YunoHost/moulinette
1
0
Fork 0
mirror of https://github.com/YunoHost/moulinette.git synced 2024-09-03 20:06:31 +02:00
Code Issues Projects Releases Packages Wiki Activity

Use sasl authentication for LDAP (by root user)

Browse source
This commit is contained in:
Josué Tille 2018-11-27 13:04:17 +01:00
parent 9720bd1a7c
commit 35988d9273
3 changed files with 28 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
data/actionsmap/test.yml
View file

@ -13,7 +13,7 @@ _global:
parameters: parameters:
uri: ldap://localhost:389 uri: ldap://localhost:389
base_dn: dc=yunohost,dc=org base_dn: dc=yunohost,dc=org
user_rdn: cn=admin user_rdn: cn=admin,dc=yunohost,dc=org
ldap-anonymous: ldap-anonymous:
vendor: ldap vendor: ldap
parameters: parameters:
@ -25,7 +25,14 @@ _global:
parameters: parameters:
uri: ldap://localhost:389 uri: ldap://localhost:389
base_dn: dc=yunohost,dc=org base_dn: dc=yunohost,dc=org
user_rdn: cn=admin user_rdn: cn=admin,dc=yunohost,dc=org
as-root:
vendor: ldap
parameters:
# We can get this uri by (urllib.quote_plus('/var/run/slapd/ldapi')
uri: ldapi://%2Fvar%2Frun%2Fslapd%2Fldapi
base_dn: dc=yunohost,dc=org
user_rdn: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
argument_auth: true argument_auth: true
lock: false lock: false
@ -52,6 +59,11 @@ test:
configuration: configuration:
authenticate: authenticate:
- cli - cli
root-auth:
api: GET /test/root-auth
configuration:
authenticate: all
authenticator: as-root
anonymous: anonymous:
api: GET /test/anon api: GET /test/anon
configuration: configuration:

4
lib/test/test.py
View file

@ -17,3 +17,7 @@ def test_auth_cli():
def test_anonymous(): def test_anonymous():
return {'action': 'anonymous', return {'action': 'anonymous',
'authenticator': 'ldap-anonymous', 'authenticate': 'all'} 'authenticator': 'ldap-anonymous', 'authenticate': 'all'}
def test_root():
return {'action': 'root-auth',
'authenticator': 'as-root', 'authenticate': 'all'}

9
moulinette/authenticators/ldap.py
View file

@ -8,6 +8,7 @@ import random
import string import string
import crypt import crypt
import ldap import ldap
import ldap.sasl
import ldap.modlist as modlist import ldap.modlist as modlist
from moulinette import m18n from moulinette import m18n
@ -41,7 +42,10 @@ class Authenticator(BaseAuthenticator):
self.uri = uri self.uri = uri
self.basedn = base_dn self.basedn = base_dn
if user_rdn: if user_rdn:
self.userdn = '%s,%s' % (user_rdn, base_dn) self.userdn = user_rdn
if 'cn=external,cn=auth' in user_rdn:
self.authenticate(None)
else:
self.con = None self.con = None
else: else:
# Initialize anonymous usage # Initialize anonymous usage
@ -78,6 +82,9 @@ class Authenticator(BaseAuthenticator):
try: try:
con = ldap.initialize(self.uri) con = ldap.initialize(self.uri)
if self.userdn: if self.userdn:
if 'cn=external,cn=auth' in self.userdn:
con.sasl_non_interactive_bind_s('EXTERNAL')
else:
con.simple_bind_s(self.userdn, password) con.simple_bind_s(self.userdn, password)
else: else:
con.simple_bind_s() con.simple_bind_s()