]> git.ipfire.org Git - ipfire.org.git/commitdiff
projects / ipfire.org.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 425420e)
ldap: Authenticate using Kerberos
authorMichael Tremer <michael.tremer@ipfire.org>
Tue, 6 Aug 2019 14:26:41 +0000 (15:26 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Tue, 6 Aug 2019 14:26:41 +0000 (15:26 +0100)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
src/backend/accounts.py patch | blob | blame | history
src/backend/base.py patch | blob | blame | history

diff --git a/src/backend/accounts.py b/src/backend/accounts.py
index 1e586fc54eaf08423da7c9b923b2ba16abebd15e..d49ed5e728b4b102e1bd00fdf6b698efd23734f6 100644 (file)
--- a/src/backend/accounts.py
+++ b/src/backend/accounts.py
@@ -5,6 +5,7 @@ import datetime
 import ldap
 import ldap.modlist
 import logging
+import os
 import phonenumbers
 import sshpubkeys
 import time
@@ -17,6 +18,9 @@ from . import util
 from .decorators import *
 from .misc import Object
 
+# Set the client keytab name
+os.environ["KRB5_CLIENT_KTNAME"] = "/etc/ipfire.org/ldap.keytab"
+
 class Accounts(Object):
        def init(self):
                self.search_base = self.settings.get("ldap_search_base")
@@ -39,11 +43,15 @@ class Accounts(Object):
                        retry_max=10, retry_delay=3)
 
        def _authenticate(self):
-               # Bind with username and password
-               self.ldap.simple_bind(
-                       self.settings.get("ldap_bind_dn"),
-                       self.settings.get("ldap_bind_pw", ""),
-               )
+               # Authenticate against LDAP server using Kerberos
+               self.ldap.sasl_gssapi_bind_s()
+
+       def test_ldap(self):
+               logging.info("Testing LDAP connection...")
+
+               self._authenticate()
+
+               logging.info("Successfully authenticated as %s" % self.ldap.whoami_s())
 
        def _query(self, query, attrlist=None, limit=0, search_base=None):
                logging.debug("Performing LDAP query: %s" % query)
diff --git a/src/backend/base.py b/src/backend/base.py
index 40cc70a0ee74e02837ee1e324c95fe490b2eedc5..19797edb58c507acfb423ff59444528764d9bd7b 100644 (file)
--- a/src/backend/base.py
+++ b/src/backend/base.py
@@ -94,6 +94,7 @@ class Backend(object):
                        "cleanup"           : self.cleanup,
                        "scan-files"        : self.releases.scan_files,
                        "send-all-messages" : self.messages.queue.send_all,
+                       "test-ldap"         : self.accounts.test_ldap,
                        "tweet"             : self.tweets.tweet,
                        "update-blog-feeds" : self.blog.update_feeds,
                }
The website of ipfire.org.