Ejemplo n.º 1
0
    def _ldap_search(self, query, attrlist=None, sizelimit=20):
        """
        runs any ldap query passed as arg
        """
        import ldap
        from ldap.sasl import gssapi
        conn = ldap.initialize(self._conf['ldap_uri'])

        try:
            if self._conf['ldap_gssapi']:
                token = gssapi()
                conn.sasl_interactive_bind_s('', token)
            else:
                conn.simple_bind_s(
                    self._conf['ldap_binddn'], self._conf['ldap_bindpw'])

            result = conn.search_ext_s(
                self._conf['ldap_basedn'],
                ldap.SCOPE_SUBTREE,
                filterstr=query,
                attrlist=attrlist,
                timeout=self._conf['ldap_timeout'],
                sizelimit=sizelimit)
        except ldap.LDAPError as e:
            print('LDAP Error: %s' % str(e))
            return []
        finally:
            conn.unbind_s()

        return result
Ejemplo n.º 2
0
    def connect(self):
        if self.connection is not None:
            raise RuntimeError('already connected to the LDAP server')
        protocol = 'ldap'
        if self.config.getboolean('connection', 'ssl'):
            protocol = 'ldaps'
        url = '{0}://{1}:{2}'.format(protocol,
                                     self.config.get('connection', 'server'),
                                     self.config.get('connection', 'port'))
        LOG.info(u'connect to LDAP server at {0}'.format(url))
        self.connection = _ldap.initialize(url)
        if (self.config.getboolean('connection', 'starttls')
                and protocol == 'ldap'):
            self.connection.start_tls_s()
        if self.config.getboolean('auth', 'gssapi'):
            sasl = _ldap_sasl.gssapi()
            self.connection.sasl_interactive_bind_s('', sasl)
        else:
            user = self.config.get('auth', 'user')

            if self.config.getboolean('auth', 'keyring'):
                import keyring
                password = keyring.get_password('mutt-ldap', user)
            else:
                password = self.config.get('auth', 'password')

            self.connection.bind(user, password, _ldap.AUTH_SIMPLE)
Ejemplo n.º 3
0
    def connect(self):
        if self.connection is not None:
            raise RuntimeError("already connected to the LDAP server")
        protocol = "ldap"
        if self.config.getboolean("connection", "ssl"):
            protocol = "ldaps"
        url = "{0}://{1}:{2}".format(
            protocol, self.config.get("connection", "server"), self.config.get("connection", "port")
        )
        LOG.info(u"connect to LDAP server at {0}".format(url))
        self.connection = _ldap.initialize(url)
        if self.config.getboolean("connection", "starttls") and protocol == "ldap":
            self.connection.start_tls_s()
        if self.config.getboolean("auth", "gssapi"):
            sasl = _ldap_sasl.gssapi()
            self.connection.sasl_interactive_bind_s("", sasl)
        else:
            user = self.config.get("auth", "user")

            if self.config.getboolean("auth", "keyring"):
                import keyring

                password = keyring.get_password("mutt-ldap", user)
            else:
                password = self.config.get("auth", "password")

            self.connection.bind(user, password, _ldap.AUTH_SIMPLE)
Ejemplo n.º 4
0
    def _ldap_search(self, query, attrlist=None, sizelimit=20):
        """
        runs any ldap query passed as arg
        """
        import ldap
        from ldap.sasl import gssapi
        conn = ldap.initialize(self.ldap_uri)

        try:
            if self.ldap_gssapi:
                token = gssapi()
                conn.sasl_interactive_bind_s('', token)
            else:
                conn.simple_bind_s(
                    self.ldap_binddn, self.ldap_bindpw)

            result = conn.search_ext_s(
                self.ldap_basedn,
                ldap.SCOPE_SUBTREE,
                filterstr=query,
                attrlist=attrlist,
                timeout=self.ldap_timeout,
                sizelimit=sizelimit)
        except ldap.LDAPError as e:
            print('LDAP Error: %s' % str(e))
            return []
        finally:
            conn.unbind_s()

        return result
Ejemplo n.º 5
0
    def __init__(self,
                 user,
                 password,
                 host='ldaps://ldap.csh.rit.edu:636',
                 base='ou=Users,dc=csh,dc=rit,dc=edu',
                 bind='ou=Apps,dc=csh,dc=rit,dc=edu',
                 app=False,
                 objects=False):
        self.host = host
        self.base = base
        self.users = 'ou=Users,dc=csh,dc=rit,dc=edu'
        self.groups = 'ou=Groups,dc=csh,dc=rit,dc=edu'
        self.committees = 'ou=Committees,dc=csh,dc=rit,dc=edu'
        self.ldap = pyldap.initialize(host)
        self.ldap.set_option(pyldap.OPT_X_TLS_DEMAND, True)
        self.ldap.set_option(pyldap.OPT_DEBUG_LEVEL, 255)
        self.objects = objects

        if app:
            self.ldap.simple_bind('uid=' + user + ',' + base, password)
            # self.ldap.simple_bind('uid='+user+','+bind, password)
        else:
            try:
                auth = sasl.gssapi("")

