def _find_ldap_user(login):
"""Find the LDAP user identified by 'login' in the configured ldap database
@param login: The login to find in the LDAP database
@return: None if no user is found, a dictionary defining 'cn', 'username', 'fullname' and 'email otherwise.
"""
cnx = ldap.initialize(config['ckanext.ldap.uri'], bytes_mode=False,
trace_level=config['ckanext.ldap.trace_level'])
if config.get('ckanext.ldap.auth.dn'):
try:
if config['ckanext.ldap.auth.method'] == 'SIMPLE':
cnx.bind_s(config['ckanext.ldap.auth.dn'], config['ckanext.ldap.auth.password'])
elif config['ckanext.ldap.auth.method'] == 'SASL':
if config['ckanext.ldap.auth.mechanism'] == 'DIGEST-MD5':
auth_tokens = ldap.sasl.digest_md5(config['ckanext.ldap.auth.dn'], config['ckanext.ldap.auth.password'])
cnx.sasl_interactive_bind_s("", auth_tokens)
else:
log.error("SASL mechanism not supported: {0}".format(config['ckanext.ldap.auth.mechanism']))
return None
else:
log.error("LDAP authentication method is not supported: {0}".format(config['ckanext.ldap.auth.method']))
return None
except ldap.SERVER_DOWN:
log.error('LDAP server is not reachable')
return None
except ldap.INVALID_CREDENTIALS:
log.error('LDAP server credentials (ckanext.ldap.auth.dn and ckanext.ldap.auth.password) invalid')
return None
except ldap.LDAPError, e:
log.error("Fatal LDAP Error: {0}".format(e))
return None
def _find_ldap_user(login):
"""Find the LDAP user identified by 'login' in the configured ldap database
@param login: The login to find in the LDAP database
@return: None if no user is found, a dictionary defining 'cn', 'username', 'fullname' and 'email otherwise.
"""
cnx = ldap.initialize(config['ckanext.ldap.uri'], bytes_mode=False,
trace_level=config['ckanext.ldap.trace_level'])
if config.get('ckanext.ldap.auth.dn'):
try:
if config['ckanext.ldap.auth.method'] == 'SIMPLE':
cnx.bind_s(config['ckanext.ldap.auth.dn'], config['ckanext.ldap.auth.password'])
elif config['ckanext.ldap.auth.method'] == 'SASL':
if config['ckanext.ldap.auth.mechanism'] == 'DIGEST-MD5':
auth_tokens = ldap.sasl.digest_md5(config['ckanext.ldap.auth.dn'], config['ckanext.ldap.auth.password'])
cnx.sasl_interactive_bind_s("", auth_tokens)
else:
log.error("SASL mechanism not supported: {0}".format(config['ckanext.ldap.auth.mechanism']))
return None
else:
log.error("LDAP authentication method is not supported: {0}".format(config['ckanext.ldap.auth.method']))
return None
except ldap.SERVER_DOWN:
log.error('LDAP server is not reachable')
return None
except ldap.INVALID_CREDENTIALS:
log.error('LDAP server credentials (ckanext.ldap.auth.dn and ckanext.ldap.auth.password) invalid')
return None
except ldap.LDAPError, e:
log.error("Fatal LDAP Error: {0}".format(e))
return None
def _find_ldap_user(login):
"""Find the LDAP user identified by 'login' in the configured ldap database
@param login: The login to find in the LDAP database
@return: None if no user is found, a dictionary defining 'cn', 'username', 'fullname' and 'email otherwise.
"""
cnx = ldap.initialize(config['ckanext.ldap.uri'])
if config.get('ckanext.ldap.auth.dn'):
try:
cnx.bind_s(config['ckanext.ldap.auth.dn'], config['ckanext.ldap.auth.password'])
except ldap.SERVER_DOWN:
log.error('LDAP server is not reachable')
return None
except ldap.INVALID_CREDENTIALS:
log.error('LDAP server credentials (ckanext.ldap.auth.dn and ckanext.ldap.auth.password) invalid')
return None
filter_str = config['ckanext.ldap.search.filter'].format(login=ldap.filter.escape_filter_chars(login))
attributes = [config['ckanext.ldap.username']]
if 'ckanext.ldap.fullname' in config:
attributes.append(config['ckanext.ldap.fullname'])
if 'ckanext.ldap.email' in config:
attributes.append(config['ckanext.ldap.email'])
try:
ret = _ldap_search(cnx, filter_str, attributes, non_unique='log')
if ret is None and 'ckanext.ldap.search.alt' in config:
filter_str = config['ckanext.ldap.search.alt'].format(login=ldap.filter.escape_filter_chars(login))
ret = _ldap_search(cnx, filter_str, attributes, non_unique='raise')
finally:
cnx.unbind()
return ret
def _find_ldap_user(login):
"""Find the LDAP user identified by 'login' in the configured ldap database
@param login: The login to find in the LDAP database
@return: None if no user is found, a dictionary defining 'cn', 'username', 'fullname' and 'email otherwise.
"""
cnx = ldap.initialize(config['ckanext.ldap.uri'])
if config.get('ckanext.ldap.auth.dn'):
try:
cnx.bind_s(config['ckanext.ldap.auth.dn'],
config['ckanext.ldap.auth.password'])
except ldap.SERVER_DOWN:
log.error('LDAP server is not reachable')
return None
except ldap.INVALID_CREDENTIALS:
log.error(
'LDAP server credentials (ckanext.ldap.auth.dn and ckanext.ldap.auth.password) invalid'
)
return None
filter_str = config['ckanext.ldap.search.filter'].format(
login=ldap.filter.escape_filter_chars(login))
attributes = [config['ckanext.ldap.username']]
if 'ckanext.ldap.fullname' in config:
attributes.append(config['ckanext.ldap.fullname'])
if 'ckanext.ldap.email' in config:
attributes.append(config['ckanext.ldap.email'])
try:
ret = _ldap_search(cnx, filter_str, attributes, non_unique='log')
if ret is None and 'ckanext.ldap.search.alt' in config:
filter_str = config['ckanext.ldap.search.alt'].format(
login=ldap.filter.escape_filter_chars(login))
ret = _ldap_search(cnx, filter_str, attributes, non_unique='raise')
finally:
cnx.unbind()
return ret