import ldap
import ldap.modlist
import logging
+import os
import phonenumbers
import sshpubkeys
import time
from .decorators import *
from .misc import Object
+# Set the client keytab name
+os.environ["KRB5_CLIENT_KTNAME"] = "/etc/ipfire.org/ldap.keytab"
+
class Accounts(Object):
def init(self):
self.search_base = self.settings.get("ldap_search_base")
retry_max=10, retry_delay=3)
def _authenticate(self):
- # Bind with username and password
- self.ldap.simple_bind(
- self.settings.get("ldap_bind_dn"),
- self.settings.get("ldap_bind_pw", ""),
- )
+ # Authenticate against LDAP server using Kerberos
+ self.ldap.sasl_gssapi_bind_s()
+
+ def test_ldap(self):
+ logging.info("Testing LDAP connection...")
+
+ self._authenticate()
+
+ logging.info("Successfully authenticated as %s" % self.ldap.whoami_s())
def _query(self, query, attrlist=None, limit=0, search_base=None):
logging.debug("Performing LDAP query: %s" % query)
"cleanup" : self.cleanup,
"scan-files" : self.releases.scan_files,
"send-all-messages" : self.messages.queue.send_all,
+ "test-ldap" : self.accounts.test_ldap,
"tweet" : self.tweets.tweet,
"update-blog-feeds" : self.blog.update_feeds,
}