8 years ago · 750fe4229a
--- a/rrd/config.py
+++ b/rrd/config.py
@@ -31,6 +31,13 @@ LDAP_BASE_DN = "dc=example,dc=com"
 
				 LDAP_BINDDN_FMT = "uid=%s,dc=example,dc=com"
			
 
				 LDAP_SEARCH_FMT = "uid=%s"
			
 
				 LDAP_ATTRS = ["cn","mail","telephoneNumber"]
			
 
				+LDAP_TLS_START_TLS = False
			
 
				+LDAP_TLS_CACERTDIR = ""
			
 
				+LDAP_TLS_CACERTFILE = "/etc/openldap/certs/ca.crt"
			
 
				+LDAP_TLS_CERTFILE = ""
			
 
				+LDAP_TLS_KEYFILE = ""
			
 
				+LDAP_TLS_REQUIRE_CERT = True
			
 
				+LDAP_TLS_CIPHER_SUITE = ""
			
 
				 
			
 
				 # portal site config
			
 
				 MAINTAINERS = ['root']
			
--- a/rrd/view/utils.py
+++ b/rrd/view/utils.py
@@ -119,15 +119,31 @@ def ldap_login_user(name, password):
 
				 
			
 
				     cli = None
			
 
				     try:
			
 
				-        ldap_server = config.LDAP_SERVER if config.LDAP_SERVER.startswith("ldap://") else "ldap://%s" %config.LDAP_SERVER
			
 
				-        log.debug("bind_dn=%s base_dn=%s filter=%s attrs=%s" %(bind_dn, config.LDAP_BASE_DN, search_filter, config.LDAP_ATTRS))
			
 
				+        ldap_server = config.LDAP_SERVER if (config.LDAP_SERVER.startswith("ldap://") or config.LDAP_SERVER.startswith("ldaps://")) else "ldaps://%s" % config.LDAP_SERVER if config.LDAP_TLS_START_TLS else "ldap://%s" % config.LDAP_SERVER
			
 
				+        log.debug("ldap_server:%s bind_dn:%s base_dn:%s filter:%s attrs:%s" %(ldap_server, bind_dn, config.LDAP_BASE_DN, search_filter, config.LDAP_ATTRS))
			
 
				         cli = ldap.initialize(ldap_server)
			
 
				-        cli.bind_s(bind_dn, password)
			
 
				-        result = cli.search_s(config.LDAP_BASE_DN, ldap.SCOPE_SUBTREE, search_filter, config.LDAP_ATTRS)
			
 
				+        cli.protocol_version = ldap.VERSION3
			
 
				+        if config.LDAP_TLS_START_TLS or ldap_server.startswith('ldaps://'):
			
 
				+            if config.LDAP_TLS_CACERTFILE:
			
 
				+                cli.set_option(ldap.OPT_X_TLS_CACERTFILE, config.LDAP_TLS_CACERTFILE)
			
 
				+            if config.LDAP_TLS_CERTFILE:
			
 
				+                cli.set_option(ldap.OPT_X_TLS_CERTFILE, config.LDAP_TLS_CERTFILE)
			
 
				+            if config.LDAP_TLS_KEYFILE:
			
 
				+                cli.set_option(ldap.OPT_X_TLS_KEYFILE, config.LDAP_TLS_KEYFILE)
			
 
				+            if config.LDAP_TLS_REQUIRE_CERT:
			
 
				+                cli.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, config.LDAP_TLS_REQUIRE_CERT)
			
 
				+            if config.LDAP_TLS_CIPHER_SUITE:
			
 
				+                cli.set_option(ldap.OPT_X_TLS_CIPHER_SUITE, config.LDAP_TLS_CIPHER_SUITE)
			
 
				+        cli.simple_bind_s(bind_dn, password)
			
 
				+        result = cli.search_s(bind_dn, ldap.SCOPE_SUBTREE, search_filter, config.LDAP_ATTRS)
			
 
				         log.debug("ldap result: %s" % result)
			
 
				         d = result[0][1]
			
 
				         email = d['mail'][0]
			
 
				         cnname = d['cn'][0]
			
 
				+        if 'sn' in d and 'givenName' in d:
			
 
				+            cnname = d['givenName'][0] + ' ' + d['sn'][0]
			
 
				+        if 'displayName' in d:
			
 
				+            cnname = d['displayName'][0]
			
 
				         if 'telephoneNumber' in d:
			
 
				             phone = d['telephoneNumber'] and d['telephoneNumber'][0] or ""
			
 
				         else:
			
@@ -147,4 +163,3 @@ def ldap_login_user(name, password):
 
				         raise e
			
 
				     finally:
			
 
				         cli and cli.unbind_s()
			
 
				-