From 2830afd71d958c207e8bade754efe8f33b1db873 Mon Sep 17 00:00:00 2001
From: Guillaume Ayoub <guillaume.ayoub@kozea.fr>
Date: Tue, 10 May 2011 14:45:54 +0200
Subject: [PATCH] =?UTF-8?q?Allow=20authentication=20before=20LDAP=20search?=
 =?UTF-8?q?es=20(patch=20from=20=C5=81ukasz)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 config               | 5 +++++
 radicale/acl/LDAP.py | 6 ++++++
 radicale/config.py   | 4 +++-
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/config b/config
index 3bb67e1..aaadc03 100644
--- a/config
+++ b/config
@@ -48,6 +48,11 @@ ldap_url = ldap://localhost:389/
 ldap_base = ou=users,dc=example,dc=com
 # LDAP login attribute
 ldap_attribute = uid
+# LDAP dn for initial login, used if LDAP server does not allow anonymous searches
+# Leave empty if searches are anonymous
+ldap_binddn =
+# LDAP password for initial login, used with ldap_binddn
+ldap_password =
 
 [storage]
 # Folder for storing local calendars, created if not present
diff --git a/radicale/acl/LDAP.py b/radicale/acl/LDAP.py
index 68181ae..9a95982 100644
--- a/radicale/acl/LDAP.py
+++ b/radicale/acl/LDAP.py
@@ -33,6 +33,8 @@ BASE = config.get("acl", "ldap_base")
 ATTRIBUTE = config.get("acl", "ldap_attribute")
 CONNEXION = ldap.initialize(config.get("acl", "ldap_url"))
 PERSONAL = config.getboolean("acl", "personal")
+BINDDN = config.get("acl", "ldap_binddn")
+PASSWORD = config.get("acl", "ldap_password")
 
 
 def has_right(owner, user, password):
@@ -41,6 +43,10 @@ def has_right(owner, user, password):
         # User is not owner and personal calendars, or no user given, forbidden
         return False
 
+    if BINDDN and PASSWORD:
+        log.LOGGER.debug("Initial LDAP bind as %s" % BINDDN)
+        CONNEXION.simple_bind_s(BINDDN, PASSWORD)
+
     distinguished_name = "%s=%s" % (ATTRIBUTE, ldap.dn.escape_dn_chars(user))
     log.LOGGER.debug("LDAP bind for %s in base %s" % (distinguished_name, BASE))
 
diff --git a/radicale/config.py b/radicale/config.py
index dc28789..66ba41f 100644
--- a/radicale/config.py
+++ b/radicale/config.py
@@ -54,7 +54,9 @@ INITIAL_CONFIG = {
         "httpasswd_encryption": "crypt",
         "ldap_url": "ldap://localhost:389/",
         "ldap_base": "ou=users,dc=example,dc=com",
-        "ldap_attribute": "uid"},
+        "ldap_attribute": "uid",
+        "ldap_binddn": "",
+        "ldap_password": ""},
     "storage": {
         "folder": os.path.expanduser("~/.config/radicale/calendars")},
     "logging": {