def _ldap_search(self, query, attrlist=None, sizelimit=20):
"""
runs any ldap query passed as arg
"""
import ldap
from ldap.sasl import gssapi
conn = ldap.initialize(self._conf['ldap_uri'])
try:
if self._conf['ldap_gssapi']:
token = gssapi()
conn.sasl_interactive_bind_s('', token)
else:
conn.simple_bind_s(
self._conf['ldap_binddn'], self._conf['ldap_bindpw'])
result = conn.search_ext_s(
self._conf['ldap_basedn'],
ldap.SCOPE_SUBTREE,
filterstr=query,
attrlist=attrlist,
timeout=self._conf['ldap_timeout'],
sizelimit=sizelimit)
except ldap.LDAPError as e:
print('LDAP Error: %s' % str(e))
return []
finally:
conn.unbind_s()
return result
def connect(self):
if self.connection is not None:
raise RuntimeError('already connected to the LDAP server')
protocol = 'ldap'
if self.config.getboolean('connection', 'ssl'):
protocol = 'ldaps'
url = '{0}://{1}:{2}'.format(protocol,
self.config.get('connection', 'server'),
self.config.get('connection', 'port'))
LOG.info(u'connect to LDAP server at {0}'.format(url))
self.connection = _ldap.initialize(url)
if (self.config.getboolean('connection', 'starttls')
and protocol == 'ldap'):
self.connection.start_tls_s()
if self.config.getboolean('auth', 'gssapi'):
sasl = _ldap_sasl.gssapi()
self.connection.sasl_interactive_bind_s('', sasl)
else:
user = self.config.get('auth', 'user')
if self.config.getboolean('auth', 'keyring'):
import keyring
password = keyring.get_password('mutt-ldap', user)
else:
password = self.config.get('auth', 'password')
self.connection.bind(user, password, _ldap.AUTH_SIMPLE)
def connect(self):
if self.connection is not None:
raise RuntimeError("already connected to the LDAP server")
protocol = "ldap"
if self.config.getboolean("connection", "ssl"):
protocol = "ldaps"
url = "{0}://{1}:{2}".format(
protocol, self.config.get("connection", "server"), self.config.get("connection", "port")
)
LOG.info(u"connect to LDAP server at {0}".format(url))
self.connection = _ldap.initialize(url)
if self.config.getboolean("connection", "starttls") and protocol == "ldap":
self.connection.start_tls_s()
if self.config.getboolean("auth", "gssapi"):
sasl = _ldap_sasl.gssapi()
self.connection.sasl_interactive_bind_s("", sasl)
else:
user = self.config.get("auth", "user")
if self.config.getboolean("auth", "keyring"):
import keyring
password = keyring.get_password("mutt-ldap", user)
else:
password = self.config.get("auth", "password")
self.connection.bind(user, password, _ldap.AUTH_SIMPLE)
def _ldap_search(self, query, attrlist=None, sizelimit=20):
"""
runs any ldap query passed as arg
"""
import ldap
from ldap.sasl import gssapi
conn = ldap.initialize(self.ldap_uri)
try:
if self.ldap_gssapi:
token = gssapi()
conn.sasl_interactive_bind_s('', token)
else:
conn.simple_bind_s(
self.ldap_binddn, self.ldap_bindpw)
result = conn.search_ext_s(
self.ldap_basedn,
ldap.SCOPE_SUBTREE,
filterstr=query,
attrlist=attrlist,
timeout=self.ldap_timeout,
sizelimit=sizelimit)
except ldap.LDAPError as e:
print('LDAP Error: %s' % str(e))
return []
finally:
conn.unbind_s()
return result
def __init__(self,
user,
password,
host='ldaps://ldap.csh.rit.edu:636',
base='ou=Users,dc=csh,dc=rit,dc=edu',
bind='ou=Apps,dc=csh,dc=rit,dc=edu',
app=False,
objects=False):
self.host = host
self.base = base
self.users = 'ou=Users,dc=csh,dc=rit,dc=edu'
self.groups = 'ou=Groups,dc=csh,dc=rit,dc=edu'
self.committees = 'ou=Committees,dc=csh,dc=rit,dc=edu'
self.ldap = pyldap.initialize(host)
self.ldap.set_option(pyldap.OPT_X_TLS_DEMAND, True)
self.ldap.set_option(pyldap.OPT_DEBUG_LEVEL, 255)
self.objects = objects
if app:
self.ldap.simple_bind('uid=' + user + ',' + base, password)
# self.ldap.simple_bind('uid='+user+','+bind, password)
else:
try:
auth = sasl.gssapi("")
self.ldap.sasl_interactive_bind_s("", auth)
self.ldap.set_option(pyldap.OPT_DEBUG_LEVEL, 0)
except pyldap.LDAPError, e:
print 'Are you sure you\'ve run kinit?'
