Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
A
authserv
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Deploy
Releases
Model registry
Monitor
Incidents
Service Desk
Analyze
Value stream analytics
Contributor analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
This is an archived project. Repository and other project resources are read-only.
Show more breadcrumbs
ai
authserv
Commits
af8a777c
Commit
af8a777c
authored
11 years ago
by
ale
Browse files
Options
Downloads
Patches
Plain Diff
improve the LDAP authentication model
parent
1ea7ab05
No related branches found
No related tags found
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
authserv/ldap_model.py
+35
-19
35 additions, 19 deletions
authserv/ldap_model.py
with
35 additions
and
19 deletions
authserv/ldap_model.py
+
35
−
19
View file @
af8a777c
import
contextlib
import
ldap
from
ldap.ldapobject
import
ReconnectLDAPObj
from
ldap.dn
import
escape_dn_chars
from
ldap.filter
import
escape_filter_chars
from
ldap.ldapobject
import
LDAPObject
from
authserv
import
model
...
...
@@ -24,35 +26,49 @@ class UserDb(model.UserDb):
@contextlib.contextmanager
def
_conn
(
self
):
c
=
Reconnect
LDAPObj
(
self
.
ldap_uri
)
c
=
LDAPObj
ect
(
self
.
ldap_uri
)
c
.
protocol_version
=
ldap
.
VERSION3
c
.
simple_bind_s
(
self
.
ldap_bind_dn
,
self
.
ldap_bind_pw
)
yield
c
c
.
unbind_s
()
def
_query_user
(
self
,
username
,
service
):
# Allow referencing a service to another, by specifying a
# string rather than a dictionary as the value. If you build
# infinite loops this way, it's your fault.
ldap_params
=
self
.
service_map
.
get
(
service
)
while
isinstance
(
ldap_params
,
basestring
):
ldap_params
=
self
.
service_map
.
get
(
ldap_params
)
if
not
ldap_params
:
return
None
if
callable
(
ldap_params
[
'
dn
'
]):
basedn
=
ldap_params
[
'
dn
'
](
username
)
else
:
basedn
=
ldap_params
[
'
dn
'
]
with
self
.
_conn
()
as
c
:
result
=
c
.
search_s
(
basedn
,
ldap_params
.
get
(
'
scope
'
,
ldap
.
SCOPE_SUBTREE
),
ldap_params
[
'
filter
'
].
replace
(
'
%s
'
,
username
),
self
.
ldap_attrs
)
if
not
result
:
return
None
if
len
(
result
)
>
1
:
raise
Error
(
'
too many results from LDAP
'
)
return
User
(
username
,
result
[
0
][
0
],
result
[
0
][
1
])
# LDAP queries can be built in two ways:
#
# - specify a fully-qualified 'dn' attribute, in which
# case we'll run a SCOPE_BASE query for that specific DN.
# In this case, 'filter' is optional.
#
# - specify 'base' and 'filter' together to identify a
# single object. This is a SCOPE_SUBTREE search and
# 'filter' is required.
#
if
'
dn
'
in
ldap_params
:
base
=
ldap_params
[
'
dn
'
].
replace
(
'
%s
'
,
escape_dn_chars
(
username
))
filt
=
ldap_params
.
get
(
'
filter
'
,
''
).
replace
(
'
%s
'
,
escape_filter_chars
(
username
))
scope
=
ldap
.
SCOPE_BASE
else
:
base
=
ldap_params
[
'
base
'
].
replace
(
'
%s
'
,
escape_dn_chars
(
username
))
filt
=
ldap_params
[
'
filter
'
].
replace
(
'
%s
'
,
escape_filter_chars
(
username
))
scope
=
ldap
.
SCOPE_SUBTREE
result
=
c
.
search_s
(
base
,
scope
,
filt
,
self
.
ldap_attrs
)
if
not
result
:
return
None
if
len
(
result
)
>
1
:
raise
Error
(
'
too many results from LDAP
'
)
return
User
(
username
,
result
[
0
][
0
],
result
[
0
][
1
])
def
get_user
(
self
,
username
,
service
):
try
:
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment