Mercurial Mercurial > pub > hg > cubicweb / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
server/sources/ldapuser.py
branchstable
changeset 5855 db59080f1c8d
parent 5836 e654c13b57b8
child 5856 a02129508378
equal deleted inserted replaced
5851:74f68d6549c0 5855:db59080f1c8d 
   276 
   276 
   277         two queries are needed since passwords are stored crypted, so we have
 
   277         two queries are needed since passwords are stored crypted, so we have
 
   278         to fetch the salt first
 
   278         to fetch the salt first
 
   279         """
 
   279         """
 
   280         self.info('ldap authenticate %s', login)
 
   280         self.info('ldap authenticate %s', login)
 
   281         if password is None:
 
   281         if not password:
 
       
   282             # On Windows + ADAM this would have succeeded (!!!)
 
       
   283             # You get Authenticated as: 'NT AUTHORITY\ANONYMOUS LOGON'.
 
       
   284             # we really really don't want that
 
   282             raise AuthenticationError()
 
   285             raise AuthenticationError()
 
   283         searchfilter = [filter_format('(%s=%s)', (self.user_login_attr, login))]
 
   286         searchfilter = [filter_format('(%s=%s)', (self.user_login_attr, login))]
 
   284         searchfilter.extend([filter_format('(%s=%s)', ('objectClass', o))
 
   287         searchfilter.extend([filter_format('(%s=%s)', ('objectClass', o))
 
   285                              for o in self.user_classes])
 
   288                              for o in self.user_classes])
 
   286         searchstr = '(&%s)' % ''.join(searchfilter)
 
   289         searchstr = '(&%s)' % ''.join(searchfilter)
 
   291         except IndexError:
 
   294         except IndexError:
 
   292             # no such user
 
   295             # no such user
 
   293             raise AuthenticationError()
 
   296             raise AuthenticationError()
 
   294         # check password by establishing a (unused) connection
 
   297         # check password by establishing a (unused) connection
 
   295         try:
 
   298         try:
 
   296             if password:
 
   299             self._connect(user, password)
 
   297                 self._connect(user, password)
 
   300         except Exception:
 
   298             else:
 
   301             self.error('while trying to authenticate %s: %s', user,
 
   299                 # On Windows + ADAM this would have succeeded (!!!)
 
   302                        exc_info=True)
 
   300                 # You get Authenticated as: 'NT AUTHORITY\ANONYMOUS LOGON'.
 
       
   301                 # we really really don't want that
 
       
   302                 raise Exception('No password provided')
 
       
   303         except Exception, ex:
 
       
   304             self.info('while trying to authenticate %s: %s', user, ex)
 
       
   305             # Something went wrong, most likely bad credentials
 
   303             # Something went wrong, most likely bad credentials
 
   306             raise AuthenticationError()
 
   304             raise AuthenticationError()
 
   307         return self.extid2eid(user['dn'], 'CWUser', session)
 
   305         return self.extid2eid(user['dn'], 'CWUser', session)
 
   308 
   306 
   309     def ldap_name(self, var):
 
   307     def ldap_name(self, var):
cubicweb