print e
def connect(self):
if self.connection is not None:
raise RuntimeError('already connected to the LDAP server')
protocol = 'ldap'
if self.config.getboolean('connection', 'ssl'):
protocol = 'ldaps'
url = '{0}://{1}:{2}'.format(
protocol,
self.config.get('connection', 'server'),
self.config.get('connection', 'port'))
LOG.info(u'connect to LDAP server at {0}'.format(url))
self.connection = _ldap.initialize(url)
if (self.config.getboolean('connection', 'starttls') and
protocol == 'ldap'):
self.connection.start_tls_s()
if self.config.getboolean('auth', 'gssapi'):
sasl = _ldap_sasl.gssapi()
self.connection.sasl_interactive_bind_s('', sasl)
else:
password = self.config.get('auth', 'password')
if not password:
passwordeval = self.config.get('auth', 'passwordeval')
if passwordeval:
password = subprocess.check_output(
passwordeval, shell=True).strip()
self.connection.bind(
self.config.get('auth', 'user'),
password,
_ldap.AUTH_SIMPLE)
def bind_sasl(self):
mech = self._config(self.CFG_SASLMECH).upper()
if 'EXTERNAL' in mech:
self.sasl_interactive_bind_s('', sasl.external())
if 'GSSAPI' in mech:
self.sasl_interactive_bind_s('', sasl.gssapi())
def bind_sasl(self):
mech = self._config(self.CFG_SASLMECH).upper()
if 'EXTERNAL' in mech:
self.sasl_interactive_bind_s('', sasl.external())
if 'GSSAPI' in mech:
self.sasl_interactive_bind_s('', sasl.gssapi())
def connect(**kw):
# Sources order, see ldap.conf(3)
# variable $LDAPNOINIT, and if that is not set:
# system file /etc/ldap/ldap.conf, /etc/openldap/ldap.conf
# user files $HOME/ldaprc, $HOME/.ldaprc, ./ldaprc,
# system file $LDAPCONF,
# user files $HOME/$LDAPRC, $HOME/.$LDAPRC, ./$LDAPRC,
# user files <ldap2pg.yml>...
# variables $LDAP<uppercase option name>.
#
# Extra variable LDAPPASSWORD is supported.
options = gather_options(**kw)
logger.info("Connecting to LDAP server %s.", options['URI'])
conn = ldap.initialize(options['URI'])
if PY2: # pragma: nocover_py3
conn = UnicodeModeLDAPObject(conn)
conn = LDAPLogger(conn)
conn.set_option(ldap.OPT_NETWORK_TIMEOUT,
options.get('NETWORK_TIMEOUT', 30))
conn.set_option(ldap.OPT_TIMEOUT, options.get('TIMEOUT', 30))
if options.get('STARTTLS'):
logger.debug("Sending STARTTLS.")
conn.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
conn.start_tls_s()
# Don't follow referrals by default. This is the behaviour of ldapsearch
# and friends. Following referrals leads to strange errors with Active
# directory. REFERRALS can still be activated through ldaprc, env var and
# even YAML. See https://github.com/dalibo/ldap2pg/issues/228 .
conn.set_option(ldap.OPT_REFERRALS, options.get('REFERRALS', False))
if not options.get('SASL_MECH'):
logger.info("Trying simple bind.")
conn.simple_bind_s(options['BINDDN'], options['PASSWORD'])
else:
logger.info("Trying SASL with mechanism %s.", options['SASL_MECH'])
if options.get('BINDDN'):
logger.debug("BINDDN %s is unused with SASL.", options['BINDDN'])
mech = options['SASL_MECH']
if 'DIGEST-MD5' == mech:
auth = sasl.sasl(
{
sasl.CB_AUTHNAME: options['USER'],
sasl.CB_PASS: options['PASSWORD'],
}, mech)
elif 'GSSAPI' == mech:
auth = sasl.gssapi(options.get('SASL_AUTHZID'))
else:
raise UserError("Unmanaged SASL mech %s.", mech)
conn.sasl_interactive_bind_s("", auth)
return conn
def __init__(self, user, password, host='ldaps://ldap.csh.rit.edu:636', \
base='ou=Users,dc=csh,dc=rit,dc=edu', bind='ou=Apps,dc=csh,dc=rit,dc=edu', app = False):
self.host = host
self.base = base
if not app:
try:
self.ldap = pyldap.initialize(host)
auth = sasl.gssapi("")
self.ldap.sasl_interactive_bind_s("", auth)
self.ldap.set_option(pyldap.OPT_DEBUG_LEVEL,0)
except pyldap.LDAPError, e:
print 'Are you sure you\'ve run kinit?'
