Mercurial > moin > 1.9
changeset 3097:a94959a2aae7
Some python-ldap packages may not be built with TLS support. Let's
make sure ldap.TLS_AVAIL exists before we try to use it.
Add a configuration directive to only do one bind to the LDAP server. This
is useful if you bind as the user the first time. In my case I was unable
to bind as a user to the DN that contained the users' email, givenname, etc.
fields.
author | Thomas Waldmann <tw AT waldmann-edv DOT de> |
---|---|
date | Sat, 23 Feb 2008 02:10:14 +0100 |
parents | 8d21b13482e3 |
children | a67e104828d1 |
files | MoinMoin/auth/ldap_login.py MoinMoin/config/multiconfig.py wiki/config/more_samples/ldap_smb_farmconfig.py |
diffstat | 3 files changed, 10 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/MoinMoin/auth/ldap_login.py Sat Feb 23 01:52:53 2008 +0100 +++ b/MoinMoin/auth/ldap_login.py Sat Feb 23 02:10:14 2008 +0100 @@ -60,7 +60,7 @@ ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, cfg.ldap_timeout) starttls = cfg.ldap_start_tls - if ldap.TLS_AVAIL: + if hasattr(ldap, 'TLS_AVAIL') and ldap.TLS_AVAIL: for option, value in ( (ldap.OPT_X_TLS_CACERTDIR, cfg.ldap_tls_cacertdir), (ldap.OPT_X_TLS_CACERTFILE, cfg.ldap_tls_cacertfile), @@ -121,9 +121,10 @@ return CancelLogin(_("Invalid username or password.")) dn, ldap_dict = lusers[0] - if verbose: request.log("LDAP: DN found is %r, trying to bind with pw" % dn) - l.simple_bind_s(dn, password.encode(coding)) - if verbose: request.log("LDAP: Bound with dn %r (username: %r)" % (dn, username)) + if not cfg.ldap_bindonce: + if verbose: request.log("LDAP: DN found is %r, trying to bind with pw" % dn) + l.simple_bind_s(dn, password.encode(coding)) + if verbose: request.log("LDAP: Bound with dn %r (username: %r)" % (dn, username)) if cfg.ldap_email_callback is None: if cfg.ldap_email_attribute:
--- a/MoinMoin/config/multiconfig.py Sat Feb 23 01:52:53 2008 +0100 +++ b/MoinMoin/config/multiconfig.py Sat Feb 23 02:10:14 2008 +0100 @@ -386,6 +386,9 @@ ldap_tls_keyfile = '' ldap_tls_require_cert = 0 # 0 == ldap.OPT_X_TLS_NEVER (needed for self-signed certs) + ldap_bindonce = False # set to True to only do one bind. Useful if + # configured to bind as the user on the first attempt + log_reverse_dns_lookups = True # if we do reverse dns lookups for logging hostnames # instead of just IPs log_timing = False # update <data_dir>/timing.log?
--- a/wiki/config/more_samples/ldap_smb_farmconfig.py Sat Feb 23 01:52:53 2008 +0100 +++ b/wiki/config/more_samples/ldap_smb_farmconfig.py Sat Feb 23 02:10:14 2008 +0100 @@ -105,6 +105,8 @@ ldap_coding = 'utf-8' # coding used for ldap queries and result values ldap_timeout = 10 # how long we wait for the ldap server [s] ldap_verbose = True # if True, put lots of LDAP debug info into the log + ldap_bindonce = False # set to True to only do one bind. Useful if + # configured to bind as the user on the first attempt cookie_lifetime = 1 # 1 hour after last access ldap login is required again user_autocreate = True