equal
deleted
inserted
replaced
116 {'type': 'string', |
116 {'type': 'string', |
117 'default': '', |
117 'default': '', |
118 'help': 'additional filters to be set in the ldap query to find valid users', |
118 'help': 'additional filters to be set in the ldap query to find valid users', |
119 'group': 'ldap-source', 'level': 2, |
119 'group': 'ldap-source', 'level': 2, |
120 }), |
120 }), |
|
121 ('start-tls', |
|
122 {'type': 'choice', |
|
123 'choices': ('true', 'false'), |
|
124 'default': 'false', |
|
125 'help': 'Start tls on connection (before bind)', |
|
126 'group': 'ldap-source', 'level': 1, |
|
127 }), |
121 ('user-login-attr', |
128 ('user-login-attr', |
122 {'type' : 'string', |
129 {'type' : 'string', |
123 'default': 'uid', |
130 'default': 'uid', |
124 'help': 'attribute used as login on authentication (with Active Directory, you want to use "sAMAccountName" here)', |
131 'help': 'attribute used as login on authentication (with Active Directory, you want to use "sAMAccountName" here)', |
125 'group': 'ldap-source', 'level': 1, |
132 'group': 'ldap-source', 'level': 1, |
195 typedconfig = self.config |
202 typedconfig = self.config |
196 self.authmode = typedconfig['auth-mode'] |
203 self.authmode = typedconfig['auth-mode'] |
197 self._authenticate = getattr(self, '_auth_%s' % self.authmode) |
204 self._authenticate = getattr(self, '_auth_%s' % self.authmode) |
198 self.cnx_dn = typedconfig['data-cnx-dn'] |
205 self.cnx_dn = typedconfig['data-cnx-dn'] |
199 self.cnx_pwd = typedconfig['data-cnx-password'] |
206 self.cnx_pwd = typedconfig['data-cnx-password'] |
|
207 self.start_tls = typedconfig['start-tls'] == "true" |
200 self.user_base_dn = str(typedconfig['user-base-dn']) |
208 self.user_base_dn = str(typedconfig['user-base-dn']) |
201 self.user_base_scope = LDAP_SCOPES[typedconfig['user-scope']] |
209 self.user_base_scope = LDAP_SCOPES[typedconfig['user-scope']] |
202 self.user_login_attr = typedconfig['user-login-attr'] |
210 self.user_login_attr = typedconfig['user-login-attr'] |
203 self.user_default_groups = typedconfig['user-default-group'] |
211 self.user_default_groups = typedconfig['user-default-group'] |
204 self.user_attrs = {'dn': 'eid', 'modifyTimestamp': 'modification_date'} |
212 self.user_attrs = {'dn': 'eid', 'modifyTimestamp': 'modification_date'} |
283 server = ldap3.Server(host, port=int(port)) |
291 server = ldap3.Server(host, port=int(port)) |
284 conn = ldap3.Connection( |
292 conn = ldap3.Connection( |
285 server, client_strategy=ldap3.RESTARTABLE, auto_referrals=False, |
293 server, client_strategy=ldap3.RESTARTABLE, auto_referrals=False, |
286 raise_exceptions=True, |
294 raise_exceptions=True, |
287 **kwargs) |
295 **kwargs) |
|
296 if self.start_tls: |
|
297 conn.start_tls() |
288 |
298 |
289 # Now bind with the credentials given. Let exceptions propagate out. |
299 # Now bind with the credentials given. Let exceptions propagate out. |
290 if user is None: |
300 if user is None: |
291 # anonymous bind |
301 # anonymous bind |
292 if not self.cnx_dn: |
302 if not self.cnx_dn: |
324 self.debug('ldap search %s %s %s %s %s', self.uri, base, scope, |
334 self.debug('ldap search %s %s %s %s %s', self.uri, base, scope, |
325 searchstr, list(attrs)) |
335 searchstr, list(attrs)) |
326 if self._conn is None: |
336 if self._conn is None: |
327 self._conn = self._connect() |
337 self._conn = self._connect() |
328 ldapcnx = self._conn |
338 ldapcnx = self._conn |
|
339 if self.start_tls: |
|
340 ldapcnx.start_tls() |
|
341 self.info("ldap start_tls started for %s", self.uri) |
329 if not ldapcnx.search(base, searchstr, search_scope=scope, attributes=set(attrs) - {'dn'}): |
342 if not ldapcnx.search(base, searchstr, search_scope=scope, attributes=set(attrs) - {'dn'}): |
330 return [] |
343 return [] |
331 result = [] |
344 result = [] |
332 for rec in ldapcnx.response: |
345 for rec in ldapcnx.response: |
333 if rec['type'] != 'searchResEntry': |
346 if rec['type'] != 'searchResEntry': |