equal
deleted
inserted
replaced
110 {'type': 'string', |
110 {'type': 'string', |
111 'default': '', |
111 'default': '', |
112 'help': 'additional filters to be set in the ldap query to find valid users', |
112 'help': 'additional filters to be set in the ldap query to find valid users', |
113 'group': 'ldap-source', 'level': 2, |
113 'group': 'ldap-source', 'level': 2, |
114 }), |
114 }), |
|
115 ('start-tls', |
|
116 {'type': 'choice', |
|
117 'choices': ('true', 'false'), |
|
118 'default': 'false', |
|
119 'help': 'Start tls on connection (before bind)', |
|
120 'group': 'ldap-source', 'level': 1, |
|
121 }), |
115 ('user-login-attr', |
122 ('user-login-attr', |
116 {'type': 'string', |
123 {'type': 'string', |
117 'default': 'uid', |
124 'default': 'uid', |
118 'help': 'attribute used as login on authentication (with Active Directory, you want to use "sAMAccountName" here)', |
125 'help': 'attribute used as login on authentication (with Active Directory, you want to use "sAMAccountName" here)', |
119 'group': 'ldap-source', 'level': 1, |
126 'group': 'ldap-source', 'level': 1, |
189 typedconfig = self.config |
196 typedconfig = self.config |
190 self.authmode = typedconfig['auth-mode'] |
197 self.authmode = typedconfig['auth-mode'] |
191 self._authenticate = getattr(self, '_auth_%s' % self.authmode) |
198 self._authenticate = getattr(self, '_auth_%s' % self.authmode) |
192 self.cnx_dn = typedconfig['data-cnx-dn'] |
199 self.cnx_dn = typedconfig['data-cnx-dn'] |
193 self.cnx_pwd = typedconfig['data-cnx-password'] |
200 self.cnx_pwd = typedconfig['data-cnx-password'] |
|
201 self.start_tls = typedconfig['start-tls'] == "true" |
194 self.user_base_dn = str(typedconfig['user-base-dn']) |
202 self.user_base_dn = str(typedconfig['user-base-dn']) |
195 self.user_base_scope = LDAP_SCOPES[typedconfig['user-scope']] |
203 self.user_base_scope = LDAP_SCOPES[typedconfig['user-scope']] |
196 self.user_login_attr = typedconfig['user-login-attr'] |
204 self.user_login_attr = typedconfig['user-login-attr'] |
197 self.user_default_groups = typedconfig['user-default-group'] |
205 self.user_default_groups = typedconfig['user-default-group'] |
198 self.user_attrs = {'dn': 'eid', 'modifyTimestamp': 'modification_date'} |
206 self.user_attrs = {'dn': 'eid', 'modifyTimestamp': 'modification_date'} |
277 server = ldap3.Server(host, port=int(port)) |
285 server = ldap3.Server(host, port=int(port)) |
278 conn = ldap3.Connection( |
286 conn = ldap3.Connection( |
279 server, client_strategy=ldap3.RESTARTABLE, auto_referrals=False, |
287 server, client_strategy=ldap3.RESTARTABLE, auto_referrals=False, |
280 raise_exceptions=True, |
288 raise_exceptions=True, |
281 **kwargs) |
289 **kwargs) |
|
290 if self.start_tls: |
|
291 conn.start_tls() |
282 |
292 |
283 # Now bind with the credentials given. Let exceptions propagate out. |
293 # Now bind with the credentials given. Let exceptions propagate out. |
284 if user is None: |
294 if user is None: |
285 # anonymous bind |
295 # anonymous bind |
286 if not self.cnx_dn: |
296 if not self.cnx_dn: |
318 self.debug('ldap search %s %s %s %s %s', self.uri, base, scope, |
328 self.debug('ldap search %s %s %s %s %s', self.uri, base, scope, |
319 searchstr, list(attrs)) |
329 searchstr, list(attrs)) |
320 if self._conn is None: |
330 if self._conn is None: |
321 self._conn = self._connect() |
331 self._conn = self._connect() |
322 ldapcnx = self._conn |
332 ldapcnx = self._conn |
|
333 if self.start_tls: |
|
334 ldapcnx.start_tls() |
|
335 self.info("ldap start_tls started for %s", self.uri) |
323 if not ldapcnx.search(base, searchstr, search_scope=scope, attributes=set(attrs) - {'dn'}): |
336 if not ldapcnx.search(base, searchstr, search_scope=scope, attributes=set(attrs) - {'dn'}): |
324 return [] |
337 return [] |
325 result = [] |
338 result = [] |
326 for rec in ldapcnx.response: |
339 for rec in ldapcnx.response: |
327 if rec['type'] != 'searchResEntry': |
340 if rec['type'] != 'searchResEntry': |