projects
/
cascardo
/
ipsilon.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Implement change registration
[cascardo/ipsilon.git]
/
ipsilon
/
login
/
authldap.py
diff --git
a/ipsilon/login/authldap.py
b/ipsilon/login/authldap.py
index
8958410
..
ce096f4
100644
(file)
--- a/
ipsilon/login/authldap.py
+++ b/
ipsilon/login/authldap.py
@@
-1,11
+1,13
@@
-# Copyright (C) 2014
Ipsilon Contributors, see COPYING for license
+# Copyright (C) 2014
Ipsilon project Contributors, for license see COPYING
-from ipsilon.login.common import LoginFormBase, LoginManagerBase
+from ipsilon.login.common import LoginFormBase, LoginManagerBase, \
+ LoginManagerInstaller
from ipsilon.util.plugin import PluginObject
from ipsilon.util.log import Log
from ipsilon.util import config as pconfig
from ipsilon.info.infoldap import InfoProvider as LDAPInfo
import ldap
from ipsilon.util.plugin import PluginObject
from ipsilon.util.log import Log
from ipsilon.util import config as pconfig
from ipsilon.info.infoldap import InfoProvider as LDAPInfo
import ldap
+import subprocess
class LDAP(LoginFormBase, Log):
class LDAP(LoginFormBase, Log):
@@
-49,7
+51,9
@@
class LDAP(LoginFormBase, Log):
if not self.ldap_info:
self.ldap_info = LDAPInfo(self._site)
if not self.ldap_info:
self.ldap_info = LDAPInfo(self._site)
- return self.ldap_info.get_user_data_from_conn(conn, dn)
+ base = self.lm.base_dn
+ return self.ldap_info.get_user_data_from_conn(conn, dn, base,
+ username)
return None
return None
@@
-81,7
+85,7
@@
class LDAP(LoginFormBase, Log):
error_password=not password,
error_username=not username
)
error_password=not password,
error_username=not username
)
- # pylint: disable=star-args
+ self.lm.set_auth_error()
return self._template('login/form.html', **context)
return self._template('login/form.html', **context)
@@
-107,6
+111,10
@@
authentication. """
'bind dn template',
'Template to turn username into DN.',
'uid=%(username)s,ou=People,dc=example,dc=com'),
'bind dn template',
'Template to turn username into DN.',
'uid=%(username)s,ou=People,dc=example,dc=com'),
+ pconfig.String(
+ 'base dn',
+ 'The base dn to look for users and groups',
+ 'dc=example,dc=com'),
pconfig.Condition(
'get user info',
'Get user info via ldap using user credentials',
pconfig.Condition(
'get user info',
'Get user info via ldap using user credentials',
@@
-158,16
+166,20
@@
authentication. """
def bind_dn_tmpl(self):
return self.get_config_value('bind dn template')
def bind_dn_tmpl(self):
return self.get_config_value('bind dn template')
+ @property
+ def base_dn(self):
+ return self.get_config_value('base dn')
+
def get_tree(self, site):
self.page = LDAP(site, self, 'login/ldap')
return self.page
def get_tree(self, site):
self.page = LDAP(site, self, 'login/ldap')
return self.page
-class Installer(
object
):
+class Installer(
LoginManagerInstaller
):
def __init__(self, *pargs):
def __init__(self, *pargs):
+ super(Installer, self).__init__()
self.name = 'ldap'
self.name = 'ldap'
- self.ptype = 'login'
self.pargs = pargs
def install_args(self, group):
self.pargs = pargs
def install_args(self, group):
@@
-177,8
+189,12
@@
class Installer(object):
help='LDAP Server Url')
group.add_argument('--ldap-bind-dn-template', action='store',
help='LDAP Bind DN Template')
help='LDAP Server Url')
group.add_argument('--ldap-bind-dn-template', action='store',
help='LDAP Bind DN Template')
+ group.add_argument('--ldap-tls-level', action='store', default=None,
+ help='LDAP TLS level')
+ group.add_argument('--ldap-base-dn', action='store',
+ help='LDAP Base DN')
- def configure(self, opts):
+ def configure(self, opts
, changes
):
if opts['ldap'] != 'yes':
return
if opts['ldap'] != 'yes':
return
@@
-193,9
+209,22
@@
class Installer(object):
config['server url'] = opts['ldap_server_url']
if 'ldap_bind_dn_template' in opts:
config['bind dn template'] = opts['ldap_bind_dn_template']
config['server url'] = opts['ldap_server_url']
if 'ldap_bind_dn_template' in opts:
config['bind dn template'] = opts['ldap_bind_dn_template']
- config['tls'] = 'Demand'
+ if 'ldap_tls_level' in opts and opts['ldap_tls_level'] is not None:
+ config['tls'] = opts['ldap_tls_level']
+ else:
+ config['tls'] = 'Demand'
+ if 'ldap_base_dn' in opts and opts['ldap_base_dn'] is not None:
+ config['base dn'] = opts['ldap_base_dn']
po.save_plugin_config(config)
# Update global config to add login plugin
po.is_enabled = True
po.save_enabled_state()
po.save_plugin_config(config)
# Update global config to add login plugin
po.is_enabled = True
po.save_enabled_state()
+
+ # For selinux enabled platforms permit httpd to connect to ldap,
+ # ignore if it fails
+ try:
+ subprocess.call(['/usr/sbin/setsebool', '-P',
+ 'httpd_can_connect_ldap=on'])
+ except Exception: # pylint: disable=broad-except
+ pass