LDAP: custom filters supported

This commit is contained in:
Oliver Kopp 2012-03-10 10:05:23 +01:00
parent 7bfc17a51d
commit 0c2bbb8ae1
3 changed files with 14 additions and 1 deletions

View File

@ -11,6 +11,7 @@
* Courier and PAM authentication methods * Courier and PAM authentication methods
* Git and SQL storages * Git and SQL storages
* CardDAV support * CardDAV support
* LDAP: custom filters supported
0.6.4 - Tulips 0.6.4 - Tulips

5
config
View File

@ -56,6 +56,11 @@ ldap_url = ldap://localhost:389/
ldap_base = ou=users,dc=example,dc=com ldap_base = ou=users,dc=example,dc=com
# LDAP login attribute # LDAP login attribute
ldap_attribute = uid ldap_attribute = uid
# LDAP filter string
# placed as X in a query of the form (&(...)X)
# example: (objectCategory=Person)(objectClass=User)(memberOf=cn=calenderusers,ou=users,dc=example,dc=org)
# leave empty if no additional filter is needed
ldap_filter =
# LDAP dn for initial login, used if LDAP server does not allow anonymous searches # LDAP dn for initial login, used if LDAP server does not allow anonymous searches
# Leave empty if searches are anonymous # Leave empty if searches are anonymous
ldap_binddn = ldap_binddn =

View File

@ -31,6 +31,7 @@ from radicale import acl, config, log
BASE = config.get("acl", "ldap_base") BASE = config.get("acl", "ldap_base")
ATTRIBUTE = config.get("acl", "ldap_attribute") ATTRIBUTE = config.get("acl", "ldap_attribute")
FILTER = config.get("acl", "ldap_filter")
CONNEXION = ldap.initialize(config.get("acl", "ldap_url")) CONNEXION = ldap.initialize(config.get("acl", "ldap_url"))
BINDDN = config.get("acl", "ldap_binddn") BINDDN = config.get("acl", "ldap_binddn")
PASSWORD = config.get("acl", "ldap_password") PASSWORD = config.get("acl", "ldap_password")
@ -59,7 +60,13 @@ def has_right(owner, user, password):
log.LOGGER.debug( log.LOGGER.debug(
"LDAP bind for %s in base %s" % (distinguished_name, BASE)) "LDAP bind for %s in base %s" % (distinguished_name, BASE))
users = CONNEXION.search_s(BASE, SCOPE, distinguished_name) if FILTER:
filterStr = "(&(%s)%s)" % (distinguished_name,FILTER)
else:
filterStr = distinguished_name
log.LOGGER.debug("Used LDAP filter: %s" % filterStr)
users = CONNEXION.search_s(BASE, SCOPE, filterStr)
if users: if users:
log.LOGGER.debug("User %s found" % user) log.LOGGER.debug("User %s found" % user)
try: try: