def _search(cls, users, attr_idx): """Search LDAP directory for the indexed attr for users. Attr index can be UID_IDX, CN_IDX or MAIL_IDX. Return a list containing the results. """ conf = ResourceLocator.default().get_conf() uri = conf.get_value(["rosa-ldap", "uri"]) binddn = conf.get_value(["rosa-ldap", "binddn"]) passwd = "" passwd_file = conf.get_value(["rosa-ldap", "password-file"], cls.PASSWD_FILE) if passwd_file: passwd = open(os.path.expanduser(passwd_file)).read().strip() basedn = conf.get_value(["rosa-ldap", "basedn"], "") filter_str = "(|(uid=" + ")(uid=".join(users) + "))" filter_more_str = conf.get_value(["rosa-ldap", "filter-more"], "") if filter_more_str: filter_str = "(&" + filter_str + filter_more_str + ")" user_attr_str = conf.get_value(["rosa-ldap", "attrs"], cls.USER_ATTRS) attr = user_attr_str.split()[attr_idx] tls_ca_file = conf.get_value(["rosa-ldap", "tls-ca-file"]) if tls_ca_file: ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, tls_ca_file) conn = ldap.initialize(uri) conn.bind_s(binddn, passwd) results = conn.search_s(basedn, ldap.SCOPE_SUBTREE, filter_str, [attr]) conn.unbind() return [result[1][attr][0] for result in results]
def __init__(self, host='localhost', port="389", base_dn="", bind_dn_username="", bind_dn_password="", require_group=None, ssl=False): """Contruct the connection. Assumes plaintext LDAP. Args: host -- hostname or IP of the LDAP server port -- Port to connect to for LDAP auth base_dn -- The base DN to start searching for users bind_dn_username -- username to user for binding to LDAP bind_dn_password -- bind_dn_username's password require_group -- User must be a member of this group to login ssl -- connect using SSL or not """ self.error = "" self.host = host self.base_dn = base_dn self.bind_dn = bind_dn_username self.bind_pw = bind_dn_password self.require_group = require_group ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, False) ldap.set_option(ldap.OPT_REFERRALS, 0) self.authenticated_user = None self.authenticated_dn = None self.authsource = "Active Directory on {}".format(base_dn) self.ldap_url = ''.join([ (ssl and "ldaps://") or "ldap://", self.host, (port and ":{}".format(port)) or '' ]) # attempt to connect and bind to the server try: self.con = ldap.initialize(self.ldap_url) if ssl: self.con.start_tls_s() self.con.simple_bind_s(self.bind_dn, self.bind_pw) except ldap.INVALID_CREDENTIALS: self.error = "Could not bind to server {}.".format(self.host) if self.bind_dn is not None: self.error += "as " + self.bind_dn self.con = False except ldap.SERVER_DOWN: self.error = "Could not make connection to {}.".format(self.host)
def __init__(self, host='localhost', port="389", bind_dn="", bind_pw="", require_group=None, ssl=False): """Contruct an eDirectory connection object. Assumes plaintext LDAP. Args: host -- The hostname or IP of the directory server port -- The port number to connect to bind_dn -- A DN (username) to bind to the directory as bind_pw -- The bind_dn's password require_group -- Require membership in this group for login ssl -- Connect using SSL or not """ self.error = "" self.host = host self.bind_dn = bind_dn self.bind_pw = bind_pw ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, False) self.authenticated_user = None self.authenticated_dn = None self.authsource = "Novell eDirectory on " + host self.require_group = require_group self.ldap_url = ''.join([ (ssl and "ldaps://") or "ldap://", self.host, (port and ":{}".format(port)) or '' ]) # attempt to connect to the server try: self.con = ldap.initialize(self.ldap_url) if ssl: self.con.start_tls_s() self.con.simple_bind_s(self.bind_dn, self.bind_pw) except ldap.INVALID_CREDENTIALS: self.error = "Could not bind to server {}.".format(self.host) if self.bind_dn is not None: self.error += "as %s" % self.bind_dn self.con = False except ldap.SERVER_DOWN: self.error = "Could not make connection to {}.".format(self.host)