def _find_ldap_user(login): """Find the LDAP user identified by 'login' in the configured ldap database @param login: The login to find in the LDAP database @return: None if no user is found, a dictionary defining 'cn', 'username', 'fullname' and 'email otherwise. """ cnx = ldap.initialize(config['ckanext.ldap.uri'], bytes_mode=False, trace_level=config['ckanext.ldap.trace_level']) if config.get('ckanext.ldap.auth.dn'): try: if config['ckanext.ldap.auth.method'] == 'SIMPLE': cnx.bind_s(config['ckanext.ldap.auth.dn'], config['ckanext.ldap.auth.password']) elif config['ckanext.ldap.auth.method'] == 'SASL': if config['ckanext.ldap.auth.mechanism'] == 'DIGEST-MD5': auth_tokens = ldap.sasl.digest_md5(config['ckanext.ldap.auth.dn'], config['ckanext.ldap.auth.password']) cnx.sasl_interactive_bind_s("", auth_tokens) else: log.error("SASL mechanism not supported: {0}".format(config['ckanext.ldap.auth.mechanism'])) return None else: log.error("LDAP authentication method is not supported: {0}".format(config['ckanext.ldap.auth.method'])) return None except ldap.SERVER_DOWN: log.error('LDAP server is not reachable') return None except ldap.INVALID_CREDENTIALS: log.error('LDAP server credentials (ckanext.ldap.auth.dn and ckanext.ldap.auth.password) invalid') return None except ldap.LDAPError, e: log.error("Fatal LDAP Error: {0}".format(e)) return None
def _find_ldap_user(login): """Find the LDAP user identified by 'login' in the configured ldap database @param login: The login to find in the LDAP database @return: None if no user is found, a dictionary defining 'cn', 'username', 'fullname' and 'email otherwise. """ cnx = ldap.initialize(config['ckanext.ldap.uri']) if config.get('ckanext.ldap.auth.dn'): try: cnx.bind_s(config['ckanext.ldap.auth.dn'], config['ckanext.ldap.auth.password']) except ldap.SERVER_DOWN: log.error('LDAP server is not reachable') return None except ldap.INVALID_CREDENTIALS: log.error('LDAP server credentials (ckanext.ldap.auth.dn and ckanext.ldap.auth.password) invalid') return None filter_str = config['ckanext.ldap.search.filter'].format(login=ldap.filter.escape_filter_chars(login)) attributes = [config['ckanext.ldap.username']] if 'ckanext.ldap.fullname' in config: attributes.append(config['ckanext.ldap.fullname']) if 'ckanext.ldap.email' in config: attributes.append(config['ckanext.ldap.email']) try: ret = _ldap_search(cnx, filter_str, attributes, non_unique='log') if ret is None and 'ckanext.ldap.search.alt' in config: filter_str = config['ckanext.ldap.search.alt'].format(login=ldap.filter.escape_filter_chars(login)) ret = _ldap_search(cnx, filter_str, attributes, non_unique='raise') finally: cnx.unbind() return ret
def _find_ldap_user(login): """Find the LDAP user identified by 'login' in the configured ldap database @param login: The login to find in the LDAP database @return: None if no user is found, a dictionary defining 'cn', 'username', 'fullname' and 'email otherwise. """ cnx = ldap.initialize(config['ckanext.ldap.uri']) if config.get('ckanext.ldap.auth.dn'): try: cnx.bind_s(config['ckanext.ldap.auth.dn'], config['ckanext.ldap.auth.password']) except ldap.SERVER_DOWN: log.error('LDAP server is not reachable') return None except ldap.INVALID_CREDENTIALS: log.error( 'LDAP server credentials (ckanext.ldap.auth.dn and ckanext.ldap.auth.password) invalid' ) return None filter_str = config['ckanext.ldap.search.filter'].format( login=ldap.filter.escape_filter_chars(login)) attributes = [config['ckanext.ldap.username']] if 'ckanext.ldap.fullname' in config: attributes.append(config['ckanext.ldap.fullname']) if 'ckanext.ldap.email' in config: attributes.append(config['ckanext.ldap.email']) try: ret = _ldap_search(cnx, filter_str, attributes, non_unique='log') if ret is None and 'ckanext.ldap.search.alt' in config: filter_str = config['ckanext.ldap.search.alt'].format( login=ldap.filter.escape_filter_chars(login)) ret = _ldap_search(cnx, filter_str, attributes, non_unique='raise') finally: cnx.unbind() return ret