Implement change registration

[cascardo/ipsilon.git] / ipsilon / login / authldap.py
diff --git a/ipsilon/login/authldap.py b/ipsilon/login/authldap.py

index 0161abc..ce096f4 100644 (file)
--- a/ipsilon/login/authldap.py
+++ b/ipsilon/login/authldap.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2014  Ipsilon Contributors, see COPYING for license
+# Copyright (C) 2014 Ipsilon project Contributors, for license see COPYING
  
  from ipsilon.login.common import LoginFormBase, LoginManagerBase, \
      LoginManagerInstaller
@@ -7,6 +7,7 @@ from ipsilon.util.log import Log
  from ipsilon.util import config as pconfig
  from ipsilon.info.infoldap import InfoProvider as LDAPInfo
  import ldap
+import subprocess
  
  
  class LDAP(LoginFormBase, Log):
@@ -50,7 +51,9 @@ class LDAP(LoginFormBase, Log):
              if not self.ldap_info:
                  self.ldap_info = LDAPInfo(self._site)
  
-            return self.ldap_info.get_user_data_from_conn(conn, dn)
+            base = self.lm.base_dn
+            return self.ldap_info.get_user_data_from_conn(conn, dn, base,
+                                                          username)
  
          return None
  
@@ -82,7 +85,7 @@ class LDAP(LoginFormBase, Log):
              error_password=not password,
              error_username=not username
          )
-        # pylint: disable=star-args
+        self.lm.set_auth_error()
          return self._template('login/form.html', **context)
  
  
@@ -108,6 +111,10 @@ authentication. """
                  'bind dn template',
                  'Template to turn username into DN.',
                  'uid=%(username)s,ou=People,dc=example,dc=com'),
+            pconfig.String(
+                'base dn',
+                'The base dn to look for users and groups',
+                'dc=example,dc=com'),
              pconfig.Condition(
                  'get user info',
                  'Get user info via ldap using user credentials',
@@ -159,6 +166,10 @@ authentication. """
      def bind_dn_tmpl(self):
          return self.get_config_value('bind dn template')
  
+    @property
+    def base_dn(self):
+        return self.get_config_value('base dn')
+
      def get_tree(self, site):
          self.page = LDAP(site, self, 'login/ldap')
          return self.page
@@ -178,8 +189,12 @@ class Installer(LoginManagerInstaller):
                             help='LDAP Server Url')
          group.add_argument('--ldap-bind-dn-template', action='store',
                             help='LDAP Bind DN Template')
+        group.add_argument('--ldap-tls-level', action='store', default=None,
+                           help='LDAP TLS level')
+        group.add_argument('--ldap-base-dn', action='store',
+                           help='LDAP Base DN')
  
-    def configure(self, opts):
+    def configure(self, opts, changes):
          if opts['ldap'] != 'yes':
              return
  
@@ -194,9 +209,22 @@ class Installer(LoginManagerInstaller):
              config['server url'] = opts['ldap_server_url']
          if 'ldap_bind_dn_template' in opts:
              config['bind dn template'] = opts['ldap_bind_dn_template']
-        config['tls'] = 'Demand'
+        if 'ldap_tls_level' in opts and opts['ldap_tls_level'] is not None:
+            config['tls'] = opts['ldap_tls_level']
+        else:
+            config['tls'] = 'Demand'
+        if 'ldap_base_dn' in opts and opts['ldap_base_dn'] is not None:
+            config['base dn'] = opts['ldap_base_dn']
          po.save_plugin_config(config)
  
          # Update global config to add login plugin
          po.is_enabled = True
          po.save_enabled_state()
+
+        # For selinux enabled platforms permit httpd to connect to ldap,
+        # ignore if it fails
+        try:
+            subprocess.call(['/usr/sbin/setsebool', '-P',
+                             'httpd_can_connect_ldap=on'])
+        except Exception:  # pylint: disable=broad-except
+            pass