better ldap_auth thanks Gyuris
This commit is contained in:
@@ -1 +1 @@
|
||||
Version 1.99.7 (2012-03-13 13:59:13) dev
|
||||
Version 1.99.7 (2012-03-13 21:20:19) dev
|
||||
|
||||
@@ -10,7 +10,7 @@ except Exception, e:
|
||||
|
||||
def ldap_auth( server = 'ldap', port = None,
|
||||
base_dn = 'ou=users,dc=domain,dc=com',
|
||||
mode = 'uid', secure = False, cert_path = None,
|
||||
mode = 'uid', secure = False, cert_path = None, cert_file = None,
|
||||
bind_dn = None, bind_pw = None, filterstr = 'objectClass=*',
|
||||
allowed_groups = None,
|
||||
manage_user = False,
|
||||
@@ -55,6 +55,8 @@ def ldap_auth( server = 'ldap', port = None,
|
||||
base_dn='ou=Users,dc=domain,dc=com'))
|
||||
|
||||
If using secure ldaps:// pass secure=True and cert_path="..."
|
||||
If ldap is using GnuTLS then you need cert_file="..." instead cert_path because
|
||||
cert_path isn't implemented in GnuTLS :(
|
||||
|
||||
If you need to bind to the directory with an admin account in order to search it then specify bind_dn & bind_pw to use for this.
|
||||
- currently only implemented for Active Directory
|
||||
@@ -129,6 +131,7 @@ def ldap_auth( server = 'ldap', port = None,
|
||||
ldap_bindpw = bind_pw,
|
||||
secure = secure,
|
||||
cert_path = cert_path,
|
||||
cert_file = cert_file,
|
||||
filterstr = filterstr,
|
||||
manage_user = manage_user,
|
||||
user_firstname_attrib = user_firstname_attrib,
|
||||
@@ -436,6 +439,7 @@ def ldap_auth( server = 'ldap', port = None,
|
||||
ldap_mode = mode,
|
||||
secure = secure,
|
||||
cert_path = cert_path,
|
||||
cert_file = cert_file
|
||||
):
|
||||
'''
|
||||
Inicialize ldap connection
|
||||
@@ -447,6 +451,8 @@ def ldap_auth( server = 'ldap', port = None,
|
||||
"ldaps://" + ldap_server + ":" + str( ldap_port ) )
|
||||
if cert_path:
|
||||
con.set_option( ldap.OPT_X_TLS_CACERTDIR, cert_path )
|
||||
if cert_file:
|
||||
con.set_option( ldap.OPT_X_TLS_CACERTFILE, cert_file )
|
||||
else:
|
||||
if not ldap_port:
|
||||
ldap_port = 389
|
||||
|
||||
Reference in New Issue
Block a user