
if settings.searchfilter != '':
params = []
domaindn = ','.join(['dc=' + part
for part in domain.split('.')])
mapping = {
'%n':login,
'%u':username,
'%d':domain,
'%D': domaindn
}
searchfilter = escape_filter_chars(settings.searchfilter)
for key in ['%n', '%u', '%d', '%D']:
for _ in xrange(searchfilter.count(key)):
searchfilter = searchfilter.replace(key, '%s', 1)
params.append(mapping[key])
searchfilter = filter_format(searchfilter, params)
kwargs['filterstr'] = searchfilter
else:
ldap_module = 'LDAPAuthenticatorPlugin'
if split_address:
identity['login'] = username
else:
# use main domain name not alias reset above
identity['login'] = "******" % (username, domain)
auth = resolveDotted('repoze.who.plugins.ldap:%s' % ldap_module)
ldap_auth = auth(ldap_connection, settings.basedn, **kwargs)
userid = ldap_auth.authenticate(environ, identity)
fulladdr = "%s@%s" % (username, domain)
return userid if userid is None or '@' in userid else fulladdr
except (KeyError, TypeError, ValueError, AttributeError,
NoResultFound, IndexError, ldap.LDAPError):
return None
def test_connection_is_unicode(self):
conn = make_ldap_connection(u'ldap://example.org')
self.assertTrue(isinstance(conn, SimpleLDAPObject))
def test_connection_is_object(self):
conn = fakeldap.FakeLDAPConnection()
self.assertEqual(make_ldap_connection(conn), conn)
def authenticate(self, environ, identity):
"Authenticate identity"
try:
if check_failed_logins(environ):
raise TypeError
login = identity['login']
username, domain = login.split('@')
ldapsettings = self.dbsession.query(self.ldapsettingsmodel,
self.authsettingsmodel.address,
self.authsettingsmodel.port,
self.authsettingsmodel.split_address,
self.domainmodel.name)\
.join(self.authsettingsmodel)\
.join(self.domainmodel)\
.filter(self.authsettingsmodel.enabled == True)\
.filter(self.domainmodel.status == True)\
.filter(or_(self.domainmodel.name == domain,
func._(and_(\
self.domainmodel.id == self.alias.domain_id,
self.alias.name == domain,
self.alias.status == True)
)
)).all()
(settings, address, port, split_address,
domain_name) = ldapsettings[0]
ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 5)
ldap_uri = make_ldap_uri(address, port)
ldap_connection = make_ldap_connection(ldap_uri)
kwargs = dict(naming_attribute=settings.nameattribute,
returned_id=self.returned_id,
bind_dn=settings.binddn,
bind_pass=settings.bindpw,
start_tls=settings.usetls)
if domain != domain_name:
# override alias domain
domain = domain_name
if settings.usesearch:
ldap_module = 'LDAPSearchAuthenticatorPlugin'
# build_search_filters(kwargs, settings.search_scope,
# settings.searchfilter, domain,
# login, username)
kwargs['search_scope'] = settings.search_scope
if settings.searchfilter != '':
params = []
domaindn = ','.join(
['dc=' + part for part in domain.split('.')])
mapping = {
'%n': login,
'%u': username,
'%d': domain,
'%D': domaindn
}
searchfilter = escape_filter_chars(settings.searchfilter)
for key in ['%n', '%u', '%d', '%D']:
for _ in xrange(searchfilter.count(key)):
searchfilter = searchfilter.replace(key, '%s', 1)
params.append(mapping[key])
searchfilter = filter_format(searchfilter, params)
kwargs['filterstr'] = searchfilter
else:
ldap_module = 'LDAPAuthenticatorPlugin'
if split_address:
identity['login'] = username
else:
# use main domain name not alias reset above
identity['login'] = "******" % (username, domain)
auth = resolveDotted('repoze.who.plugins.ldap:%s' % ldap_module)
ldap_auth = auth(ldap_connection, settings.basedn, **kwargs)
userid = ldap_auth.authenticate(environ, identity)
fulladdr = "%s@%s" % (username, domain)
return userid if userid is None or '@' in userid else fulladdr
except (KeyError, TypeError, ValueError, AttributeError, NoResultFound,
IndexError, ldap.LDAPError):
return None
def test_connection_is_unicode(self):
conn = make_ldap_connection(u'ldap://example.org')
self.assertTrue(isinstance(conn, SimpleLDAPObject))
def test_connection_is_object(self):
conn = fakeldap.FakeLDAPConnection()
self.assertEqual(make_ldap_connection(conn), conn)
