]>
Commit | Line | Data |
---|---|---|
8d8d65b4 JS |
1 | #!/usr/bin/python |
2 | ||
b7debe9f MT |
3 | from __future__ import absolute_import |
4 | ||
8d8d65b4 JS |
5 | import ldap |
6 | import logging | |
7 | ||
96d39e22 MT |
8 | log = logging.getLogger("ldap") |
9 | log.propagate = 1 | |
10 | ||
8d8d65b4 JS |
11 | from . import base |
12 | from .decorators import * | |
13 | ||
8d8d65b4 JS |
14 | class LDAP(base.Object): |
15 | @lazy_property | |
16 | def ldap(self): | |
17 | ldap_uri = self.settings.get("ldap_uri") | |
96d39e22 MT |
18 | |
19 | log.debug("Connecting to %s..." % ldap_uri) | |
20 | ||
21 | # Establish LDAP connection | |
8d8d65b4 | 22 | return ldap.initialize(ldap_uri) |
96d39e22 | 23 | |
8d8d65b4 | 24 | def search(self, query, attrlist=None, limit=0): |
96d39e22 | 25 | log.debug("Performing LDAP query: %s" % query) |
8d8d65b4 JS |
26 | |
27 | search_base = self.settings.get("ldap_search_base") | |
28 | ||
29 | results = self.ldap.search_ext_s(search_base, ldap.SCOPE_SUBTREE, | |
30 | query, attrlist=attrlist, sizelimit=limit) | |
31 | ||
32 | return results | |
33 | ||
34 | def auth(self, username, password): | |
96d39e22 | 35 | log.debug("Checking credentials for %s" % username) |
8d8d65b4 | 36 | |
ba1958a5 | 37 | dn = self.get_dn(username) |
8d8d65b4 | 38 | if not dn: |
ba1958a5 | 39 | log.debug("Could not resolve %s to dn" % username) |
8d8d65b4 JS |
40 | return False |
41 | ||
42 | return self.bind(dn, password) | |
43 | ||
44 | def bind(self, dn, password): | |
45 | try: | |
46 | self.ldap.simple_bind_s(dn, password) | |
47 | except ldap.INVALID_CREDENTIALS: | |
96d39e22 | 48 | log.debug("Account credentials for %s are invalid" % dn) |
8d8d65b4 JS |
49 | return False |
50 | ||
96d39e22 MT |
51 | log.debug("Successfully authenticated %s" % dn) |
52 | ||
8d8d65b4 JS |
53 | return True |
54 | ||
55 | def get_dn_by_uid(self, uid): | |
3ddfed9b | 56 | dn, attrs = self.get_user_by_uid(uid, attrlist=["uid"]) |
8d8d65b4 | 57 | |
8d8d65b4 JS |
58 | return dn |
59 | ||
ba1958a5 | 60 | def get_dn_by_mail(self, mail): |
3ddfed9b | 61 | dn, attrs = self.get_user_by_mail(mail, attrlist=["uid"]) |
ba1958a5 | 62 | |
3ddfed9b | 63 | return dn |
ba1958a5 JS |
64 | |
65 | def get_dn(self, name): | |
66 | return self.get_dn_by_uid(name) or self.get_dn_by_mail(name) | |
67 | ||
3ddfed9b MT |
68 | def get_user_by_uid(self, uid, **kwargs): |
69 | result = self.search("(&(objectClass=posixAccount)(uid=%s))" % uid, limit=1, **kwargs) | |
ba1958a5 | 70 | for dn, attrs in result: |
3ddfed9b | 71 | return dn, attrs |
ba1958a5 | 72 | |
3ddfed9b | 73 | return None, None |
ba1958a5 | 74 | |
3ddfed9b MT |
75 | def get_user_by_mail(self, mail, **kwargs): |
76 | result = self.search("(&(objectClass=posixAccount)(mail=%s))" % mail, limit=1, **kwargs) | |
8d8d65b4 | 77 | for dn, attrs in result: |
3ddfed9b | 78 | return dn, attrs |
8d8d65b4 | 79 | |
3ddfed9b | 80 | return None, None |
ba1958a5 JS |
81 | |
82 | def get_user(self, name, **kwargs): | |
83 | return self.get_user_by_dn(name, **kwargs) or self.get_user_by_mail(name, **kwargs) |