From 9c647292e1aec84bc4bf4d26856ca3b23d4f0e59 Mon Sep 17 00:00:00 2001 From: Massimo DiPierro Date: Tue, 13 Mar 2012 21:20:24 -0500 Subject: [PATCH] better ldap_auth thanks Gyuris --- VERSION | 2 +- gluon/contrib/login_methods/ldap_auth.py | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/VERSION b/VERSION index 4a308656..aa811343 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -Version 1.99.7 (2012-03-13 13:59:13) dev +Version 1.99.7 (2012-03-13 21:20:19) dev diff --git a/gluon/contrib/login_methods/ldap_auth.py b/gluon/contrib/login_methods/ldap_auth.py index 9e4045bd..c9e76978 100644 --- a/gluon/contrib/login_methods/ldap_auth.py +++ b/gluon/contrib/login_methods/ldap_auth.py @@ -10,7 +10,7 @@ except Exception, e: def ldap_auth( server = 'ldap', port = None, base_dn = 'ou=users,dc=domain,dc=com', - mode = 'uid', secure = False, cert_path = None, + mode = 'uid', secure = False, cert_path = None, cert_file = None, bind_dn = None, bind_pw = None, filterstr = 'objectClass=*', allowed_groups = None, manage_user = False, @@ -55,6 +55,8 @@ def ldap_auth( server = 'ldap', port = None, base_dn='ou=Users,dc=domain,dc=com')) If using secure ldaps:// pass secure=True and cert_path="..." + If ldap is using GnuTLS then you need cert_file="..." instead cert_path because + cert_path isn't implemented in GnuTLS :( If you need to bind to the directory with an admin account in order to search it then specify bind_dn & bind_pw to use for this. - currently only implemented for Active Directory @@ -129,6 +131,7 @@ def ldap_auth( server = 'ldap', port = None, ldap_bindpw = bind_pw, secure = secure, cert_path = cert_path, + cert_file = cert_file, filterstr = filterstr, manage_user = manage_user, user_firstname_attrib = user_firstname_attrib, @@ -436,6 +439,7 @@ def ldap_auth( server = 'ldap', port = None, ldap_mode = mode, secure = secure, cert_path = cert_path, + cert_file = cert_file ): ''' Inicialize ldap connection @@ -447,6 +451,8 @@ def ldap_auth( server = 'ldap', port = None, "ldaps://" + ldap_server + ":" + str( ldap_port ) ) if cert_path: con.set_option( ldap.OPT_X_TLS_CACERTDIR, cert_path ) + if cert_file: + con.set_option( ldap.OPT_X_TLS_CACERTFILE, cert_file ) else: if not ldap_port: ldap_port = 389