comparison MoinMoin/auth/ldap_login.py @ 3125:40c4670c3410

refactored auth package to use own logger
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Wed, 27 Feb 2008 10:05:20 +0100
parents a94959a2aae7
children 1508feb6dbbf
comparison
equal deleted inserted replaced
3124:5d7582e47c50 3125:40c4670c3410
13 13
14 TODO: migrate configuration items to constructor parameters, 14 TODO: migrate configuration items to constructor parameters,
15 allow more configuration (alias name, ...) by using 15 allow more configuration (alias name, ...) by using
16 callables as parameters 16 callables as parameters
17 17
18 @copyright: 2006-2007 MoinMoin:ThomasWaldmann, 18 @copyright: 2006-2008 MoinMoin:ThomasWaldmann,
19 2006 Nick Phillips 19 2006 Nick Phillips
20 @license: GNU GPL, see COPYING for details. 20 @license: GNU GPL, see COPYING for details.
21 """ 21 """
22 import sys 22 import sys
23 import ldap 23 import ldap
24
25 from MoinMoin import log
26 logging = log.getLogger(__name__)
24 27
25 from MoinMoin import user 28 from MoinMoin import user
26 from MoinMoin.auth import BaseAuth, CancelLogin, ContinueLogin 29 from MoinMoin.auth import BaseAuth, CancelLogin, ContinueLogin
27 30
28 31
52 try: 55 try:
53 try: 56 try:
54 u = None 57 u = None
55 dn = None 58 dn = None
56 coding = cfg.ldap_coding 59 coding = cfg.ldap_coding
57 if verbose: request.log("LDAP: Setting misc. options...") 60 if verbose: logging.info("Setting misc. ldap options...")
58 ldap.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3) # ldap v2 is outdated 61 ldap.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3) # ldap v2 is outdated
59 ldap.set_option(ldap.OPT_REFERRALS, cfg.ldap_referrals) 62 ldap.set_option(ldap.OPT_REFERRALS, cfg.ldap_referrals)
60 ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, cfg.ldap_timeout) 63 ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, cfg.ldap_timeout)
61 64
62 starttls = cfg.ldap_start_tls 65 starttls = cfg.ldap_start_tls
72 ): 75 ):
73 if value: 76 if value:
74 ldap.set_option(option, value) 77 ldap.set_option(option, value)
75 78
76 server = cfg.ldap_uri 79 server = cfg.ldap_uri
77 if verbose: request.log("LDAP: Trying to initialize %r." % server) 80 if verbose: logging.info("Trying to initialize %r." % server)
78 l = ldap.initialize(server) 81 l = ldap.initialize(server)
79 if verbose: request.log("LDAP: Connected to LDAP server %r." % server) 82 if verbose: logging.info("Connected to LDAP server %r." % server)
80 83
81 if starttls and server.startswith('ldap:'): 84 if starttls and server.startswith('ldap:'):
82 if verbose: request.log("LDAP: Trying to start TLS to %r." % server) 85 if verbose: logging.info("Trying to start TLS to %r." % server)
83 try: 86 try:
84 l.start_tls_s() 87 l.start_tls_s()
85 if verbose: request.log("LDAP: Using TLS to %r." % server) 88 if verbose: logging.info("Using TLS to %r." % server)
86 except (ldap.SERVER_DOWN, ldap.CONNECT_ERROR), err: 89 except (ldap.SERVER_DOWN, ldap.CONNECT_ERROR), err:
87 if verbose: request.log("LDAP: Couldn't establish TLS to %r (err: %s)." % (server, str(err))) 90 if verbose: logging.info("Couldn't establish TLS to %r (err: %s)." % (server, str(err)))
88 raise 91 raise
89 92
90 # you can use %(username)s and %(password)s here to get the stuff entered in the form: 93 # you can use %(username)s and %(password)s here to get the stuff entered in the form:
91 ldap_binddn = cfg.ldap_binddn % locals() 94 ldap_binddn = cfg.ldap_binddn % locals()
92 ldap_bindpw = cfg.ldap_bindpw % locals() 95 ldap_bindpw = cfg.ldap_bindpw % locals()
93 l.simple_bind_s(ldap_binddn.encode(coding), ldap_bindpw.encode(coding)) 96 l.simple_bind_s(ldap_binddn.encode(coding), ldap_bindpw.encode(coding))
94 if verbose: request.log("LDAP: Bound with binddn %r" % ldap_binddn) 97 if verbose: logging.info("Bound with binddn %r" % ldap_binddn)
95 98
96 # you can use %(username)s here to get the stuff entered in the form: 99 # you can use %(username)s here to get the stuff entered in the form:
97 filterstr = cfg.ldap_filter % locals() 100 filterstr = cfg.ldap_filter % locals()
98 if verbose: request.log("LDAP: Searching %r" % filterstr) 101 if verbose: logging.info("Searching %r" % filterstr)
99 attrs = [getattr(cfg, attr) for attr in [ 102 attrs = [getattr(cfg, attr) for attr in [
