コード例 #1
0
def authenticateUser(session, req, username, password):
	"""authenticate the username/password combination.
	
	Only used if config.AUTH_TYPE=='FORM'.
	This sets session['username'], iff authentication is successful.
	This should raise an Exception if authentication fails (the caller must make sure to sanitize any error message, since there's no guarantee it won't contain passwords or other sensitive information).
	"""

	if password=='': raise Exception("empty password")  #the ldap bind does not fail for empty password, so must catch it before

	import ldap

	ldap.set_option(ldap.OPT_DEBUG_LEVEL,255)

	try:
		try:
			authenticated = False
			for host in ('dc2-rc', 'dc3-rc'):
				try:
					l = ldap.initialize("ldaps://%s:636/" % host)
					l.protocol_version = ldap.VERSION3
					l.simple_bind_s(
						core.getStdout("/n/sw/rc/bin/username2ldapatts -a distinguishedName %s" % core.shQuote(username)).strip(),
						password
					)  #will raise ldap.INVALID_CREDENTIALS in case of failure
					authenticated = True
					break
				except ldap.SERVER_DOWN, e:
					msg = "got ldap.SERVER_DOWN for [%s]: %s; will retry other hosts if available" % (host, e)
					core.log(msg, session, req)
					continue
			if not authenticated: raise Exception("cannot contact LDAP server(s)")
		except ldap.INVALID_CREDENTIALS:
			raise
コード例 #2
0
def getEmailAddress(username):
	"""return the email address of the user
	
	This is provided for convenience only -- it not called anywhere be default, regardless of config.AUTH_TYPE.
	"""
	return core.getStdout("/n/sw/rc/bin/username2ldapatts -a mail %s" % core.shQuote(username)).strip()