projects / pbs.git / blame
| Commit | Line | Data |
|---|---|---|
| 8d8d65b4 JS |
1 | #!/usr/bin/python |
| 2 | ||
| b7debe9f MT |
3 | from __future__ import absolute_import |
| 4 | ||
| 8d8d65b4 JS |
5 | import ldap |
| 6 | import logging | |
| 7 | ||
| 96d39e22 MT |
8 | log = logging.getLogger("ldap") |
| 9 | log.propagate = 1 | |
| 10 | ||
| 8d8d65b4 JS |
11 | from . import base |
| 12 | from .decorators import * | |
| 13 | ||
| 8d8d65b4 JS |
14 | class LDAP(base.Object): |
| 15 | @lazy_property | |
| 16 | def ldap(self): | |
| 17 | ldap_uri = self.settings.get("ldap_uri") | |
| 96d39e22 MT |
18 | |
| 19 | log.debug("Connecting to %s..." % ldap_uri) | |
| 20 | ||
| 21 | # Establish LDAP connection | |
| 8d8d65b4 | 22 | return ldap.initialize(ldap_uri) |
| 96d39e22 | 23 | |
| 8d8d65b4 | 24 | def search(self, query, attrlist=None, limit=0): |
| 96d39e22 | 25 | log.debug("Performing LDAP query: %s" % query) |
| 8d8d65b4 JS |
26 | |
| 27 | search_base = self.settings.get("ldap_search_base") | |
| 28 | ||
| 29 | results = self.ldap.search_ext_s(search_base, ldap.SCOPE_SUBTREE, | |
| 30 | query, attrlist=attrlist, sizelimit=limit) | |
| 31 | ||
| 32 | return results | |
| 33 | ||
| 34 | def auth(self, username, password): | |
| 96d39e22 | 35 | log.debug("Checking credentials for %s" % username) |
| 8d8d65b4 | 36 | |
| ba1958a5 | 37 | dn = self.get_dn(username) |
| 8d8d65b4 | 38 | if not dn: |
| ba1958a5 | 39 | log.debug("Could not resolve %s to dn" % username) |
| 8d8d65b4 JS |
40 | return False |
| 41 | ||
| 42 | return self.bind(dn, password) | |
| 43 | ||
| 44 | def bind(self, dn, password): | |
| 45 | try: | |
| 46 | self.ldap.simple_bind_s(dn, password) | |
| 47 | except ldap.INVALID_CREDENTIALS: | |
| 96d39e22 | 48 | log.debug("Account credentials for %s are invalid" % dn) |
| 8d8d65b4 JS |
49 | return False |
| 50 | ||
| 96d39e22 MT |
51 | log.debug("Successfully authenticated %s" % dn) |
| 52 | ||
| 8d8d65b4 JS |
53 | return True |
| 54 | ||
| 55 | def get_dn_by_uid(self, uid): | |
| 3ddfed9b | 56 | dn, attrs = self.get_user_by_uid(uid, attrlist=["uid"]) |
| 8d8d65b4 | 57 | |
| 8d8d65b4 JS |
58 | return dn |
| 59 | ||
| ba1958a5 | 60 | def get_dn_by_mail(self, mail): |
| 3ddfed9b | 61 | dn, attrs = self.get_user_by_mail(mail, attrlist=["uid"]) |
| ba1958a5 | 62 | |
| 3ddfed9b | 63 | return dn |
| ba1958a5 JS |
64 | |
| 65 | def get_dn(self, name): | |
| 66 | return self.get_dn_by_uid(name) or self.get_dn_by_mail(name) | |
| 67 | ||
| 3ddfed9b MT |
68 | def get_user_by_uid(self, uid, **kwargs): |
| 69 | result = self.search("(&(objectClass=posixAccount)(uid=%s))" % uid, limit=1, **kwargs) | |
| ba1958a5 | 70 | for dn, attrs in result: |
| 3ddfed9b | 71 | return dn, attrs |
| ba1958a5 | 72 | |
| 3ddfed9b | 73 | return None, None |
| ba1958a5 | 74 | |
| 3ddfed9b MT |
75 | def get_user_by_mail(self, mail, **kwargs): |
| 76 | result = self.search("(&(objectClass=posixAccount)(mail=%s))" % mail, limit=1, **kwargs) | |
| 8d8d65b4 | 77 | for dn, attrs in result: |
| 3ddfed9b | 78 | return dn, attrs |
| 8d8d65b4 | 79 | |
| 3ddfed9b | 80 | return None, None |
| ba1958a5 JS |
81 | |
| 82 | def get_user(self, name, **kwargs): | |
| 83 | return self.get_user_by_dn(name, **kwargs) or self.get_user_by_mail(name, **kwargs) |