100 'ldap_email_attribute', 103 'ldap_email_attribute',
101 'ldap_aliasname_attribute', 104 'ldap_aliasname_attribute',
102 'ldap_surname_attribute', 105 'ldap_surname_attribute',
103 'ldap_givenname_attribute', 106 'ldap_givenname_attribute',
106 attrlist=attrs, timeout=cfg.ldap_timeout) 109 attrlist=attrs, timeout=cfg.ldap_timeout)
107 # we remove entries with dn == None to get the real result list: 110 # we remove entries with dn == None to get the real result list:
108 lusers = [(dn, ldap_dict) for dn, ldap_dict in lusers if dn is not None] 111 lusers = [(dn, ldap_dict) for dn, ldap_dict in lusers if dn is not None]
109 if verbose: 112 if verbose:
110 for dn, ldap_dict in lusers: 113 for dn, ldap_dict in lusers:
111 request.log("LDAP: dn:%r" % dn) 114 logging.info("dn:%r" % dn)
112 for key, val in ldap_dict.items(): 115 for key, val in ldap_dict.items():
113 request.log(" %r: %r" % (key, val)) 116 logging.info(" %r: %r" % (key, val))
114 117
115 result_length = len(lusers) 118 result_length = len(lusers)
116 if result_length != 1: 119 if result_length != 1:
117 if result_length > 1: 120 if result_length > 1:
118 request.log("LDAP: Search found more than one (%d) matches for %r." % (result_length, filterstr)) 121 logging.info("Search found more than one (%d) matches for %r." % (result_length, filterstr))
119 if result_length == 0: 122 if result_length == 0:
120 if verbose: request.log("LDAP: Search found no matches for %r." % (filterstr, )) 123 if verbose: logging.info("Search found no matches for %r." % (filterstr, ))
121 return CancelLogin(_("Invalid username or password.")) 124 return CancelLogin(_("Invalid username or password."))
122 125
123 dn, ldap_dict = lusers[0] 126 dn, ldap_dict = lusers[0]
124 if not cfg.ldap_bindonce: 127 if not cfg.ldap_bindonce:
125 if verbose: request.log("LDAP: DN found is %r, trying to bind with pw" % dn) 128 if verbose: logging.info("DN found is %r, trying to bind with pw" % dn)
126 l.simple_bind_s(dn, password.encode(coding)) 129 l.simple_bind_s(dn, password.encode(coding))
127 if verbose: request.log("LDAP: Bound with dn %r (username: %r)" % (dn, username)) 130 if verbose: logging.info("Bound with dn %r (username: %r)" % (dn, username))
128 131
129 if cfg.ldap_email_callback is None: 132 if cfg.ldap_email_callback is None:
130 if cfg.ldap_email_attribute: 133 if cfg.ldap_email_attribute:
131 email = ldap_dict.get(cfg.ldap_email_attribute, [''])[0].decode(coding) 134 email = ldap_dict.get(cfg.ldap_email_attribute, [''])[0].decode(coding)
132 else: 135 else:
154 else: 157 else:
155 u = user.User(request, auth_username=username, password="{SHA}NotStored", auth_method=self.name, auth_attribs=('name', 'password', 'mailto_author', )) 158 u = user.User(request, auth_username=username, password="{SHA}NotStored", auth_method=self.name, auth_attribs=('name', 'password', 'mailto_author', ))
156 u.name = username 159 u.name = username
157 u.aliasname = aliasname 160 u.aliasname = aliasname
158 u.remember_me = 0 # 0 enforces cookie_lifetime config param 161 u.remember_me = 0 # 0 enforces cookie_lifetime config param
159 if verbose: request.log("LDAP: creating userprefs with name %r email %r alias %r" % (username, email, aliasname)) 162 if verbose: logging.info("creating userprefs with name %r email %r alias %r" % (username, email, aliasname))
160 163
161 except ldap.INVALID_CREDENTIALS, err: 164 except ldap.INVALID_CREDENTIALS, err:
162 request.log("LDAP: invalid credentials (wrong password?) for dn %r (username: %r)" % (dn, username)) 165 logging.info("invalid credentials (wrong password?) for dn %r (username: %r)" % (dn, username))
163 return CancelLogin(_("Invalid username or password.")) 166 return CancelLogin(_("Invalid username or password."))
164 167
165 if u: 168 if u:
166 u.create_or_update(True) 169 u.create_or_update(True)
167 return ContinueLogin(u) 170 return ContinueLogin(u)
168 171
169 except: 172 except:
170 import traceback 173 import traceback
171 info = sys.exc_info() 174 info = sys.exc_info()
172 request.log("LDAP: caught an exception, traceback follows...") 175 logging.error("caught an exception, traceback follows...")
173 request.log(''.join(traceback.format_exception(*info))) 176 logging.error(''.join(traceback.format_exception(*info)))
174 return CancelLogin(None) 177 return CancelLogin(None)
175 178