diff options
-rw-r--r-- | README.LDAP | 11 | ||||
-rw-r--r-- | RepSys/plugins/ldapusers.py | 49 |
2 files changed, 47 insertions, 13 deletions
diff --git a/README.LDAP b/README.LDAP index 863be6d..c22a7fa 100644 --- a/README.LDAP +++ b/README.LDAP @@ -3,7 +3,13 @@ A Repsys plugin for obtaining users from a LDAP server. In order to enable the plugin, the user must define the following options in the [global] section of repsys.conf: - ldap-server [required] + ldap-uri [required if ldap-server is unset] + the URI of the server, you can refer to more than one server by + adding more URIs separated by spaces:: + + ldap-uri = ldap://ldap.network/ ldaps://backup.network:22389/ + + ldap-server [required if ldap-uri is unset] the host name of the LDAP server ldap-port [optional] [default: 389] the port of the LDAP server @@ -13,6 +19,9 @@ options in the [global] section of repsys.conf: the DN used to bind ldap-bindpw [optional] [default: empty] the password used to bind + ldap-starttls [optional] [default: no] + use "yes" or "no" to enable or disable the use of the STARTTLS + LDAP extension ldap-filterformat [optional] [default: (&(objectClass=inetOrgPerson)(uid=$username))] RFC-2254 filter string used in the search of the user entry. diff --git a/RepSys/plugins/ldapusers.py b/RepSys/plugins/ldapusers.py index 75d362c..e56371d 100644 --- a/RepSys/plugins/ldapusers.py +++ b/RepSys/plugins/ldapusers.py @@ -4,7 +4,13 @@ A Repsys plugin for obtaining users from a LDAP server. In order to enable the plugin, the user must define the following options in the [global] section of repsys.conf: - ldap-server [required] + ldap-uri [required if ldap-server is unset] + the URI of the server, you can refer to more than one server by + adding more URIs separated by spaces:: + + ldap-uri = ldap://ldap.network/ ldaps://backup.network:22389/ + + ldap-server [required if ldap-uri is unset] the host name of the LDAP server ldap-port [optional] [default: 389] the port of the LDAP server @@ -14,6 +20,9 @@ options in the [global] section of repsys.conf: the DN used to bind ldap-bindpw [optional] [default: empty] the password used to bind + ldap-starttls [optional] [default: no] + use "yes" or "no" to enable or disable the use of the STARTTLS + LDAP extension ldap-filterformat [optional] [default: (&(objectClass=inetOrgPerson)(uid=$username))] RFC-2254 filter string used in the search of the user entry. @@ -95,12 +104,23 @@ def used_attributes(format): return dd.found def make_handler(): - server = config.get("global", "ldap-server") - try: - port = int(config.get("global", "ldap-port", 389)) - except ValueError: - raise Error, "the option ldap-port requires an integer, please "\ - "check your configuration files" + uri = config.get("global", "ldap-uri") + if not uri: + server = config.get("global", "ldap-server") + if not server: + # ldap support is not enabled if ldap-uri nor ldap-server are + # defined + def dummy_wrapper(section, option=None, default=None, walk=False): + return config.get(section, option, default, wrap=False) + return dummy_wrapper + + try: + port = int(config.get("global", "ldap-port", 389)) + except ValueError: + raise Error, "the option ldap-port requires an integer, please "\ + "check your configuration files" + uri = "ldap://%s:%d" % (server, port) + basedn = config.get("global", "ldap-base") binddn = config.get("global", "ldap-binddn") bindpw = config.get("global", "ldap-bindpw", "") @@ -108,10 +128,13 @@ def make_handler(): "(&(objectClass=inetOrgPerson)(uid=$username))", raw=1) format = config.get("global", "ldap-resultformat", "$cn <$mail>", raw=1) - if server is None: - def dummy_wrapper(section, option=None, default=None, walk=False): - return config.get(section, option, default, wrap=False) - return dummy_wrapper + valid = {"yes": True, "no": False} + raw = config.get("global", "ldap-starttls", "no") + try: + starttls = valid[raw] + except KeyError: + raise Error, "invalid value %r for ldap-starttls, use "\ + "'yes' or 'no'" % raw try: import ldap @@ -133,7 +156,9 @@ def make_handler(): return value try: - l = ldap.open(server, port) + l = ldap.initialize(uri) + if starttls: + l.start_tls_s() if binddn: l.bind(binddn, bindpw) except ldap.LDAPError, e: |