|
@ -44,16 +44,21 @@ class Auth(BaseAuth): |
|
|
accessGroupFilter = self.configuration.get("auth", "ldap_access_group_filter") |
|
|
accessGroupFilter = self.configuration.get("auth", "ldap_access_group_filter") |
|
|
accessGroupAttribute = self.configuration.get("auth", "ldap_access_group_attribute") |
|
|
accessGroupAttribute = self.configuration.get("auth", "ldap_access_group_attribute") |
|
|
|
|
|
|
|
|
logger.debug("LDAP: start connection") |
|
|
|
|
|
|
|
|
logger.info("LDAP: start connection") |
|
|
|
|
|
logger.debug("LDAP: server URL: %s" % serverUrl) |
|
|
|
|
|
logger.debug("LDAP: binddn: %s" % binddn) |
|
|
|
|
|
logger.debug("LDAP: secret: %s" % secret) |
|
|
## TODO: check for errors |
|
|
## TODO: check for errors |
|
|
server = ldap3.Server(serverUrl) |
|
|
server = ldap3.Server(serverUrl) |
|
|
conn = ldap3.Connection(server, binddn, secret) |
|
|
conn = ldap3.Connection(server, binddn, secret) |
|
|
conn.bind() |
|
|
conn.bind() |
|
|
result = conn.result |
|
|
result = conn.result |
|
|
|
|
|
|
|
|
|
|
|
logger.info("LDAP: connection successful") |
|
|
logger.debug("LDAP bind result: %s" % str(result)) |
|
|
logger.debug("LDAP bind result: %s" % str(result)) |
|
|
|
|
|
|
|
|
if result['description'] == "invalidCredentials": |
|
|
if result['description'] == "invalidCredentials": |
|
|
|
|
|
logger.warning("LDAP: binddn credentials are invalid") |
|
|
return "" |
|
|
return "" |
|
|
|
|
|
|
|
|
if accessGroupFilter: |
|
|
if accessGroupFilter: |
|
@ -73,10 +78,10 @@ class Auth(BaseAuth): |
|
|
accessGroupDn = conn.response[0]['dn'] |
|
|
accessGroupDn = conn.response[0]['dn'] |
|
|
logger.debug("LDAP access group DN: %s" % accessGroupDn) |
|
|
logger.debug("LDAP access group DN: %s" % accessGroupDn) |
|
|
else: |
|
|
else: |
|
|
logger.debug("LDAP: ERROR: more than 1 group found") |
|
|
|
|
|
|
|
|
logger.warning("LDAP: more than 1 group found") |
|
|
return "" |
|
|
return "" |
|
|
else: |
|
|
else: |
|
|
logger.debug("LDAP: ERROR: no group found") |
|
|
|
|
|
|
|
|
logger.warning("LDAP: no group found") |
|
|
return "" |
|
|
return "" |
|
|
|
|
|
|
|
|
logger.debug("LDAP user filter: %s" % userFilter) |
|
|
logger.debug("LDAP user filter: %s" % userFilter) |
|
@ -110,10 +115,10 @@ class Auth(BaseAuth): |
|
|
logger.debug("LDAP: user is NOT in access group") |
|
|
logger.debug("LDAP: user is NOT in access group") |
|
|
return "" |
|
|
return "" |
|
|
else: |
|
|
else: |
|
|
logger.debug("LDAP: ERROR: more than 1 user found") |
|
|
|
|
|
|
|
|
logger.warning("LDAP: more than 1 user found") |
|
|
return "" |
|
|
return "" |
|
|
else: |
|
|
else: |
|
|
logger.debug("LDAP: ERROR: no user found") |
|
|
|
|
|
|
|
|
logger.warning("LDAP: no user found") |
|
|
return "" |
|
|
return "" |
|
|
|
|
|
|
|
|
logger.debug("LDAP: restart connection for user") |
|
|
logger.debug("LDAP: restart connection for user") |
|
@ -126,6 +131,8 @@ class Auth(BaseAuth): |
|
|
logger.debug("LDAP bind result: %s" % str(result)) |
|
|
logger.debug("LDAP bind result: %s" % str(result)) |
|
|
|
|
|
|
|
|
if result['description'] == "invalidCredentials": |
|
|
if result['description'] == "invalidCredentials": |
|
|
|
|
|
logger.warning("LDAP: user credentials are invalid") |
|
|
return "" |
|
|
return "" |
|
|
else: |
|
|
else: |
|
|
|
|
|
logger.info("LDAP: user successful verified") |
|
|
return userAttributeValue |
|
|
return userAttributeValue |