                self.ldap.sasl_interactive_bind_s("", auth)
                self.ldap.set_option(pyldap.OPT_DEBUG_LEVEL, 0)
            except pyldap.LDAPError, e:
                print 'Are you sure you\'ve run kinit?'
                print e
Ejemplo n.º 6
0
 def connect(self):
     if self.connection is not None:
         raise RuntimeError('already connected to the LDAP server')
     protocol = 'ldap'
     if self.config.getboolean('connection', 'ssl'):
         protocol = 'ldaps'
     url = '{0}://{1}:{2}'.format(
         protocol,
         self.config.get('connection', 'server'),
         self.config.get('connection', 'port'))
     LOG.info(u'connect to LDAP server at {0}'.format(url))
     self.connection = _ldap.initialize(url)
     if (self.config.getboolean('connection', 'starttls') and
             protocol == 'ldap'):
         self.connection.start_tls_s()
     if self.config.getboolean('auth', 'gssapi'):
         sasl = _ldap_sasl.gssapi()
         self.connection.sasl_interactive_bind_s('', sasl)
     else:
         password = self.config.get('auth', 'password')
         if not password:
             passwordeval =  self.config.get('auth', 'passwordeval')
             if passwordeval:
                 password = subprocess.check_output(
                     passwordeval, shell=True).strip()
         self.connection.bind(
             self.config.get('auth', 'user'),
             password,
             _ldap.AUTH_SIMPLE)
Ejemplo n.º 7
0
    def bind_sasl(self): 

        mech = self._config(self.CFG_SASLMECH).upper()

        if 'EXTERNAL' in mech:
            self.sasl_interactive_bind_s('', sasl.external())

        if 'GSSAPI' in mech:
            self.sasl_interactive_bind_s('', sasl.gssapi())
Ejemplo n.º 8
0
    def bind_sasl(self):

        mech = self._config(self.CFG_SASLMECH).upper()

        if 'EXTERNAL' in mech:
            self.sasl_interactive_bind_s('', sasl.external())

        if 'GSSAPI' in mech:
            self.sasl_interactive_bind_s('', sasl.gssapi())
Ejemplo n.º 9
0
def connect(**kw):
    # Sources order, see ldap.conf(3)
    #   variable     $LDAPNOINIT, and if that is not set:
    #   system file  /etc/ldap/ldap.conf, /etc/openldap/ldap.conf
    #   user files   $HOME/ldaprc,  $HOME/.ldaprc,  ./ldaprc,
    #   system file  $LDAPCONF,
    #   user files   $HOME/$LDAPRC, $HOME/.$LDAPRC, ./$LDAPRC,
    #   user files   <ldap2pg.yml>...
    #   variables    $LDAP<uppercase option name>.
    #
    # Extra variable LDAPPASSWORD is supported.

    options = gather_options(**kw)
    logger.info("Connecting to LDAP server %s.", options['URI'])
    conn = ldap.initialize(options['URI'])
    if PY2:  # pragma: nocover_py3
        conn = UnicodeModeLDAPObject(conn)

    conn = LDAPLogger(conn)
    conn.set_option(ldap.OPT_NETWORK_TIMEOUT,
                    options.get('NETWORK_TIMEOUT', 30))
    conn.set_option(ldap.OPT_TIMEOUT, options.get('TIMEOUT', 30))

    if options.get('STARTTLS'):
        logger.debug("Sending STARTTLS.")
        conn.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
        conn.start_tls_s()

    # Don't follow referrals by default. This is the behaviour of ldapsearch
    # and friends. Following referrals leads to strange errors with Active
    # directory. REFERRALS can still be activated through ldaprc, env var and
    # even YAML. See https://github.com/dalibo/ldap2pg/issues/228 .
    conn.set_option(ldap.OPT_REFERRALS, options.get('REFERRALS', False))

    if not options.get('SASL_MECH'):
        logger.info("Trying simple bind.")
        conn.simple_bind_s(options['BINDDN'], options['PASSWORD'])
    else:
        logger.info("Trying SASL with mechanism %s.", options['SASL_MECH'])
        if options.get('BINDDN'):
            logger.debug("BINDDN %s is unused with SASL.", options['BINDDN'])
        mech = options['SASL_MECH']
        if 'DIGEST-MD5' == mech:
            auth = sasl.sasl(
                {
                    sasl.CB_AUTHNAME: options['USER'],
                    sasl.CB_PASS: options['PASSWORD'],
                }, mech)
        elif 'GSSAPI' == mech:
            auth = sasl.gssapi(options.get('SASL_AUTHZID'))
        else:
            raise UserError("Unmanaged SASL mech %s.", mech)

        conn.sasl_interactive_bind_s("", auth)

