ldap: add sub-organization feature
This commit is contained in:
parent
c5e99807e3
commit
df745fd4a6
|
@ -8,8 +8,8 @@ def get_member(username):
|
|||
username = normalize(username) # Never safe enough
|
||||
conn = ldap.initialize("ldap://localhost")
|
||||
# Search for user
|
||||
r = conn.search_s(V5Config.LDAP_ORGANIZATION, ldap.SCOPE_SUBTREE,
|
||||
f'(cn={username})')
|
||||
r = conn.search_s(f"{V5Config.LDAP_ENV},{V5Config.LDAP_ROOT}",
|
||||
ldap.SCOPE_SUBTREE, f'(cn={username})')
|
||||
if len(r) > 0:
|
||||
return r[0]
|
||||
else:
|
||||
|
@ -21,7 +21,7 @@ def edit(user, fields):
|
|||
conn = ldap.initialize("ldap://localhost")
|
||||
# TODO: do this
|
||||
# Connect as root
|
||||
# conn.simple_bind_s(f'cn=ldap-root,{V5Config.LDAP_ORGANIZATION}',
|
||||
# conn.simple_bind_s(f'cn=ldap-root,{V5Config.LDAP_ENV}',
|
||||
# V5Config.LDAP_PASSWORD)
|
||||
# old_value = {"userPassword": ["my_old_password"]}
|
||||
# new_value = {"userPassword": ["my_new_password"]}
|
||||
|
@ -38,9 +38,9 @@ def set_password(user, password):
|
|||
""" Set password for a user. """
|
||||
conn = ldap.initialize("ldap://localhost")
|
||||
# Connect as root
|
||||
conn.simple_bind_s(f'cn=ldap-root,{V5Config.LDAP_ORGANIZATION}',
|
||||
conn.simple_bind_s(f'cn=ldap-root,{V5Config.LDAP_ROOT}',
|
||||
V5Config.LDAP_PASSWORD)
|
||||
conn.passwd_s(f"cn={user.norm},{V5Config.LDAP_ORGANIZATION}",
|
||||
conn.passwd_s(f"cn={user.norm},{V5Config.LDAP_ENV},{V5Config.LDAP_ROOT}",
|
||||
None, password)
|
||||
|
||||
|
||||
|
@ -48,8 +48,8 @@ def check_password(user, password):
|
|||
""" Try to login a user through LDAP register. """
|
||||
conn = ldap.initialize("ldap://localhost")
|
||||
try:
|
||||
conn.simple_bind_s(f"cn={user.norm},{V5Config.LDAP_ORGANIZATION}",
|
||||
password)
|
||||
conn.simple_bind_s(f"cn={user.norm},{V5Config.LDAP_ENV}," \
|
||||
f"{V5Config.LDAP_ROOT}", password)
|
||||
except ldap.INVALID_CREDENTIALS:
|
||||
return False
|
||||
return True
|
||||
|
@ -62,10 +62,10 @@ def add_member(member):
|
|||
return
|
||||
conn = ldap.initialize("ldap://localhost")
|
||||
# Connect as root
|
||||
conn.simple_bind_s(f'cn=ldap-root,{V5Config.LDAP_ORGANIZATION}',
|
||||
conn.simple_bind_s(f'cn=ldap-root,{V5Config.LDAP_ROOT}',
|
||||
V5Config.LDAP_PASSWORD)
|
||||
# Create fields
|
||||
dn = f'cn={member.norm},{V5Config.LDAP_ORGANIZATION}'
|
||||
dn = f'cn={member.norm},{V5Config.LDAP_ENV},{V5Config.LDAP_ROOT}'
|
||||
modlist = addModlist({
|
||||
'objectClass': [bytes('inetOrgPerson', 'UTF8')],
|
||||
'cn': [bytes(member.norm, 'UTF8')],
|
||||
|
@ -83,9 +83,9 @@ def delete_member(member):
|
|||
""" Remove a member from LDAP register """
|
||||
conn = ldap.initialize("ldap://localhost")
|
||||
# Connect as root
|
||||
conn.simple_bind_s(f'cn=ldap-root,{V5Config.LDAP_ORGANIZATION}',
|
||||
conn.simple_bind_s(f'cn=ldap-root,{V5Config.LDAP_ROOT}',
|
||||
V5Config.LDAP_PASSWORD)
|
||||
# Create fields
|
||||
dn = f'cn={member.norm},{V5Config.LDAP_ORGANIZATION}'
|
||||
dn = f'cn={member.norm},{V5Config.LDAP_ENV},{V5Config.LDAP_ROOT}'
|
||||
# Delete the user
|
||||
conn.delete_s(dn)
|
||||
|
|
|
@ -29,7 +29,8 @@ class DefaultConfig(object):
|
|||
USE_LDAP = False
|
||||
# LDAP configuration
|
||||
LDAP_PASSWORD = "openldap"
|
||||
LDAP_ORGANIZATION = "o=planet-casio"
|
||||
LDAP_ROOT = "o=planet-casio"
|
||||
LDAP_ENV = "o=prod"
|
||||
# Secret key used to authenticate tokens. **USE YOURS!**
|
||||
SECRET_KEY = "a-random-secret-key"
|
||||
# Uploaded data folder
|
||||
|
|
|
@ -5,7 +5,7 @@ class LocalConfig(object):
|
|||
DB_NAME = "pcv5"
|
||||
USE_LDAP = True
|
||||
LDAP_PASSWORD = "openldap"
|
||||
LDAP_ORGANIZATION = "o=planet-casio"
|
||||
LDAP_ENV = "o=prod"
|
||||
SECRET_KEY = "a-random-secret-key" # CHANGE THIS VALUE *NOW*
|
||||
AVATARS_FOLDER = '/home/pc/data/avatars/'
|
||||
ENABLE_GUEST_POST = True
|
||||
|
|
Loading…
Reference in New Issue