From 8b19f163a3cfc99407fcb4f9d431c0e5fed65f3e Mon Sep 17 00:00:00 2001 From: Mark Rogaski Date: Wed, 25 Jun 2014 13:45:51 +0000 Subject: Added bind_dn and bind_pass configuration options for non-user binding. --- Authenticators/LDAP/LDAPauth.ini | 3 +++ Authenticators/LDAP/LDAPauth.py | 10 +++++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/Authenticators/LDAP/LDAPauth.ini b/Authenticators/LDAP/LDAPauth.ini index 743c6d4..9e374e8 100644 --- a/Authenticators/LDAP/LDAPauth.ini +++ b/Authenticators/LDAP/LDAPauth.ini @@ -15,6 +15,9 @@ watchdog = 30 ; LDAP specific configuration [ldap] +; Use bind_dn and bind_pass if you use non-user credentials for searches. +; bind_dn = +; bind_pass = users_dn = ou=Users,dc=example,dc=com username_attr = uid number_attr = roomNumber diff --git a/Authenticators/LDAP/LDAPauth.py b/Authenticators/LDAP/LDAPauth.py index 3b3c407..dddc887 100644 --- a/Authenticators/LDAP/LDAPauth.py +++ b/Authenticators/LDAP/LDAPauth.py @@ -126,6 +126,8 @@ def x2bool(s): # cfgfile = 'LDAPauth.ini' default = { 'ldap':(('ldap_uri', str, 'ldap://127.0.0.1'), + ('bind_dn', str, ''), + ('bind_pass', str, ''), ('users_dn', str, 'ou=Users,dc=example,dc=org'), ('username_attr', str, 'uid'), ('number_attr', str, 'RoomNumber'), @@ -432,7 +434,13 @@ def do_main_program(): try: #Attempt to bind to LDAP server with user-provided credentials ldap_conn = ldap.initialize(cfg.ldap.ldap_uri, 0) - ldap_conn.bind_s("%s=%s,%s" % (cfg.ldap.username_attr, name, cfg.ldap.users_dn), pw) + if cfg.ldap.bind_dn: + bind_dn = cfg.ldap.bind_dn + bind_pass = cfg.ldap.bind_pass + else: + bind_dn = "%s=%s,%s" % (cfg.ldap.username_attr, name, cfg.ldap.users_dn) + bind_pass = pw + ldap_conn.bind_s(bind_dn, bind_pass) res = ldap_conn.search_s(cfg.ldap.users_dn, ldap.SCOPE_SUBTREE, '(%s=%s)' % (cfg.ldap.username_attr, name), [cfg.ldap.number_attr, cfg.ldap.display_attr]) match = res[0] #Only interested in the first result, as there should only be one match -- cgit v1.2.3