125 |
125 |
for key, value in block['global_ldap_options'].iteritems():
|
126 |
126 |
ldap.set_option(key, value)
|
127 |
127 |
conn = ldap.initialize(url)
|
128 |
128 |
for key, value in block['ldap_options']:
|
129 |
129 |
conn.set_option(key, value)
|
130 |
130 |
conn.set_option(ldap.OPT_REFERRALS, 1 if block['referrals'] else 0)
|
131 |
131 |
try:
|
132 |
132 |
if not url.startswith('ldaps://') and block['use_tls']:
|
133 |
|
conn.start_tls_s()
|
|
133 |
try:
|
|
134 |
conn.start_tls_s()
|
|
135 |
except ldap.CONNECT_ERROR:
|
|
136 |
log.error('connection to %r failed when activating TLS, did '
|
|
137 |
'you forget to declare the TLS certificate in '
|
|
138 |
'/etc/ldap/ldap.conf ?', url)
|
|
139 |
continue
|
134 |
140 |
conn.whoami_s()
|
|
141 |
except ldap.TIMEOUT:
|
|
142 |
log.error('connection to %r timed out', url)
|
|
143 |
continue
|
|
144 |
except ldap.CONNECT_ERROR:
|
|
145 |
log.error('connection to %r failed when activating TLS, did '
|
|
146 |
'you forget to declare the TLS certificate in '
|
|
147 |
'/etc/ldap/ldap.conf ?', url)
|
|
148 |
continue
|
135 |
149 |
except ldap.SERVER_DOWN:
|
136 |
150 |
if block['replicas']:
|
137 |
151 |
log.warning('ldap %r is down', url)
|
138 |
152 |
else:
|
139 |
153 |
log.error('ldap %r is down', url)
|
140 |
154 |
continue
|
141 |
155 |
try:
|
142 |
156 |
if credentials:
|
... | ... | |
401 |
415 |
utf8_username = username.encode('utf-8')
|
402 |
416 |
utf8_password = password.encode('utf-8')
|
403 |
417 |
|
404 |
418 |
for uri in block['url']:
|
405 |
419 |
log.debug('try to bind user on %r', uri)
|
406 |
420 |
conn = ldap.initialize(uri)
|
407 |
421 |
conn.set_option(ldap.OPT_REFERRALS, 1 if block['referrals'] else 0)
|
408 |
422 |
if not uri.startswith('ldaps://') and block['use_tls']:
|
409 |
|
conn.start_tls_s()
|
|
423 |
try:
|
|
424 |
conn.start_tls_s()
|
|
425 |
except ldap.TIMEOUT:
|
|
426 |
log.error('connection to %r timed out', uri)
|
|
427 |
continue
|
|
428 |
except (ldap.CONNECT_ERROR, ldap.SERVER_DOWN):
|
|
429 |
log.error('connection to %r failed when activating TLS, did '
|
|
430 |
'you forget to declare the TLS certificate in '
|
|
431 |
'/etc/ldap/ldap.conf ? or maybe timeout are not long '
|
|
432 |
'enough', uri)
|
|
433 |
continue
|
410 |
434 |
authz_ids = []
|
411 |
435 |
user_basedn = block.get('user_basedn') or block['basedn']
|
412 |
436 |
|
413 |
437 |
try:
|
414 |
438 |
# if necessary bind as admin
|
415 |
439 |
self.try_admin_bind(conn, block)
|
416 |
440 |
if block['user_dn_template']:
|
417 |
441 |
template = str(block['user_dn_template'])
|
... | ... | |
474 |
498 |
break
|
475 |
499 |
continue
|
476 |
500 |
except ldap.NO_SUCH_OBJECT:
|
477 |
501 |
# should not happen as we just searched for this object !
|
478 |
502 |
log.error('user bind failed: authz_id not found %r', ', '.join(authz_ids))
|
479 |
503 |
if block['replicas']:
|
480 |
504 |
break
|
481 |
505 |
return self._return_user(authz_id, password, conn, block)
|
|
506 |
except ldap.CONNECT_ERROR:
|
|
507 |
log.error('connection to %r failed, did '
|
|
508 |
'you forget to declare the TLS certificate in '
|
|
509 |
'/etc/ldap/ldap.conf ?', uri)
|
|
510 |
except ldap.TIMEOUT:
|
|
511 |
log.error('connection to %r timed out', uri)
|
482 |
512 |
except ldap.SERVER_DOWN:
|
483 |
513 |
log.error('ldap authentication error: %r is down', uri)
|
484 |
514 |
finally:
|
485 |
515 |
del conn
|
486 |
516 |
return None
|
487 |
517 |
|
488 |
518 |
def get_user(self, user_id):
|
489 |
519 |
pickle_dump = user_id.split('!', 1)[1]
|
490 |
|
-
|