93 |
93 |
94 ('data-cnx-dn', |
94 ('data-cnx-dn', |
95 {'type' : 'string', |
95 {'type' : 'string', |
96 'default': '', |
96 'default': '', |
97 'help': 'user dn to use to open data connection to the ldap (eg used \ |
97 'help': 'user dn to use to open data connection to the ldap (eg used \ |
98 to respond to rql queries).', |
98 to respond to rql queries). Leave empty for anonymous bind', |
99 'group': 'ldap-source', 'level': 1, |
99 'group': 'ldap-source', 'level': 1, |
100 }), |
100 }), |
101 ('data-cnx-password', |
101 ('data-cnx-password', |
102 {'type' : 'string', |
102 {'type' : 'string', |
103 'default': '', |
103 'default': '', |
104 'help': 'password to use to open data connection to the ldap (eg used to respond to rql queries).', |
104 'help': 'password to use to open data connection to the ldap (eg used to respond to rql queries). Leave empty for anonymous bind.', |
105 'group': 'ldap-source', 'level': 1, |
105 'group': 'ldap-source', 'level': 1, |
106 }), |
106 }), |
107 |
107 |
108 ('user-base-dn', |
108 ('user-base-dn', |
109 {'type' : 'string', |
109 {'type' : 'string', |
110 'default': 'ou=People,dc=logilab,dc=fr', |
110 'default': 'ou=People,dc=logilab,dc=fr', |
111 'help': 'base DN to lookup for users', |
111 'help': 'base DN to lookup for users', |
112 'group': 'ldap-source', 'level': 0, |
112 'group': 'ldap-source', 'level': 1, |
113 }), |
113 }), |
114 ('user-scope', |
114 ('user-scope', |
115 {'type' : 'choice', |
115 {'type' : 'choice', |
116 'default': 'ONELEVEL', |
116 'default': 'ONELEVEL', |
117 'choices': ('BASE', 'ONELEVEL', 'SUBTREE'), |
117 'choices': ('BASE', 'ONELEVEL', 'SUBTREE'), |
118 'help': 'user search scope', |
118 'help': 'user search scope (valid values: "BASE", "ONELEVEL", "SUBTREE")', |
119 'group': 'ldap-source', 'level': 1, |
119 'group': 'ldap-source', 'level': 1, |
120 }), |
120 }), |
121 ('user-classes', |
121 ('user-classes', |
122 {'type' : 'csv', |
122 {'type' : 'csv', |
123 'default': ('top', 'posixAccount'), |
123 'default': ('top', 'posixAccount'), |
124 'help': 'classes of user', |
124 'help': 'classes of user (with Active Directory, you want to say "user" here)', |
125 'group': 'ldap-source', 'level': 1, |
125 'group': 'ldap-source', 'level': 1, |
126 }), |
126 }), |
127 ('user-filter', |
127 ('user-filter', |
128 {'type': 'string', |
128 {'type': 'string', |
129 'default': '', |
129 'default': '', |
131 'group': 'ldap-source', 'level': 2, |
131 'group': 'ldap-source', 'level': 2, |
132 }), |
132 }), |
133 ('user-login-attr', |
133 ('user-login-attr', |
134 {'type' : 'string', |
134 {'type' : 'string', |
135 'default': 'uid', |
135 'default': 'uid', |
136 'help': 'attribute used as login on authentication', |
136 'help': 'attribute used as login on authentication (with Active Directory, you want to use "sAMAccountName" here)', |
137 'group': 'ldap-source', 'level': 1, |
137 'group': 'ldap-source', 'level': 1, |
138 }), |
138 }), |
139 ('user-default-group', |
139 ('user-default-group', |
140 {'type' : 'csv', |
140 {'type' : 'csv', |
141 'default': ('users',), |
141 'default': ('users',), |
144 'group': 'ldap-source', 'level': 1, |
144 'group': 'ldap-source', 'level': 1, |
145 }), |
145 }), |
146 ('user-attrs-map', |
146 ('user-attrs-map', |
147 {'type' : 'named', |
147 {'type' : 'named', |
148 'default': {'uid': 'login', 'gecos': 'email'}, |
148 'default': {'uid': 'login', 'gecos': 'email'}, |
149 'help': 'map from ldap user attributes to cubicweb attributes', |
149 'help': 'map from ldap user attributes to cubicweb attributes (with Active Directory, you want to use sAMAccountName:login,mail:email,givenName:firstname,sn:surname)', |
150 'group': 'ldap-source', 'level': 1, |
150 'group': 'ldap-source', 'level': 1, |
151 }), |
151 }), |
152 |
152 |
153 ('synchronization-interval', |
153 ('synchronization-interval', |
154 {'type' : 'time', |
154 {'type' : 'time', |
271 """open and return a connection to the source""" |
271 """open and return a connection to the source""" |
272 if self._conn is None: |
272 if self._conn is None: |
273 try: |
273 try: |
274 self._connect() |
274 self._connect() |
275 except: |
275 except: |
276 self.exception('cant connect to ldap') |
276 self.exception('unable to connect to ldap:') |
277 return ConnectionWrapper(self._conn) |
277 return ConnectionWrapper(self._conn) |
278 |
278 |
279 def authenticate(self, session, login, password=None, **kwargs): |
279 def authenticate(self, session, login, password=None, **kwargs): |
280 """return CWUser eid for the given login/password if this account is |
280 """return CWUser eid for the given login/password if this account is |
281 defined in this source, else raise `AuthenticationError` |
281 defined in this source, else raise `AuthenticationError` |