changeset 6007:86090e014653

ldap_auth: support placeholders for basedn also
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sun, 05 Jan 2014 02:16:19 +0100
parents 748a41f12915
children d72a5e95c7c0
files MoinMoin/auth/ldap_login.py docs/CHANGES wiki/config/more_samples/ldap_2servers_wikiconfig_snippet wiki/config/more_samples/ldap_wikiconfig_snippet
diffstat 4 files changed, 8 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/auth/ldap_login.py	Sat Jan 04 18:24:56 2014 +0100
+++ b/MoinMoin/auth/ldap_login.py	Sun Jan 05 02:16:19 2014 +0100
@@ -168,6 +168,7 @@
                 # you can use %(username)s and %(password)s here to get the stuff entered in the form:
                 binddn = self.bind_dn % locals()
                 bindpw = self.bind_pw % locals()
+                basedn = self.base_dn % locals()
                 l.simple_bind_s(binddn.encode(coding), bindpw.encode(coding))
                 logging.debug("Bound with binddn %r" % binddn)
 
@@ -180,7 +181,7 @@
                                          'surname_attribute',
                                          'givenname_attribute',
                                          ] if getattr(self, attr) is not None]
-                lusers = l.search_st(self.base_dn, self.scope, filterstr.encode(coding),
+                lusers = l.search_st(basedn, self.scope, filterstr.encode(coding),
                                      attrlist=attrs, timeout=self.timeout)
                 # we remove entries with dn == None to get the real result list:
                 lusers = [(dn, ldap_dict) for dn, ldap_dict in lusers if dn is not None]
--- a/docs/CHANGES	Sat Jan 04 18:24:56 2014 +0100
+++ b/docs/CHANGES	Sun Jan 05 02:16:19 2014 +0100
@@ -64,6 +64,8 @@
     # logged-in users get the backlink, anon users/bots get simple text:
     backlink_method = lambda cfg, req: 'backlink' if req.user.valid else 'text'
   * AbandonedPages macro: check user agent to reduce load caused by bots
+  * ldap_auth: support placeholders for basedn also, e.g. you could use:
+    base_dn='uid=%(username)s,ou=people,dc=company,dc=com'
 
   Fixes:
   * do not create empty pagedirs (with empty edit-log). To clean up all the
--- a/wiki/config/more_samples/ldap_2servers_wikiconfig_snippet	Sat Jan 04 18:24:56 2014 +0100
+++ b/wiki/config/more_samples/ldap_2servers_wikiconfig_snippet	Sun Jan 05 02:16:19 2014 +0100
@@ -19,6 +19,8 @@
         bind_pw='',
         base_dn='',  # base DN we use for searching
                      #base_dn = 'ou=SOMEUNIT,dc=example,dc=org'
+                     #base_dn = 'uid=%(username)s,ou=people,dc=company,dc=com'
+
         scope=2, # scope of the search we do (2 == ldap.SCOPE_SUBTREE)
         referrals=0, # LDAP REFERRALS (0 needed for AD)
         search_filter='(uid=%(username)s)',  # ldap filter used for searching:
--- a/wiki/config/more_samples/ldap_wikiconfig_snippet	Sat Jan 04 18:24:56 2014 +0100
+++ b/wiki/config/more_samples/ldap_wikiconfig_snippet	Sun Jan 05 02:16:19 2014 +0100
@@ -23,6 +23,8 @@
         bind_pw='',
         base_dn='',  # base DN we use for searching
                      #base_dn = 'ou=SOMEUNIT,dc=example,dc=org'
+                     #base_dn = 'uid=%(username)s,ou=people,dc=company,dc=com'
+
         scope=2, # scope of the search we do (2 == ldap.SCOPE_SUBTREE)
         referrals=0, # LDAP REFERRALS (0 needed for AD)
         search_filter='(uid=%(username)s)',  # ldap filter used for searching: