1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
from ldap3 import Tls, Server, Connection, BASE
from ldap3.utils.dn import safe_dn
import ssl
def user_cls(login):
def decorator(cls):
login.user_loader(lambda uid: cls.query.get(uid))
return cls
return decorator
def _format_dn(parts):
return ','.join([safe_dn(part) for part in parts])
def auth(config, model, username, password):
tls_configuration = Tls(validate=ssl.CERT_REQUIRED,
version=ssl.PROTOCOL_TLSv1)
server = Server(config['host'], use_ssl=True, tls=tls_configuration)
user_dn = _format_dn(['uid=%s' % username] + config['base_dn'])
conn = Connection(server, user=user_dn, password=password)
if not conn.bind():
return None
user = model.query.filter_by(name=username).first()
if user is None:
if not conn.search(user_dn, '(objectclass=inetOrgPerson)',
search_scope=BASE, attributes=['mail']):
return None
user_data = conn.entries[0]
user = model.create(name=username, email=user_data.mail.value)
return user
|