diff options
author | Alexander Sulfrian <alex@spline.inf.fu-berlin.de> | 2016-01-12 19:10:34 +0100 |
---|---|---|
committer | Alexander Sulfrian <alex@spline.inf.fu-berlin.de> | 2016-01-12 19:13:32 +0100 |
commit | 9b219c587305961e8710ea475453ed40c264853b (patch) | |
tree | d0a14a6f8cafa0dcb055d7b8c017f08015cd5475 | |
parent | b2cd06183fd7f4a06758f9bdd423089b111f42ff (diff) | |
download | padlite-teams-9b219c587305961e8710ea475453ed40c264853b.tar.gz padlite-teams-9b219c587305961e8710ea475453ed40c264853b.tar.bz2 padlite-teams-9b219c587305961e8710ea475453ed40c264853b.zip |
The ldap3 library is python3 compatible and more future proof.
-rw-r--r-- | settings.py.default | 2 | ||||
-rw-r--r-- | utils/login.py | 40 |
2 files changed, 19 insertions, 23 deletions
diff --git a/settings.py.default b/settings.py.default index d38ae99..c63b3e6 100644 --- a/settings.py.default +++ b/settings.py.default @@ -5,7 +5,7 @@ PAD = { LDAP = { 'host': 'ldaps://host', - 'base_dn': [('ou', 'people'), ('dc', 'example'), ('dc', 'org')], + 'base_dn': ['ou=people', 'dc=example', 'dc=org'], } SQLALCHEMY_DATABASE_URI = 'sqlite:///example.db' diff --git a/utils/login.py b/utils/login.py index e6c8f21..cda1485 100644 --- a/utils/login.py +++ b/utils/login.py @@ -1,5 +1,6 @@ -import ldap -from functools import reduce +from ldap3 import Tls, Server, Connection, BASE +from ldap3.utils.dn import safe_dn +import ssl def user_cls(login): @@ -9,32 +10,27 @@ def user_cls(login): return decorator -def _format_dn(attr, base_dn=None): - attr = [attr] - if base_dn is not None: - attr.extend(base_dn) - - return ','.join(['%s=%s' % (key, ldap.dn.escape_dn_chars(value)) - for (key, value) in attr]) +def _format_dn(parts): + return ','.join([safe_dn(part) for part in parts]) def auth(config, model, username, password): - ldap.protocol_version = 3 - l = ldap.initialize(config['host']) - l.set_option(ldap.OPT_X_TLS_DEMAND, True) - try: - user_dn = _format_dn(('uid', username), config['base_dn']) - l.simple_bind_s(user_dn, password) - except ldap.INVALID_CREDENTIALS: - return None + tls_configuration = Tls(validate=ssl.CERT_REQUIRED, + version=ssl.PROTOCOL_TLSv1) + server = Server(config['host'], use_ssl=True, tls=tls_configuration) + + user_dn = _format_dn(['uid=%s' % username] + config['base_dn']) + conn = Connection(server, user=user_dn, password=password) + if not conn.bind(): + return None user = model.query.filter_by(name=username).first() if user is None: - user_data = l.search_s(user_dn, ldap.SCOPE_BASE) - if len(user_data) != 1: - return None + if not conn.search(user_dn, '(objectclass=inetOrgPerson)', + search_scope=BASE, attributes=['mail']): + return None - (dn, user_data) = user_data[0] - user = model.create(name=username, email=user_data['mail'][0]) + user_data = conn.entries[0] + user = model.create(name=username, email=user_data.mail.value) return user |