print e
def __init__(self, user, password, host='ldaps://ldap.csh.rit.edu:636', \
base='ou=Users,dc=csh,dc=rit,dc=edu', bind='ou=Apps,dc=csh,dc=rit,dc=edu', app = False):
self.host = host
self.base = base
self.users = 'ou=Users,dc=csh,dc=rit,dc=edu'
self.groups = 'ou=Groups,dc=csh,dc=rit,dc=edu'
self.committees = 'ou=Committees,dc=csh,dc=rit,dc=edu'
self.ldap = pyldap.initialize(host)
if app:
self.ldap.simple_bind('cn='+user+','+bind, password)
else:
try:
auth = sasl.gssapi("")
self.ldap.sasl_interactive_bind_s("", auth)
self.ldap.set_option(pyldap.OPT_DEBUG_LEVEL,0)
except pyldap.LDAPError, e:
print 'Are you sure you\'ve run kinit?'
print e
def get_conn(self):
conn = self.conn
if conn is None:
import ldap; from ldap import sasl
conn = ldap.initialize(self.ldapuri)
conn.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3)
if self.simpleauth:
conn.simple_bind_s(self.binddn, self.credentials)
else:
saslmech = self.saslmech.lower()
if saslmech == 'cram-md5':
auth = sasl.cram_md5(self.authcid, self.credentials, self.authzid)
elif saslmech == 'digest-md5':
auth = sasl.digest_md5(self.authcid, self.credentials, self.authzid)
elif saslmech == 'gssapi':
auth = sasl.gssapi(self.authzid)
elif saslmech == 'external':
auth = sasl.external(self.authzid)
conn.sasl_interactive_bind_s('', auth)
self.conn = conn
return conn
def connect(self):
if self.connection is not None:
raise RuntimeError('already connected to the LDAP server')
protocol = 'ldap'
if self.config.getboolean('connection', 'ssl'):
protocol = 'ldaps'
url = '{0}://{1}:{2}'.format(protocol,
self.config.get('connection', 'server'),
self.config.get('connection', 'port'))
LOG.info(u'connect to LDAP server at {0}'.format(url))
self.connection = _ldap.initialize(url)
self.connection.set_option(_ldap.OPT_REFERRALS, 0)
if (self.config.getboolean('connection', 'starttls')
and protocol == 'ldap'):
self.connection.start_tls_s()
if self.config.getboolean('auth', 'gssapi'):
sasl = _ldap_sasl.gssapi()
self.connection.sasl_interactive_bind_s('', sasl)
else:
self.connection.bind_s(self.config.get('auth', 'user'),
self.config.get('auth', 'password'),
_ldap.AUTH_SIMPLE)
def connect(self):
if self.connection is not None:
raise RuntimeError('already connected to the LDAP server')
protocol = 'ldap'
if self.config.getboolean('connection', 'ssl'):
protocol = 'ldaps'
url = '{0}://{1}:{2}'.format(
protocol,
self.config.get('connection', 'server'),
self.config.get('connection', 'port'))
LOG.info(u'connect to LDAP server at {0}'.format(url))
self.connection = _ldap.initialize(url)
if (self.config.getboolean('connection', 'starttls') and
protocol == 'ldap'):
self.connection.start_tls_s()
if self.config.getboolean('auth', 'gssapi'):
sasl = _ldap_sasl.gssapi()
self.connection.sasl_interactive_bind_s('', sasl)
else:
self.connection.bind(
self.config.get_username(),
self.config.get_password(),
_ldap.AUTH_SIMPLE)
def get_conn(self):
conn = self.conn
if conn is None:
import ldap
from ldap import sasl
conn = ldap.initialize(self.ldapuri)
conn.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3)
if self.simpleauth:
conn.simple_bind_s(self.binddn, self.credentials)
else:
saslmech = self.saslmech.lower()
if saslmech == 'cram-md5':
auth = sasl.cram_md5(self.authcid, self.credentials,
self.authzid)
elif saslmech == 'digest-md5':
auth = sasl.digest_md5(self.authcid, self.credentials,
self.authzid)
elif saslmech == 'gssapi':
auth = sasl.gssapi(self.authzid)
elif saslmech == 'external':
auth = sasl.external(self.authzid)
conn.sasl_interactive_bind_s('', auth)
self.conn = conn
return conn