Allow authentication before LDAP searches (patch from Łukasz)
This commit is contained in:
parent
0171690af5
commit
2830afd71d
5
config
5
config
@ -48,6 +48,11 @@ ldap_url = ldap://localhost:389/
|
||||
ldap_base = ou=users,dc=example,dc=com
|
||||
# LDAP login attribute
|
||||
ldap_attribute = uid
|
||||
# LDAP dn for initial login, used if LDAP server does not allow anonymous searches
|
||||
# Leave empty if searches are anonymous
|
||||
ldap_binddn =
|
||||
# LDAP password for initial login, used with ldap_binddn
|
||||
ldap_password =
|
||||
|
||||
[storage]
|
||||
# Folder for storing local calendars, created if not present
|
||||
|
@ -33,6 +33,8 @@ BASE = config.get("acl", "ldap_base")
|
||||
ATTRIBUTE = config.get("acl", "ldap_attribute")
|
||||
CONNEXION = ldap.initialize(config.get("acl", "ldap_url"))
|
||||
PERSONAL = config.getboolean("acl", "personal")
|
||||
BINDDN = config.get("acl", "ldap_binddn")
|
||||
PASSWORD = config.get("acl", "ldap_password")
|
||||
|
||||
|
||||
def has_right(owner, user, password):
|
||||
@ -41,6 +43,10 @@ def has_right(owner, user, password):
|
||||
# User is not owner and personal calendars, or no user given, forbidden
|
||||
return False
|
||||
|
||||
if BINDDN and PASSWORD:
|
||||
log.LOGGER.debug("Initial LDAP bind as %s" % BINDDN)
|
||||
CONNEXION.simple_bind_s(BINDDN, PASSWORD)
|
||||
|
||||
distinguished_name = "%s=%s" % (ATTRIBUTE, ldap.dn.escape_dn_chars(user))
|
||||
log.LOGGER.debug("LDAP bind for %s in base %s" % (distinguished_name, BASE))
|
||||
|
||||
|
@ -54,7 +54,9 @@ INITIAL_CONFIG = {
|
||||
"httpasswd_encryption": "crypt",
|
||||
"ldap_url": "ldap://localhost:389/",
|
||||
"ldap_base": "ou=users,dc=example,dc=com",
|
||||
"ldap_attribute": "uid"},
|
||||
"ldap_attribute": "uid",
|
||||
"ldap_binddn": "",
|
||||
"ldap_password": ""},
|
||||
"storage": {
|
||||
"folder": os.path.expanduser("~/.config/radicale/calendars")},
|
||||
"logging": {
|
||||
|
Loading…
Reference in New Issue
Block a user