Merge branch 'master' of /usr/scripts/lc_ldap
This commit is contained in:
Daniel STAN
commit
50f5aabb45
1 changed files with 31 additions and 11 deletions
42
lc_ldap.py
42
lc_ldap.py
|
|
@ -143,15 +143,7 @@ class lc_ldap(ldap.ldapobject.LDAPObject, object):
|
|||
|
||||
# Si un username, on récupère le dn associé…
|
||||
if user and not dn:
|
||||
secrets = import_secrets()
|
||||
self.simple_bind_s(who=secrets.ldap_readonly_auth_dn, cred=secrets.ldap_readonly_password)
|
||||
res = self.search_s(base_dn, 1, 'uid=%s' % user)
|
||||
if len(res) < 1:
|
||||
raise ldap.INVALID_CREDENTIALS({'desc': 'No such user: %s' % user })
|
||||
elif len(res) > 1:
|
||||
raise ldap.INVALID_CREDENTIALS({'desc': 'Too many matches: uid=%s' % user })
|
||||
else:
|
||||
dn = res[0][0]
|
||||
dn = self.user_to_dn(user)
|
||||
|
||||
# Si on a un dn, on se connecte avec à la base ldap sinon on s'y
|
||||
# connecte en anonyme
|
||||
|
|
@ -167,6 +159,23 @@ class lc_ldap(ldap.ldapobject.LDAPObject, object):
|
|||
self.dn = None
|
||||
self.droits = []
|
||||
|
||||
def user_to_dn(self, user):
|
||||
"""Cherche le dn à partir de l'username."""
|
||||
self._first_bind()
|
||||
res = self.search_s(base_dn, 1, 'uid=%s' % user)
|
||||
if len(res) < 1:
|
||||
raise ldap.INVALID_CREDENTIALS({'desc': 'No such user: %s' % user })
|
||||
elif len(res) > 1:
|
||||
raise ldap.INVALID_CREDENTIALS({'desc': 'Too many matches: uid=%s' % user })
|
||||
else:
|
||||
dn = res[0][0]
|
||||
return dn
|
||||
|
||||
def _first_bind(self):
|
||||
"""Premier bind, avant de connaître le vrai dn."""
|
||||
secrets = import_secrets()
|
||||
self.simple_bind_s(who=secrets.ldap_readonly_auth_dn, cred=secrets.ldap_readonly_password)
|
||||
|
||||
def search(self, filterstr='(objectClass=*)', mode='ro', dn= base_dn, scope=ldap.SCOPE_SUBTREE, sizelimit=1000):
|
||||
"""La fonction de recherche dans la base ldap qui renvoie un liste de
|
||||
CransLdapObjects. On utilise la feature de sizelimit de python ldap"""
|
||||
|
|
@ -352,8 +361,19 @@ class lc_ldap(ldap.ldapobject.LDAPObject, object):
|
|||
class lc_ldap_test(lc_ldap):
|
||||
"""Connexion LDAP à la base de tests"""
|
||||
def __init__(self, *args, **kwargs):
|
||||
"""Oui, je droppe les paramètres"""
|
||||
super(lc_ldap_test, self).__init__(uri='ldap://vo.adm.crans.org', dn='cn=admin,dc=crans,dc=org', cred='75bdb64f32')
|
||||
# On impose le serveur
|
||||
kwargs["uri"] = 'ldap://vo.adm.crans.org'
|
||||
# On pense à laisser la possibilité de se connecter par username ou dn…
|
||||
if not kwargs.has_key("user"):
|
||||
# … mais si rien n'est spécifié, on fournit le dn par défaut
|
||||
kwargs.setdefault("dn", 'cn=admin,dc=crans,dc=org')
|
||||
# Le mot de passe de la base de test
|
||||
kwargs.setdefault("cred", '75bdb64f32')
|
||||
super(lc_ldap_test, self).__init__(*args, **kwargs)
|
||||
|
||||
def _first_bind(self):
|
||||
"""Sur la base de test, on peut lookup en anonyme"""
|
||||
self.simple_bind_s()
|
||||
|
||||
class lc_ldap_admin(lc_ldap):
|
||||
"""Connexion LDAP à la vraie base, en admin.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue