Commit f9910f05 authored by Recteur LP's avatar Recteur LP

add group_member_attr parameter

update bumpversion with beta release
parent 656f875d
......@@ -4,10 +4,19 @@ commit = True
tag = True
tag_name = {new_version}
message = Release {new_version}
parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)-?((?P<release>[a-z]+)(?P<num>\d+))?
serialize =
{major}.{minor}.{patch}-{release}{num}
{major}.{minor}.{patch}
[bumpversion:part:release]
optional_value = release
values =
beta
release
[bumpversion:file:README.md]
[bumpversion:file:VERSION]
[bumpversion:file:__init__.py]
pyrmin-ldapauth:0.3.5
=====================
Plugins to Auth against LDAP / AD servers via the Remote-User header variable.
Plugins to Auth against LDAP / AD servers with Remote-User header variable or bind user to ldap.
### Configuration File
```
#### Active Directory Example
```yaml
ldapauth:
server: my_ldap_server
port: 389
......@@ -14,6 +16,7 @@ ldapauth:
authorize_non_ldap_user: False # Set to True to Accept non LDAP user in the Remote-User Header
user_id: sAMAccountName
user_displayname: displayName
group_member_attr: memberOf
user: 'CN=svc_account,DC=example,DC=com'
password: xxx
basedn: 'DC=example,DC=com'
......@@ -21,7 +24,31 @@ ldapauth:
- 'CN=My Admin Group,DC=example,DC=com'
```
### To set up an Apache VirtualHost with mod_ldap
#### OpenLDAP Example
```yaml
ldapauth:
server: my_ldap_server
port: 389
ssl: False
version: 3
authorize_non_ldap_user: False # Set to True to Accept non LDAP user in the Remote-User Header
user_id: uid
group_member_attr: memberUid
user_displayname: gecos
user: 'CN=svc_account,DC=example,DC=com'
password: xxx
basedn: 'DC=example,DC=com'
admin:
- 'CN=My Admin Group,DC=example,DC=com'
```
*To anonymously bind ldap do not set user and password*
### To use the Remote-User header set up an Apache VirtualHost with mod_ldap for example
You could use any authentication module from Apache
```
<VirtualHost *:80>
......
......@@ -28,6 +28,8 @@ class auth():
self.config = config
if 'user_displayname' not in self.config:
self.config['user_displayname'] = 'displayName'
if 'group_member_attr' not in self.config:
self.config['group_member_attr'] = 'memberOf'
if 'server' not in self.config:
pyrmin.returnerror("No ldap server in config")
elif 'port' not in self.config:
......@@ -90,8 +92,8 @@ class auth():
def __getgroup(self, group):
if sys.version_info >= (3, 0):
self.connection.search(
search_base=self.config['basedn'],
search_filter=group,
search_base=group,
search_filter='(objectClass=*)',
search_scope=SUBTREE,
attributes=ALL_ATTRIBUTES,
get_operational_attributes=True
......@@ -103,21 +105,20 @@ class auth():
def getusersfromgroup(self, group):
users = []
if sys.version_info >= (3, 0):
for entry in self.__getresults(group):
for entry in self.__getgroup(group):
if "attributes" in entry:
attrs = entry['attributes']
users.append({
"name": attrs.get(self.config['user_id'], ['Guest'])[0],
"uid": attrs.get('uidNumber', ['None'])[0]
})
for member in attrs[self.config['group_member_attr']]:
users.append({
"name": member
})
else:
for dn, attrs in self.__getresults(group):
for dn, attrs in self.__getgroup(group):
if dn and attrs:
pyrmin.log.debug(attrs.get(self.config['user_id'], ['Guest'])[0])
users.append({
"name": attrs.get(self.config['user_id'], ['Guest'])[0],
"uid": attrs.get('uidNumber', ['None'])[0]
})
for member in attrs[self.config['group_member_attr']]:
users.append({
"name": member
})
return users
def auth(self, name, password):
......@@ -165,7 +166,7 @@ class auth():
isadmin = False
admins = []
for group in self.config['admin']:
admins = self.getusersfromgroup("(&(memberOf=" + group + "))")
admins = self.getusersfromgroup(group)
for admin in admins:
if 'name' in admin and name.lower() == admin['name'].lower():
isadmin = True
......@@ -198,7 +199,7 @@ class auth():
isadmin = False
admins = []
for group in self.config['admin']:
admins = self.getusersfromgroup("memberOf=" + group)
admins = self.getusersfromgroup(group)
for admin in admins:
if 'name' in admin and name.lower() == admin['name'].lower():
isadmin = True
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment