Allow authentication before LDAP searches (patch from Łukasz)

This commit is contained in:
Guillaume Ayoub 2011-05-10 14:45:54 +02:00
parent 0171690af5
commit 2830afd71d
3 changed files with 14 additions and 1 deletions

5
config
View File

@ -48,6 +48,11 @@ ldap_url = ldap://localhost:389/
ldap_base = ou=users,dc=example,dc=com
# LDAP login attribute
ldap_attribute = uid
# LDAP dn for initial login, used if LDAP server does not allow anonymous searches
# Leave empty if searches are anonymous
ldap_binddn =
# LDAP password for initial login, used with ldap_binddn
ldap_password =
[storage]
# Folder for storing local calendars, created if not present

View File

@ -33,6 +33,8 @@ BASE = config.get("acl", "ldap_base")
ATTRIBUTE = config.get("acl", "ldap_attribute")
CONNEXION = ldap.initialize(config.get("acl", "ldap_url"))
PERSONAL = config.getboolean("acl", "personal")
BINDDN = config.get("acl", "ldap_binddn")
PASSWORD = config.get("acl", "ldap_password")
def has_right(owner, user, password):
@ -41,6 +43,10 @@ def has_right(owner, user, password):
# User is not owner and personal calendars, or no user given, forbidden
return False
if BINDDN and PASSWORD:
log.LOGGER.debug("Initial LDAP bind as %s" % BINDDN)
CONNEXION.simple_bind_s(BINDDN, PASSWORD)
distinguished_name = "%s=%s" % (ATTRIBUTE, ldap.dn.escape_dn_chars(user))
log.LOGGER.debug("LDAP bind for %s in base %s" % (distinguished_name, BASE))

View File

@ -54,7 +54,9 @@ INITIAL_CONFIG = {
"httpasswd_encryption": "crypt",
"ldap_url": "ldap://localhost:389/",
"ldap_base": "ou=users,dc=example,dc=com",
"ldap_attribute": "uid"},
"ldap_attribute": "uid",
"ldap_binddn": "",
"ldap_password": ""},
"storage": {
"folder": os.path.expanduser("~/.config/radicale/calendars")},
"logging": {