Differential D3349 Diff 9559 pykolab/auth/ldap/__init__.py

Changeset View

Standalone View

pykolab/auth/ldap/init.py

Show First 20 Lines • Show All 1,499 Lines • ▼ Show 20 Lines	def _bind(self, bind_dn=None, bind_pw=None):
_l("Invalid DN, username and/or password for '%s'.") % (		_l("Invalid DN, username and/or password for '%s'.") % (
bind_dn		bind_dn
)		)
)		)

return False		return False

except ldap.INVALID_CREDENTIALS:		except ldap.INVALID_CREDENTIALS:
		if self._bind_sso(bind_dn, bind_pw):
		return True

log.error(		log.error(
_l("Invalid DN, username and/or password for '%s'.") % (		_l("Invalid DN, username and/or password for '%s'.") % (
bind_dn		bind_dn
)		)
)		)

return False		return False

else:		else:
log.debug(_l("bind() called but already bound"), level=8)		log.debug(_l("bind() called but already bound"), level=8)

return True		return True

		def _bind_sso(self, bind_dn=None, bind_pw=None):
		sso_uri = self.config_get('ldap','sso_uri')

		if sso_uri is None:
		return False

		sso_bind_dn = self.config_get('ldap','sso_bind_dn')
		sso_bind_pw = self.config_get('ldap','sso_bind_pw')
		sso_base_dn = self.config_get('ldap','sso_base_dn')
		sso_kolab_uid_attr = self.config_get('ldap','sso_kolab_uid_attr')
		sso_ext_uid_attr = self.config_get('ldap','sso_ext_uid_attr')
		sso_sync_password = self.config_get('ldap','sso_sync_password')

		if sso_bind_dn is None:
		log.error("sso_bind_dn in kolab.conf is missing")

		return False

		if sso_bind_pw is None:
		log.error("sso_bind_pw in kolab.conf is missing")

		return False

		if sso_base_dn is None:
		log.error("sso_base_dn in kolab.conf is missing")

		return False

		if sso_kolab_uid_attr is None:
		log.error("sso_kolab_uid_attr in kolab.conf is missing")

		return False

		if sso_ext_uid_attr is None:
		log.error("sso_ext_uid_attr in kolab.conf is missing")

		return False

		if sso_sync_password is None:
		log.error("sso_sync_password in kolab.conf is missing")

		return False

		timeout = float(self.config_get('ldap', 'timeout', default=10))
		base_dn = auth_cache.get_entry(self.domain)

		self._bind()

		try:
		# find kolab uid attr of current user on local ldap server

		_search = self.ldap.search_st(
		bind_dn,
		ldap.SCOPE_SUBTREE,
		filterstr=None,
		attrlist=[sso_kolab_uid_attr],
		timeout=timeout
		)
		except Exception, errmsg:
		log.error(errmsg)

		uid = _search[0][1][sso_kolab_uid_attr][0]

		log.warning("Cannot authenticate against local password. Using SSO LDAP Server: %r" % (sso_uri))

		try:
		sso_conn = ldap.ldapobject.ReconnectLDAPObject( sso_uri )
		sso_conn.simple_bind_s( sso_bind_dn, sso_bind_pw )

		except Exception, errmsg:
		log.error("Could not bind SSO LDAP Server %r: %r" % (sso_uri,errmsg))
		return False

		try:
		# find dn of corresponding user on external ldap server

		_search = sso_conn.search_st(
		sso_base_dn,
		ldap.SCOPE_SUBTREE,
		sso_ext_uid_attr+"="+uid,
		['dn'],
		attrsonly=True,
		timeout=timeout
		)

		sso_ldap_user_dn = _search[0][0]

		log.info("External DN: %r" % (sso_ldap_user_dn))

		sso_conn.simple_bind_s( sso_ldap_user_dn, bind_pw )

		retval = True

		if sso_sync_password == 'True':
		try:
		log.info("Writing password to local LDAP entry: %r" % (bind_dn))

		self._bind_priv()
		self.ldap_priv.passwd_s(bind_dn, '', bind_pw)
		except Exception, errmsg:
		log.error(("Password coult not be written: %r") % (errmsg))
		pass
		else:
		log.warning("Password will not be synced to local LDAP entry: %r" % (bind_dn))

		except Exception, errmsg:
		log.error(("External authentication failed: %r") % (errmsg))

		return False

		return retval

def _bind_priv(self):		def _bind_priv(self):
if self.ldap_priv is None:		if self.ldap_priv is None:
self.connect(True)		self.connect(True)

bind_dn = self.config_get('bind_dn')		bind_dn = self.config_get('bind_dn')
bind_pw = self.config_get('bind_pw')		bind_pw = self.config_get('bind_pw')

try:		try:
▲ Show 20 Lines • Show All 1,744 Lines • Show Last 20 Lines