support for authentik, switch to ldap

2022-07-02 15:53:08 +02:00
parent 5ca21d4f46
commit 4d9221b37a
2 changed files with 5 additions and 58 deletions
--- a/radicale3_auth_ldap/init.py
+++ b/radicale3_auth_ldap/init.py
@@ -26,8 +26,7 @@ Authentication based on the ``ldap3`` module
 """


-import ldap3
-import ldap3.core.exceptions
+import ldap

 from radicale.auth import BaseAuth
 from radicale.log import logger
@@ -75,58 +74,6 @@ class Auth(BaseAuth):
        SCOPE = self.configuration.get("auth", "ldap_scope")
        SUPPORT_EXTENDED = self.configuration.get("auth", "ldap_support_extended")
        
-        if BINDDN and PASSWORD:
-            conn = ldap3.Connection(SERVER, BINDDN, PASSWORD)
-        else:
-            conn = ldap3.Connection(SERVER)
-        conn.bind()
-
-        try:
-            logger.debug("LDAP whoami: %s" % conn.extend.standard.who_am_i())
-        except Exception as err:
-            logger.debug("LDAP error: %s" % err)
-
-        distinguished_name = "%s=%s" % (ATTRIBUTE, ldap3imports.escape_attribute_value(user))
-        logger.debug("LDAP bind for %s in base %s" % (distinguished_name, BASE))
-
-        if FILTER:
-            filter_string = "(&(%s)%s)" % (distinguished_name, FILTER)
-        else:
-            filter_string = distinguished_name
-        logger.debug("LDAP filter: %s" % filter_string)
-
-        conn.search(search_base=BASE,
-                    search_scope=SCOPE,
-                    search_filter=filter_string,
-                    attributes=[ATTRIBUTE])
-
-        users = conn.response
-
-        if users:
-            user_dn = users[0]['dn']
-            uid = users[0]['attributes'][ATTRIBUTE]
-            logger.debug("LDAP user %s (%s) found" % (uid, user_dn))
-            try:
-                conn = ldap3.Connection(SERVER, user_dn, password)
-                conn.bind()
-                logger.debug(conn.result)
-                if SUPPORT_EXTENDED:
-                    whoami = conn.extend.standard.who_am_i()
-                    logger.debug("LDAP whoami: %s" % whoami)
-                else:
-                    logger.debug("LDAP skip extended: call whoami")
-                    whoami = conn.result['result'] == 0
-                if whoami:
-                    logger.debug("LDAP bind OK")
-                    return uid[0]
-                else:
-                    logger.debug("LDAP bind failed")
-                    return ""
-            except ldap3.core.exceptions.LDAPInvalidCredentialsResult:
-                logger.debug("LDAP invalid credentials")
-            except Exception as err:
-                logger.debug("LDAP error %s" % err)
-            return ""
-        else:
-            logger.debug("LDAP user %s not found" % user)
-            return ""
+        cn_name = f"cn={user}, {BASE}"
+        conn = ldap(SERVER)
+        conn.simple_bind_s(cn_name, password)