support for authentik, switch to ldap
This commit is contained in:
Sebastian Rust
@@ -26,8 +26,7 @@ Authentication based on the ``ldap3`` module
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
|
|
||||||
import ldap3
|
import ldap
|
||||||
import ldap3.core.exceptions
|
|
||||||
|
|
||||||
from radicale.auth import BaseAuth
|
from radicale.auth import BaseAuth
|
||||||
from radicale.log import logger
|
from radicale.log import logger
|
||||||
@@ -75,58 +74,6 @@ class Auth(BaseAuth):
|
|||||||
SCOPE = self.configuration.get("auth", "ldap_scope")
|
SCOPE = self.configuration.get("auth", "ldap_scope")
|
||||||
SUPPORT_EXTENDED = self.configuration.get("auth", "ldap_support_extended")
|
SUPPORT_EXTENDED = self.configuration.get("auth", "ldap_support_extended")
|
||||||
|
|
||||||
if BINDDN and PASSWORD:
|
cn_name = f"cn={user}, {BASE}"
|
||||||
conn = ldap3.Connection(SERVER, BINDDN, PASSWORD)
|
conn = ldap(SERVER)
|
||||||
else:
|
conn.simple_bind_s(cn_name, password)
|
||||||
conn = ldap3.Connection(SERVER)
|
|
||||||
conn.bind()
|
|
||||||
|
|
||||||
try:
|
|
||||||
logger.debug("LDAP whoami: %s" % conn.extend.standard.who_am_i())
|
|
||||||
except Exception as err:
|
|
||||||
logger.debug("LDAP error: %s" % err)
|
|
||||||
|
|
||||||
distinguished_name = "%s=%s" % (ATTRIBUTE, ldap3imports.escape_attribute_value(user))
|
|
||||||
logger.debug("LDAP bind for %s in base %s" % (distinguished_name, BASE))
|
|
||||||
|
|
||||||
if FILTER:
|
|
||||||
filter_string = "(&(%s)%s)" % (distinguished_name, FILTER)
|
|
||||||
else:
|
|
||||||
filter_string = distinguished_name
|
|
||||||
logger.debug("LDAP filter: %s" % filter_string)
|
|
||||||
|
|
||||||
conn.search(search_base=BASE,
|
|
||||||
search_scope=SCOPE,
|
|
||||||
search_filter=filter_string,
|
|
||||||
attributes=[ATTRIBUTE])
|
|
||||||
|
|
||||||
users = conn.response
|
|
||||||
|
|
||||||
if users:
|
|
||||||
user_dn = users[0]['dn']
|
|
||||||
uid = users[0]['attributes'][ATTRIBUTE]
|
|
||||||
logger.debug("LDAP user %s (%s) found" % (uid, user_dn))
|
|
||||||
try:
|
|
||||||
conn = ldap3.Connection(SERVER, user_dn, password)
|
|
||||||
conn.bind()
|
|
||||||
logger.debug(conn.result)
|
|
||||||
if SUPPORT_EXTENDED:
|
|
||||||
whoami = conn.extend.standard.who_am_i()
|
|
||||||
logger.debug("LDAP whoami: %s" % whoami)
|
|
||||||
else:
|
|
||||||
logger.debug("LDAP skip extended: call whoami")
|
|
||||||
whoami = conn.result['result'] == 0
|
|
||||||
if whoami:
|
|
||||||
logger.debug("LDAP bind OK")
|
|
||||||
return uid[0]
|
|
||||||
else:
|
|
||||||
logger.debug("LDAP bind failed")
|
|
||||||
return ""
|
|
||||||
except ldap3.core.exceptions.LDAPInvalidCredentialsResult:
|
|
||||||
logger.debug("LDAP invalid credentials")
|
|
||||||
except Exception as err:
|
|
||||||
logger.debug("LDAP error %s" % err)
|
|
||||||
return ""
|
|
||||||
else:
|
|
||||||
logger.debug("LDAP user %s not found" % user)
|
|
||||||
return ""
|
|
||||||
|
|||||||
2
setup.py
2
setup.py
@@ -8,5 +8,5 @@ setup(
|
|||||||
description="LDAP Authentication Plugin for Radicale 3",
|
description="LDAP Authentication Plugin for Radicale 3",
|
||||||
author="Raoul Thill",
|
author="Raoul Thill",
|
||||||
license="GNU GPL v3",
|
license="GNU GPL v3",
|
||||||
install_requires=["radicale >= 3.0", "ldap3 >= 2.3"],
|
install_requires=["radicale >= 3.0", "ldap"],
|
||||||
packages=["radicale3_auth_ldap"])
|
packages=["radicale3_auth_ldap"])
|
||||||
|
|||||||
Reference in New Issue
Block a user