X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=blobdiff_plain;f=ipsilon%2Flogin%2Fauthldap.py;h=0161abc7f8472187e8e37dd25bb65ab0aa4e58ca;hp=a41d167e21bfe3f19f6426ded6a62329309241db;hb=7ad204c13898245cdea5acfa90be83e767276994;hpb=d274763d8dc06b42f70014b14fcb2e852c086751 diff --git a/ipsilon/login/authldap.py b/ipsilon/login/authldap.py old mode 100755 new mode 100644 index a41d167..0161abc --- a/ipsilon/login/authldap.py +++ b/ipsilon/login/authldap.py @@ -1,11 +1,10 @@ -#!/usr/bin/python -# # Copyright (C) 2014 Ipsilon Contributors, see COPYING for license -from ipsilon.login.common import LoginFormBase, LoginManagerBase -from ipsilon.login.common import FACILITY +from ipsilon.login.common import LoginFormBase, LoginManagerBase, \ + LoginManagerInstaller from ipsilon.util.plugin import PluginObject from ipsilon.util.log import Log +from ipsilon.util import config as pconfig from ipsilon.info.infoldap import InfoProvider as LDAPInfo import ldap @@ -49,7 +48,7 @@ class LDAP(LoginFormBase, Log): self.lm.info = None if not self.ldap_info: - self.ldap_info = LDAPInfo() + self.ldap_info = LDAPInfo(self._site) return self.ldap_info.get_user_data_from_conn(conn, dn) @@ -64,15 +63,7 @@ class LDAP(LoginFormBase, Log): if username and password: try: - userdata = self._authenticate(username, password) - if userdata: - userattrs = dict() - for d, v in userdata.get('userdata', {}).items(): - userattrs[d] = v - if 'groups' in userdata: - userattrs['groups'] = userdata['groups'] - if 'extras' in userdata: - userattrs['extras'] = userdata['extras'] + userattrs = self._authenticate(username, password) authed = True except Exception, e: # pylint: disable=broad-except errmsg = "Authentication failed" @@ -107,47 +98,38 @@ class LoginManager(LoginManagerBase): self.description = """ Form based login Manager that uses a simple bind LDAP operation to perform authentication. """ - self._options = { - 'help text': [ - """ The text shown to guide the user at login time. """, - 'string', - 'Insert your Username and Password and then submit.' - ], - 'username text': [ - """ The text shown to ask for the username in the form. """, - 'string', - 'Username' - ], - 'password text': [ - """ The text shown to ask for the password in the form. """, - 'string', - 'Password' - ], - 'server url': [ - """ The LDAP server url """, - 'string', - 'ldap://example.com' - ], - 'tls': [ - " What TLS level show be required " + - "(Demand, Allow, Try, Never, NoTLS) ", - 'string', - 'Demand' - ], - 'bind dn template': [ - """ Template to turn username into DN. """, - 'string', - 'uid=%(username)s,ou=People,dc=example,dc=com' - ], - 'get user info': [ - """ Get user info via ldap directly after auth (Yes/No) """, - 'string', - 'Yes' - ], - } - self.conf_opt_order = ['server url', 'bind dn template', - 'get user info', 'tls', 'username text', - 'password text', 'help text'] + self.new_config( + self.name, + pconfig.String( + 'server url', + 'The LDAP server url.', + 'ldap://example.com'), + pconfig.Template( + 'bind dn template', + 'Template to turn username into DN.', + 'uid=%(username)s,ou=People,dc=example,dc=com'), + pconfig.Condition( + 'get user info', + 'Get user info via ldap using user credentials', + True), + pconfig.Pick( + 'tls', + 'What TLS level show be required', + ['Demand', 'Allow', 'Try', 'Never', 'NoTLS'], + 'Demand'), + pconfig.String( + 'username text', + 'Text used to ask for the username at login time.', + 'Username'), + pconfig.String( + 'password text', + 'Text used to ask for the password at login time.', + 'Password'), + pconfig.String( + 'help text', + 'Text used to guide the user at login time.', + 'Provide your Username and Password') + ) @property def help_text(self): @@ -171,7 +153,7 @@ authentication. """ @property def get_user_info(self): - return (self.get_config_value('get user info').lower() == 'yes') + return self.get_config_value('get user info') @property def bind_dn_tmpl(self): @@ -182,15 +164,16 @@ authentication. """ return self.page -class Installer(object): +class Installer(LoginManagerInstaller): - def __init__(self): + def __init__(self, *pargs): + super(Installer, self).__init__() self.name = 'ldap' - self.ptype = 'login' + self.pargs = pargs def install_args(self, group): group.add_argument('--ldap', choices=['yes', 'no'], default='no', - help='Configure PAM authentication') + help='Configure LDAP authentication') group.add_argument('--ldap-server-url', action='store', help='LDAP Server Url') group.add_argument('--ldap-bind-dn-template', action='store', @@ -201,29 +184,19 @@ class Installer(object): return # Add configuration data to database - po = PluginObject() + po = PluginObject(*self.pargs) po.name = 'ldap' po.wipe_data() + po.wipe_config_values() - po.wipe_config_values(FACILITY) config = dict() if 'ldap_server_url' in opts: config['server url'] = opts['ldap_server_url'] if 'ldap_bind_dn_template' in opts: config['bind dn template'] = opts['ldap_bind_dn_template'] config['tls'] = 'Demand' - po.set_config(config) - po.save_plugin_config(FACILITY) + po.save_plugin_config(config) # Update global config to add login plugin - po = PluginObject() - po.name = 'global' - globalconf = po.get_plugin_config(FACILITY) - if 'order' in globalconf: - order = globalconf['order'].split(',') - else: - order = [] - order.append('ldap') - globalconf['order'] = ','.join(order) - po.set_config(globalconf) - po.save_plugin_config(FACILITY) + po.is_enabled = True + po.save_enabled_state()