LDAP: custom filters supported
This commit is contained in:
parent
7bfc17a51d
commit
0c2bbb8ae1
1
NEWS.rst
1
NEWS.rst
@ -11,6 +11,7 @@
|
|||||||
* Courier and PAM authentication methods
|
* Courier and PAM authentication methods
|
||||||
* Git and SQL storages
|
* Git and SQL storages
|
||||||
* CardDAV support
|
* CardDAV support
|
||||||
|
* LDAP: custom filters supported
|
||||||
|
|
||||||
|
|
||||||
0.6.4 - Tulips
|
0.6.4 - Tulips
|
||||||
|
5
config
5
config
@ -56,6 +56,11 @@ ldap_url = ldap://localhost:389/
|
|||||||
ldap_base = ou=users,dc=example,dc=com
|
ldap_base = ou=users,dc=example,dc=com
|
||||||
# LDAP login attribute
|
# LDAP login attribute
|
||||||
ldap_attribute = uid
|
ldap_attribute = uid
|
||||||
|
# LDAP filter string
|
||||||
|
# placed as X in a query of the form (&(...)X)
|
||||||
|
# example: (objectCategory=Person)(objectClass=User)(memberOf=cn=calenderusers,ou=users,dc=example,dc=org)
|
||||||
|
# leave empty if no additional filter is needed
|
||||||
|
ldap_filter =
|
||||||
# LDAP dn for initial login, used if LDAP server does not allow anonymous searches
|
# LDAP dn for initial login, used if LDAP server does not allow anonymous searches
|
||||||
# Leave empty if searches are anonymous
|
# Leave empty if searches are anonymous
|
||||||
ldap_binddn =
|
ldap_binddn =
|
||||||
|
@ -31,6 +31,7 @@ from radicale import acl, config, log
|
|||||||
|
|
||||||
BASE = config.get("acl", "ldap_base")
|
BASE = config.get("acl", "ldap_base")
|
||||||
ATTRIBUTE = config.get("acl", "ldap_attribute")
|
ATTRIBUTE = config.get("acl", "ldap_attribute")
|
||||||
|
FILTER = config.get("acl", "ldap_filter")
|
||||||
CONNEXION = ldap.initialize(config.get("acl", "ldap_url"))
|
CONNEXION = ldap.initialize(config.get("acl", "ldap_url"))
|
||||||
BINDDN = config.get("acl", "ldap_binddn")
|
BINDDN = config.get("acl", "ldap_binddn")
|
||||||
PASSWORD = config.get("acl", "ldap_password")
|
PASSWORD = config.get("acl", "ldap_password")
|
||||||
@ -59,7 +60,13 @@ def has_right(owner, user, password):
|
|||||||
log.LOGGER.debug(
|
log.LOGGER.debug(
|
||||||
"LDAP bind for %s in base %s" % (distinguished_name, BASE))
|
"LDAP bind for %s in base %s" % (distinguished_name, BASE))
|
||||||
|
|
||||||
users = CONNEXION.search_s(BASE, SCOPE, distinguished_name)
|
if FILTER:
|
||||||
|
filterStr = "(&(%s)%s)" % (distinguished_name,FILTER)
|
||||||
|
else:
|
||||||
|
filterStr = distinguished_name
|
||||||
|
log.LOGGER.debug("Used LDAP filter: %s" % filterStr)
|
||||||
|
|
||||||
|
users = CONNEXION.search_s(BASE, SCOPE, filterStr)
|
||||||
if users:
|
if users:
|
||||||
log.LOGGER.debug("User %s found" % user)
|
log.LOGGER.debug("User %s found" % user)
|
||||||
try:
|
try:
|
||||||
|
Loading…
Reference in New Issue
Block a user