def _authenticate(self, username, password):
conn = self._ldap_connect()
dn = self.lm.bind_dn_tmpl % {"username": username}
conn.simple_bind_s(dn, password)
# Bypass info plugins to optimize data retrieval
if self.lm.get_user_info:
self.lm.info = None
if not self.ldap_info:
self.ldap_info = LDAPInfo(self._site)
base = self.lm.base_dn
return self.ldap_info.get_user_data_from_conn(conn, dn, base, username)
return None
def _authenticate(self, username, password):
conn = self._ldap_connect()
dn = self.lm.bind_dn_tmpl % {'username': username}
conn.simple_bind_s(dn, password)
# Bypass info plugins to optimize data retrieval
if self.lm.get_user_info:
self.lm.info = None
if not self.ldap_info:
self.ldap_info = LDAPInfo(self._site)
base = self.lm.base_dn
return self.ldap_info.get_user_data_from_conn(
conn, dn, base, username)
return None
class LDAP(LoginFormBase, Log):
def __init__(self, site, mgr, page):
super(LDAP, self).__init__(site, mgr, page)
self.ldap_info = None
def _ldap_connect(self):
return ldap_connect(self.lm.server_url, self.lm.tls)
def _authenticate(self, username, password):
conn = self._ldap_connect()
dn = self.lm.bind_dn_tmpl % {'username': username}
conn.simple_bind_s(dn, password)
# Bypass info plugins to optimize data retrieval
if self.lm.get_user_info:
self.lm.info = None
if not self.ldap_info:
self.ldap_info = LDAPInfo(self._site)
base = self.lm.base_dn
return self.ldap_info.get_user_data_from_conn(
conn, dn, base, username)
return None
def POST(self, *args, **kwargs):
username = kwargs.get("login_name")
password = kwargs.get("login_password")
userattrs = None
authok = False
errmsg = None
if username and password:
try:
userattrs = self._authenticate(username, password)
authok = True
except ldap.INVALID_CREDENTIALS as e:
errmsg = "Authentication failed"
self.error(errmsg)
except ldap.LDAPError as e:
errmsg = 'Internal system error'
if isinstance(e, ldap.TIMEOUT):
self.error('LDAP request timed out')
else:
desc = e.args[0]['desc'].strip()
info = e.args[0].get('info', '').strip()
self.error("%s: %s %s" %
(e.__class__.__name__, desc, info))
except Exception as e: # pylint: disable=broad-except
errmsg = 'Internal system error'
self.error("Exception raised: [%s]" % repr(e))
else:
self.error("Username or password is missing")
if authok:
return self.lm.auth_successful(self.trans,
username,
'password',
userdata=userattrs)
context = self.create_tmpl_context(username=username,
error=errmsg,
error_password=not password,
error_username=not username)
self.lm.set_auth_error()
return self._template('login/form.html', **context)
class LDAP(LoginFormBase, Log):
def __init__(self, site, mgr, page):
super(LDAP, self).__init__(site, mgr, page)
self.ldap_info = None
def _ldap_connect(self):
return ldap_connect(self.lm.server_url, self.lm.tls)
def _authenticate(self, username, password):
conn = self._ldap_connect()
dn = self.lm.bind_dn_tmpl % {"username": username}
conn.simple_bind_s(dn, password)
# Bypass info plugins to optimize data retrieval
if self.lm.get_user_info:
self.lm.info = None
if not self.ldap_info:
self.ldap_info = LDAPInfo(self._site)
base = self.lm.base_dn
return self.ldap_info.get_user_data_from_conn(conn, dn, base, username)
return None
def POST(self, *args, **kwargs):
username = kwargs.get("login_name")
password = kwargs.get("login_password")
userattrs = None
authok = False
errmsg = None
if username and password:
try:
userattrs = self._authenticate(username, password)
authok = True
except ldap.INVALID_CREDENTIALS as e:
errmsg = "Authentication failed"
self.error(errmsg)
except ldap.LDAPError as e:
errmsg = "Internal system error"
if isinstance(e, ldap.TIMEOUT):
self.error("LDAP request timed out")
else:
desc = e.args[0]["desc"].strip()
info = e.args[0].get("info", "").strip()
self.error("%s: %s %s" % (e.__class__.__name__, desc, info))
except Exception as e: # pylint: disable=broad-except
errmsg = "Internal system error"
self.error("Exception raised: [%s]" % repr(e))
else:
self.error("Username or password is missing")
if authok:
return self.lm.auth_successful(self.trans, username, "password", userdata=userattrs)
context = self.create_tmpl_context(
username=username, error=errmsg, error_password=not password, error_username=not username
)
self.lm.set_auth_error()
return self._template("login/form.html", **context)