def _search(cls, users, attr_idx):
"""Search LDAP directory for the indexed attr for users.
Attr index can be UID_IDX, CN_IDX or MAIL_IDX.
Return a list containing the results.
"""
conf = ResourceLocator.default().get_conf()
uri = conf.get_value(["rosa-ldap", "uri"])
binddn = conf.get_value(["rosa-ldap", "binddn"])
passwd = ""
passwd_file = conf.get_value(["rosa-ldap", "password-file"],
cls.PASSWD_FILE)
if passwd_file:
passwd = open(os.path.expanduser(passwd_file)).read().strip()
basedn = conf.get_value(["rosa-ldap", "basedn"], "")
filter_str = "(|(uid=" + ")(uid=".join(users) + "))"
filter_more_str = conf.get_value(["rosa-ldap", "filter-more"], "")
if filter_more_str:
filter_str = "(&" + filter_str + filter_more_str + ")"
user_attr_str = conf.get_value(["rosa-ldap", "attrs"], cls.USER_ATTRS)
attr = user_attr_str.split()[attr_idx]
tls_ca_file = conf.get_value(["rosa-ldap", "tls-ca-file"])
if tls_ca_file:
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, tls_ca_file)
conn = ldap.initialize(uri)
conn.bind_s(binddn, passwd)
results = conn.search_s(basedn, ldap.SCOPE_SUBTREE, filter_str, [attr])
conn.unbind()
return [result[1][attr][0] for result in results]
def __init__(self, host='localhost', port="389", base_dn="",
bind_dn_username="", bind_dn_password="",
require_group=None, ssl=False):
"""Contruct the connection.
Assumes plaintext LDAP.
Args:
host -- hostname or IP of the LDAP server
port -- Port to connect to for LDAP auth
base_dn -- The base DN to start searching for users
bind_dn_username -- username to user for binding to LDAP
bind_dn_password -- bind_dn_username's password
require_group -- User must be a member of this group to login
ssl -- connect using SSL or not
"""
self.error = ""
self.host = host
self.base_dn = base_dn
self.bind_dn = bind_dn_username
self.bind_pw = bind_dn_password
self.require_group = require_group
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, False)
ldap.set_option(ldap.OPT_REFERRALS, 0)
self.authenticated_user = None
self.authenticated_dn = None
self.authsource = "Active Directory on {}".format(base_dn)
self.ldap_url = ''.join([
(ssl and "ldaps://") or "ldap://",
self.host,
(port and ":{}".format(port)) or ''
])
# attempt to connect and bind to the server
try:
self.con = ldap.initialize(self.ldap_url)
if ssl:
self.con.start_tls_s()
self.con.simple_bind_s(self.bind_dn, self.bind_pw)
except ldap.INVALID_CREDENTIALS:
self.error = "Could not bind to server {}.".format(self.host)
if self.bind_dn is not None:
self.error += "as " + self.bind_dn
self.con = False
except ldap.SERVER_DOWN:
self.error = "Could not make connection to {}.".format(self.host)
def __init__(self, host='localhost',
port="389", bind_dn="",
bind_pw="", require_group=None,
ssl=False):
"""Contruct an eDirectory connection object.
Assumes plaintext LDAP.
Args:
host -- The hostname or IP of the directory server
port -- The port number to connect to
bind_dn -- A DN (username) to bind to the directory as
bind_pw -- The bind_dn's password
require_group -- Require membership in this group for login
ssl -- Connect using SSL or not
"""
self.error = ""
self.host = host
self.bind_dn = bind_dn
self.bind_pw = bind_pw
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, False)
self.authenticated_user = None
self.authenticated_dn = None
self.authsource = "Novell eDirectory on " + host
self.require_group = require_group
self.ldap_url = ''.join([
(ssl and "ldaps://") or "ldap://",
self.host,
(port and ":{}".format(port)) or ''
])
# attempt to connect to the server
try:
self.con = ldap.initialize(self.ldap_url)
if ssl:
self.con.start_tls_s()
self.con.simple_bind_s(self.bind_dn, self.bind_pw)
except ldap.INVALID_CREDENTIALS:
self.error = "Could not bind to server {}.".format(self.host)
if self.bind_dn is not None:
self.error += "as %s" % self.bind_dn
self.con = False
except ldap.SERVER_DOWN:
self.error = "Could not make connection to {}.".format(self.host)
