diff options
author | Mark Rogaski <mrogaski@pobox.com> | 2014-06-25 17:45:51 +0400 |
---|---|---|
committer | Mark Rogaski <mrogaski@pobox.com> | 2014-06-25 17:45:51 +0400 |
commit | 8b19f163a3cfc99407fcb4f9d431c0e5fed65f3e (patch) | |
tree | 316cbaf7af4135ff3dc5b88ed1e2b9b0ec4370de | |
parent | 32479fe3474a4a0fc60691425bcab3b8f2ba2e06 (diff) |
Added bind_dn and bind_pass configuration options for non-user binding.
-rw-r--r-- | Authenticators/LDAP/LDAPauth.ini | 3 | ||||
-rw-r--r-- | Authenticators/LDAP/LDAPauth.py | 10 |
2 files changed, 12 insertions, 1 deletions
diff --git a/Authenticators/LDAP/LDAPauth.ini b/Authenticators/LDAP/LDAPauth.ini index 743c6d4..9e374e8 100644 --- a/Authenticators/LDAP/LDAPauth.ini +++ b/Authenticators/LDAP/LDAPauth.ini @@ -15,6 +15,9 @@ watchdog = 30 ; LDAP specific configuration [ldap] +; Use bind_dn and bind_pass if you use non-user credentials for searches. +; bind_dn = +; bind_pass = users_dn = ou=Users,dc=example,dc=com username_attr = uid number_attr = roomNumber diff --git a/Authenticators/LDAP/LDAPauth.py b/Authenticators/LDAP/LDAPauth.py index 3b3c407..dddc887 100644 --- a/Authenticators/LDAP/LDAPauth.py +++ b/Authenticators/LDAP/LDAPauth.py @@ -126,6 +126,8 @@ def x2bool(s): # cfgfile = 'LDAPauth.ini' default = { 'ldap':(('ldap_uri', str, 'ldap://127.0.0.1'), + ('bind_dn', str, ''), + ('bind_pass', str, ''), ('users_dn', str, 'ou=Users,dc=example,dc=org'), ('username_attr', str, 'uid'), ('number_attr', str, 'RoomNumber'), @@ -432,7 +434,13 @@ def do_main_program(): try: #Attempt to bind to LDAP server with user-provided credentials ldap_conn = ldap.initialize(cfg.ldap.ldap_uri, 0) - ldap_conn.bind_s("%s=%s,%s" % (cfg.ldap.username_attr, name, cfg.ldap.users_dn), pw) + if cfg.ldap.bind_dn: + bind_dn = cfg.ldap.bind_dn + bind_pass = cfg.ldap.bind_pass + else: + bind_dn = "%s=%s,%s" % (cfg.ldap.username_attr, name, cfg.ldap.users_dn) + bind_pass = pw + ldap_conn.bind_s(bind_dn, bind_pass) res = ldap_conn.search_s(cfg.ldap.users_dn, ldap.SCOPE_SUBTREE, '(%s=%s)' % (cfg.ldap.username_attr, name), [cfg.ldap.number_attr, cfg.ldap.display_attr]) match = res[0] #Only interested in the first result, as there should only be one match |