Domů Procházet Nápověda
Přihlásit se
mirrors
/
Radicale
zrcadlo https://github.com/Kozea/Radicale
1
0
Rozštěpit 0
Soubory Úkoly 0 Wiki
Strom: 1c4acc44a8
Větve Značky
Radicale
/
radicale
/
auth
/
LDAP.py

LDAP.py 2.5 KB
Historie Surový

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778 
  1. # This file is part of Radicale Server - Calendar Server
    2. 

  2. # Copyright © 2011 Corentin Le Bail
    3. 

  3. # Copyright © 2011-2016 Guillaume Ayoub
    4. 

  4. #
    5. 

  5. # This library is free software: you can redistribute it and/or modify
    6. 

  6. # it under the terms of the GNU General Public License as published by
    7. 

  7. # the Free Software Foundation, either version 3 of the License, or
    8. 

  8. # (at your option) any later version.
    9. 

  9. #
    10. 

  10. # This library is distributed in the hope that it will be useful,
    11. 

  11. # but WITHOUT ANY WARRANTY; without even the implied warranty of
    12. 

  12. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13. 

  13. # GNU General Public License for more details.
    14. 

  14. #
    15. 

  15. # You should have received a copy of the GNU General Public License
    16. 

  16. # along with Radicale.  If not, see <http://www.gnu.org/licenses/>.
    17. 

  17. 

  18. """
    19. 

  19. LDAP authentication.
    20. 

  20. 

  21. Authentication based on the ``python-ldap`` module
    22. 

  22. (http://www.python-ldap.org/).
    23. 

  23. 

  24. """
    25. 

  25. 

  26. import ldap
    27. 

  27. 

  28. from .. import config, log
    29. 

  29. 

  30. 

  31. BASE = config.get("auth", "ldap_base")
    32. 

  32. ATTRIBUTE = config.get("auth", "ldap_attribute")
    33. 

  33. FILTER = config.get("auth", "ldap_filter")
    34. 

  34. CONNEXION = ldap.initialize(config.get("auth", "ldap_url"))
    35. 

  35. BINDDN = config.get("auth", "ldap_binddn")
    36. 

  36. PASSWORD = config.get("auth", "ldap_password")
    37. 

  37. SCOPE = getattr(ldap, "SCOPE_%s" % config.get("auth", "ldap_scope").upper())
    38. 

  38. 

  39. 

  40. def is_authenticated(user, password):
    41. 

  41.     """Check if ``user``/``password`` couple is valid."""
    42. 

  42.     global CONNEXION
    43. 

  43. 

  44.     try:
    45. 

  45.         CONNEXION.whoami_s()
    46. 

  46.     except:
    47. 

  47.         log.LOGGER.debug("Reconnecting the LDAP server")
    48. 

  48.         CONNEXION = ldap.initialize(config.get("auth", "ldap_url"))
    49. 

  49. 

  50.     if BINDDN and PASSWORD:
    51. 

  51.         log.LOGGER.debug("Initial LDAP bind as %s" % BINDDN)
    52. 

  52.         CONNEXION.simple_bind_s(BINDDN, PASSWORD)
    53. 

  53. 

  54.     distinguished_name = "%s=%s" % (ATTRIBUTE, ldap.dn.escape_dn_chars(user))
    55. 

  55.     log.LOGGER.debug(
    56. 

  56.         "LDAP bind for %s in base %s" % (distinguished_name, BASE))
    57. 

  57. 

  58.     if FILTER:
    59. 

  59.         filter_string = "(&(%s)%s)" % (distinguished_name, FILTER)
    60. 

  60.     else:
    61. 

  61.         filter_string = distinguished_name
    62. 

  62.     log.LOGGER.debug("Used LDAP filter: %s" % filter_string)
    63. 

  63. 

  64.     users = CONNEXION.search_s(BASE, SCOPE, filter_string)
    65. 

  65.     if users:
    66. 

  66.         log.LOGGER.debug("User %s found" % user)
    67. 

  67.         try:
    68. 

  68.             CONNEXION.simple_bind_s(users[0][0], password or "")
    69. 

  69.         except ldap.LDAPError:
    70. 

  70.             log.LOGGER.debug("Invalid credentials")
    71. 

  71.         else:
    72. 

  72.             log.LOGGER.debug("LDAP bind OK")
    73. 

  73.             return True
    74. 

  74.     else:
    75. 

  75.         log.LOGGER.debug("User %s not found" % user)
    76. 

  76. 

  77.     log.LOGGER.debug("LDAP bind failed")
    78. 

  78.     return False
    79.