282 else: |
282 else: |
283 self._authenticate(conn, {'dn': self.cnx_dn}, self.cnx_pwd) |
283 self._authenticate(conn, {'dn': self.cnx_dn}, self.cnx_pwd) |
284 else: |
284 else: |
285 # user specified, we want to check user/password, no need to return |
285 # user specified, we want to check user/password, no need to return |
286 # the connection which will be thrown out |
286 # the connection which will be thrown out |
287 self._authenticate(conn, user, userpwd) |
287 if not self._authenticate(conn, user, userpwd): |
|
288 raise AuthenticationError() |
288 return conn |
289 return conn |
289 |
290 |
290 def _auth_simple(self, conn, user, userpwd): |
291 def _auth_simple(self, conn, user, userpwd): |
291 conn.authentication = ldap3.AUTH_SIMPLE |
292 conn.authentication = ldap3.AUTH_SIMPLE |
292 conn.user = user['dn'] |
293 conn.user = user['dn'] |
293 conn.password = userpwd |
294 conn.password = userpwd |
294 conn.bind() |
295 return conn.bind() |
295 |
296 |
296 def _auth_digest_md5(self, conn, user, userpwd): |
297 def _auth_digest_md5(self, conn, user, userpwd): |
297 conn.authentication = ldap3.AUTH_SASL |
298 conn.authentication = ldap3.AUTH_SASL |
298 conn.sasl_mechanism = 'DIGEST-MD5' |
299 conn.sasl_mechanism = 'DIGEST-MD5' |
299 # realm, user, password, authz-id |
300 # realm, user, password, authz-id |
300 conn.sasl_credentials = (None, user['dn'], userpwd, None) |
301 conn.sasl_credentials = (None, user['dn'], userpwd, None) |
301 conn.bind() |
302 return conn.bind() |
302 |
303 |
303 def _auth_gssapi(self, conn, user, userpwd): |
304 def _auth_gssapi(self, conn, user, userpwd): |
304 conn.authentication = ldap3.AUTH_SASL |
305 conn.authentication = ldap3.AUTH_SASL |
305 conn.sasl_mechanism = 'GSSAPI' |
306 conn.sasl_mechanism = 'GSSAPI' |
306 conn.bind() |
307 return conn.bind() |
307 |
308 |
308 def _search(self, cnx, base, scope, |
309 def _search(self, cnx, base, scope, |
309 searchstr='(objectClass=*)', attrs=()): |
310 searchstr='(objectClass=*)', attrs=()): |
310 """make an ldap query""" |
311 """make an ldap query""" |
311 self.debug('ldap search %s %s %s %s %s', self.uri, base, scope, |
312 self.debug('ldap search %s %s %s %s %s', self.uri, base, scope, |