95 |
95 |
96 ('data-cnx-dn', |
96 ('data-cnx-dn', |
97 {'type' : 'string', |
97 {'type' : 'string', |
98 'default': '', |
98 'default': '', |
99 'help': 'user dn to use to open data connection to the ldap (eg used \ |
99 'help': 'user dn to use to open data connection to the ldap (eg used \ |
100 to respond to rql queries).', |
100 to respond to rql queries). Leave empty for anonymous bind', |
101 'group': 'ldap-source', 'level': 1, |
101 'group': 'ldap-source', 'level': 1, |
102 }), |
102 }), |
103 ('data-cnx-password', |
103 ('data-cnx-password', |
104 {'type' : 'string', |
104 {'type' : 'string', |
105 'default': '', |
105 'default': '', |
106 'help': 'password to use to open data connection to the ldap (eg used to respond to rql queries).', |
106 'help': 'password to use to open data connection to the ldap (eg used to respond to rql queries). Leave empty for anonymous bind.', |
107 'group': 'ldap-source', 'level': 1, |
107 'group': 'ldap-source', 'level': 1, |
108 }), |
108 }), |
109 |
109 |
110 ('user-base-dn', |
110 ('user-base-dn', |
111 {'type' : 'string', |
111 {'type' : 'string', |
112 'default': 'ou=People,dc=logilab,dc=fr', |
112 'default': 'ou=People,dc=logilab,dc=fr', |
113 'help': 'base DN to lookup for users', |
113 'help': 'base DN to lookup for users', |
114 'group': 'ldap-source', 'level': 0, |
114 'group': 'ldap-source', 'level': 1, |
115 }), |
115 }), |
116 ('user-scope', |
116 ('user-scope', |
117 {'type' : 'choice', |
117 {'type' : 'choice', |
118 'default': 'ONELEVEL', |
118 'default': 'ONELEVEL', |
119 'choices': ('BASE', 'ONELEVEL', 'SUBTREE'), |
119 'choices': ('BASE', 'ONELEVEL', 'SUBTREE'), |
120 'help': 'user search scope', |
120 'help': 'user search scope (valid values: "BASE", "ONELEVEL", "SUBTREE")', |
121 'group': 'ldap-source', 'level': 1, |
121 'group': 'ldap-source', 'level': 1, |
122 }), |
122 }), |
123 ('user-classes', |
123 ('user-classes', |
124 {'type' : 'csv', |
124 {'type' : 'csv', |
125 'default': ('top', 'posixAccount'), |
125 'default': ('top', 'posixAccount'), |
126 'help': 'classes of user', |
126 'help': 'classes of user (with Active Directory, you want to say "user" here)', |
127 'group': 'ldap-source', 'level': 1, |
127 'group': 'ldap-source', 'level': 1, |
128 }), |
128 }), |
129 ('user-filter', |
129 ('user-filter', |
130 {'type': 'string', |
130 {'type': 'string', |
131 'default': '', |
131 'default': '', |
133 'group': 'ldap-source', 'level': 2, |
133 'group': 'ldap-source', 'level': 2, |
134 }), |
134 }), |
135 ('user-login-attr', |
135 ('user-login-attr', |
136 {'type' : 'string', |
136 {'type' : 'string', |
137 'default': 'uid', |
137 'default': 'uid', |
138 'help': 'attribute used as login on authentication', |
138 'help': 'attribute used as login on authentication (with Active Directory, you want to use "sAMAccountName" here)', |
139 'group': 'ldap-source', 'level': 1, |
139 'group': 'ldap-source', 'level': 1, |
140 }), |
140 }), |
141 ('user-default-group', |
141 ('user-default-group', |
142 {'type' : 'csv', |
142 {'type' : 'csv', |
143 'default': ('users',), |
143 'default': ('users',), |
146 'group': 'ldap-source', 'level': 1, |
146 'group': 'ldap-source', 'level': 1, |
147 }), |
147 }), |
148 ('user-attrs-map', |
148 ('user-attrs-map', |
149 {'type' : 'named', |
149 {'type' : 'named', |
150 'default': {'uid': 'login', 'gecos': 'email'}, |
150 'default': {'uid': 'login', 'gecos': 'email'}, |
151 'help': 'map from ldap user attributes to cubicweb attributes', |
151 'help': 'map from ldap user attributes to cubicweb attributes (with Active Directory, you want to use sAMAccountName:login,mail:email,givenName:firstname,sn:surname)', |
152 'group': 'ldap-source', 'level': 1, |
152 'group': 'ldap-source', 'level': 1, |
153 }), |
153 }), |
154 |
154 |
155 ('synchronization-interval', |
155 ('synchronization-interval', |
156 {'type' : 'time', |
156 {'type' : 'time', |
280 """open and return a connection to the source""" |
280 """open and return a connection to the source""" |
281 if self._conn is None: |
281 if self._conn is None: |
282 try: |
282 try: |
283 self._connect() |
283 self._connect() |
284 except: |
284 except: |
285 self.exception('cant connect to ldap') |
285 self.exception('unable to connect to ldap:') |
286 return ConnectionWrapper(self._conn) |
286 return ConnectionWrapper(self._conn) |
287 |
287 |
288 def authenticate(self, session, login, password=None, **kwargs): |
288 def authenticate(self, session, login, password=None, **kwargs): |
289 """return CWUser eid for the given login/password if this account is |
289 """return CWUser eid for the given login/password if this account is |
290 defined in this source, else raise `AuthenticationError` |
290 defined in this source, else raise `AuthenticationError` |