| 125 |
125 |
for key, value in block['global_ldap_options'].iteritems():
|
| 126 |
126 |
ldap.set_option(key, value)
|
| 127 |
127 |
conn = ldap.initialize(url)
|
| 128 |
128 |
for key, value in block['ldap_options']:
|
| 129 |
129 |
conn.set_option(key, value)
|
| 130 |
130 |
conn.set_option(ldap.OPT_REFERRALS, 1 if block['referrals'] else 0)
|
| 131 |
131 |
try:
|
| 132 |
132 |
if not url.startswith('ldaps://') and block['use_tls']:
|
| 133 |
|
conn.start_tls_s()
|
|
133 |
try:
|
|
134 |
conn.start_tls_s()
|
|
135 |
except ldap.CONNECT_ERROR:
|
|
136 |
log.error('connection to %r failed when activating TLS, did '
|
|
137 |
'you forget to declare the TLS certificate in '
|
|
138 |
'/etc/ldap/ldap.conf ?', url)
|
|
139 |
continue
|
| 134 |
140 |
conn.whoami_s()
|
|
141 |
except ldap.TIMEOUT:
|
|
142 |
log.error('connection to %r timed out', url)
|
|
143 |
continue
|
|
144 |
except ldap.CONNECT_ERROR:
|
|
145 |
log.error('connection to %r failed when activating TLS, did '
|
|
146 |
'you forget to declare the TLS certificate in '
|
|
147 |
'/etc/ldap/ldap.conf ?', url)
|
|
148 |
continue
|
| 135 |
149 |
except ldap.SERVER_DOWN:
|
| 136 |
150 |
if block['replicas']:
|
| 137 |
151 |
log.warning('ldap %r is down', url)
|
| 138 |
152 |
else:
|
| 139 |
153 |
log.error('ldap %r is down', url)
|
| 140 |
154 |
continue
|
| 141 |
155 |
try:
|
| 142 |
156 |
if credentials:
|
| ... | ... | |
| 401 |
415 |
utf8_username = username.encode('utf-8')
|
| 402 |
416 |
utf8_password = password.encode('utf-8')
|
| 403 |
417 |
|
| 404 |
418 |
for uri in block['url']:
|
| 405 |
419 |
log.debug('try to bind user on %r', uri)
|
| 406 |
420 |
conn = ldap.initialize(uri)
|
| 407 |
421 |
conn.set_option(ldap.OPT_REFERRALS, 1 if block['referrals'] else 0)
|
| 408 |
422 |
if not uri.startswith('ldaps://') and block['use_tls']:
|
| 409 |
|
conn.start_tls_s()
|
|
423 |
try:
|
|
424 |
conn.start_tls_s()
|
|
425 |
except ldap.TIMEOUT:
|
|
426 |
log.error('connection to %r timed out', uri)
|
|
427 |
continue
|
|
428 |
except (ldap.CONNECT_ERROR, ldap.SERVER_DOWN):
|
|
429 |
log.error('connection to %r failed when activating TLS, did '
|
|
430 |
'you forget to declare the TLS certificate in '
|
|
431 |
'/etc/ldap/ldap.conf ? or maybe timeout are not long '
|
|
432 |
'enough', uri)
|
|
433 |
continue
|
| 410 |
434 |
authz_ids = []
|
| 411 |
435 |
user_basedn = block.get('user_basedn') or block['basedn']
|
| 412 |
436 |
|
| 413 |
437 |
try:
|
| 414 |
438 |
# if necessary bind as admin
|
| 415 |
439 |
self.try_admin_bind(conn, block)
|
| 416 |
440 |
if block['user_dn_template']:
|
| 417 |
441 |
template = str(block['user_dn_template'])
|
| ... | ... | |
| 474 |
498 |
break
|
| 475 |
499 |
continue
|
| 476 |
500 |
except ldap.NO_SUCH_OBJECT:
|
| 477 |
501 |
# should not happen as we just searched for this object !
|
| 478 |
502 |
log.error('user bind failed: authz_id not found %r', ', '.join(authz_ids))
|
| 479 |
503 |
if block['replicas']:
|
| 480 |
504 |
break
|
| 481 |
505 |
return self._return_user(authz_id, password, conn, block)
|
|
506 |
except ldap.CONNECT_ERROR:
|
|
507 |
log.error('connection to %r failed, did '
|
|
508 |
'you forget to declare the TLS certificate in '
|
|
509 |
'/etc/ldap/ldap.conf ?', uri)
|
|
510 |
except ldap.TIMEOUT:
|
|
511 |
log.error('connection to %r timed out', uri)
|
| 482 |
512 |
except ldap.SERVER_DOWN:
|
| 483 |
513 |
log.error('ldap authentication error: %r is down', uri)
|
| 484 |
514 |
finally:
|
| 485 |
515 |
del conn
|
| 486 |
516 |
return None
|
| 487 |
517 |
|
| 488 |
518 |
def get_user(self, user_id):
|
| 489 |
519 |
pickle_dump = user_id.split('!', 1)[1]
|
| 490 |
|
-
|