    return conn
Ejemplo n.º 10
0
 def __init__(self, user, password, host='ldaps://ldap.csh.rit.edu:636', \
         base='ou=Users,dc=csh,dc=rit,dc=edu', bind='ou=Apps,dc=csh,dc=rit,dc=edu', app = False):
     self.host = host
     self.base = base        
     if not app:
         try:
             self.ldap = pyldap.initialize(host)
             auth = sasl.gssapi("")
         	self.ldap.sasl_interactive_bind_s("", auth)
         	self.ldap.set_option(pyldap.OPT_DEBUG_LEVEL,0)
         except pyldap.LDAPError, e:
         	print 'Are you sure you\'ve run kinit?'
         	print e
Ejemplo n.º 11
0
    def __init__(self, user, password, host='ldaps://ldap.csh.rit.edu:636', \
            base='ou=Users,dc=csh,dc=rit,dc=edu', bind='ou=Apps,dc=csh,dc=rit,dc=edu', app = False):
        self.host = host
        self.base = base
        self.users = 'ou=Users,dc=csh,dc=rit,dc=edu'
        self.groups = 'ou=Groups,dc=csh,dc=rit,dc=edu'
        self.committees = 'ou=Committees,dc=csh,dc=rit,dc=edu'
        self.ldap = pyldap.initialize(host)

        if app:
            self.ldap.simple_bind('cn='+user+','+bind, password)
        else:
            try:
                auth = sasl.gssapi("")
            	
                self.ldap.sasl_interactive_bind_s("", auth)
            	self.ldap.set_option(pyldap.OPT_DEBUG_LEVEL,0)
            except pyldap.LDAPError, e:
            	print 'Are you sure you\'ve run kinit?'
            	print e
Ejemplo n.º 12
0
 def get_conn(self):
     conn = self.conn
     if conn is None:
         import ldap; from ldap import sasl
         conn = ldap.initialize(self.ldapuri)
         conn.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3)
         if self.simpleauth:
             conn.simple_bind_s(self.binddn, self.credentials)
         else:
             saslmech = self.saslmech.lower()
             if saslmech == 'cram-md5':
                 auth = sasl.cram_md5(self.authcid, self.credentials, self.authzid)
             elif saslmech == 'digest-md5':
                 auth = sasl.digest_md5(self.authcid, self.credentials, self.authzid)
             elif saslmech == 'gssapi':
                 auth = sasl.gssapi(self.authzid)
             elif saslmech == 'external':
                 auth = sasl.external(self.authzid)
             conn.sasl_interactive_bind_s('', auth)
         self.conn = conn
     return conn
Ejemplo n.º 13
0
 def connect(self):
     if self.connection is not None:
         raise RuntimeError('already connected to the LDAP server')
     protocol = 'ldap'
     if self.config.getboolean('connection', 'ssl'):
         protocol = 'ldaps'
     url = '{0}://{1}:{2}'.format(protocol,
                                  self.config.get('connection', 'server'),
                                  self.config.get('connection', 'port'))
     LOG.info(u'connect to LDAP server at {0}'.format(url))
     self.connection = _ldap.initialize(url)
     self.connection.set_option(_ldap.OPT_REFERRALS, 0)
     if (self.config.getboolean('connection', 'starttls')
             and protocol == 'ldap'):
         self.connection.start_tls_s()
     if self.config.getboolean('auth', 'gssapi'):
         sasl = _ldap_sasl.gssapi()
         self.connection.sasl_interactive_bind_s('', sasl)
     else:
         self.connection.bind_s(self.config.get('auth', 'user'),
                                self.config.get('auth', 'password'),
                                _ldap.AUTH_SIMPLE)
Ejemplo n.º 14
0
 def connect(self):
     if self.connection is not None:
         raise RuntimeError('already connected to the LDAP server')
     protocol = 'ldap'
     if self.config.getboolean('connection', 'ssl'):
         protocol = 'ldaps'
     url = '{0}://{1}:{2}'.format(
         protocol,
         self.config.get('connection', 'server'),
         self.config.get('connection', 'port'))
     LOG.info(u'connect to LDAP server at {0}'.format(url))
     self.connection = _ldap.initialize(url)
     if (self.config.getboolean('connection', 'starttls') and
             protocol == 'ldap'):
         self.connection.start_tls_s()
     if self.config.getboolean('auth', 'gssapi'):
         sasl = _ldap_sasl.gssapi()
         self.connection.sasl_interactive_bind_s('', sasl)
     else:
         self.connection.bind(
             self.config.get_username(),
             self.config.get_password(),
             _ldap.AUTH_SIMPLE)
Ejemplo n.º 15
0
 def get_conn(self):
     conn = self.conn
     if conn is None:
         import ldap
         from ldap import sasl
         conn = ldap.initialize(self.ldapuri)
         conn.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3)
         if self.simpleauth:
             conn.simple_bind_s(self.binddn, self.credentials)
         else:
             saslmech = self.saslmech.lower()
             if saslmech == 'cram-md5':
                 auth = sasl.cram_md5(self.authcid, self.credentials,
                                      self.authzid)
             elif saslmech == 'digest-md5':
                 auth = sasl.digest_md5(self.authcid, self.credentials,
                                        self.authzid)
             elif saslmech == 'gssapi':
                 auth = sasl.gssapi(self.authzid)
             elif saslmech == 'external':
                 auth = sasl.external(self.authzid)
             conn.sasl_interactive_bind_s('', auth)
         self.conn = conn
     return conn