Commit fe3a02b8 authored by Recteur LP's avatar Recteur LP

add README File and user_id config parameter

parent ec9b1071
pyrmin-ldapauth
===============
Plugins to Auth against LDAP / AD servers via the Remote-User header variable.
### Configuration File
```
ldapauth:
server: my_ldap_server
port: 389
ssl: False
version: 3
user_id: sAMAccountName
user: 'CN=svc_account,DC=example,DC=com'
password: xxx
basedn: 'DC=example,DC=com'
admin:
- 'CN=My Admin Group,DC=example,DC=com'
```
### To set up an Apache VirtualHost with mod_ldap
```
<VirtualHost *:80>
<Location "/">
AuthType Basic
AuthName "LDAP Protected"
AuthBasicProvider ldap
AuthLDAPURL "ldap://<server>/<basedn>?<login_attribute>?sub?<filter>"
AuthLDAPBindDN ""
AuthLDAPBindPassword xxxx
Require valid-user
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . - [E=RU:%1]
RequestHeader add REMOTE_USER %{RU}e
ProxyPreserveHost On
ProxyPass <pyrmin_url>
ProxyPassReverse <pyrmin_url>
</Location>
</VirtualHost>
```
......@@ -92,12 +92,13 @@ class auth():
else:
for dn, attrs in self.__getresults(group):
if dn and attrs:
pyrmin.log.debug(attrs.get('sAMAccountName', [ 'Guest' ])[0])
users.append({ "name": attrs.get('sAMAccountName', [ 'Guest' ])[0], "uid": attrs.get('uidNumber', [ 'None' ])[0] })
return users
def get(self, name):
if sys.version_info >= (3,0):
filter = "(&(samAccountName=" + name + "))"
filter = "(&(" + self.config['user_id'] + "=" + name + "))"
for entry in self.__getresults(filter):
if "attributes" in entry:
attrs = entry['attributes']
......@@ -114,10 +115,9 @@ class auth():
for group in self.config['admin']:
admins = self.getusersfromgroup("(&(memberOf=" + group + "))")
for admin in admins:
pyrmin.log.debug(admin)
if 'name' in admin and name.lower() == admin['name'].lower():
isadmin = True
break
break
if isadmin:
break
return {
......@@ -132,7 +132,7 @@ class auth():
"img": gravatar_url
}
else:
filter = "(&(cn=" + name + ")(!(objectClass=computer)))"
filter = "(&(" + self.config['user_id'] + "=" + name + ")(!(objectClass=computer)))"
for dn, attrs in self.__getresults(filter):
name = attrs.get('sAMAccountName', [ 'Guest' ])[0]
mail = str(attrs.get('mail')[0]).decode('utf-8').lower()
......@@ -147,10 +147,9 @@ class auth():
for group in self.config['admin']:
admins = self.getusersfromgroup("memberOf=" + group)
for admin in admins:
pyrmin.log.debug(admin)
if 'name' in admin and name.lower() == admin['name'].lower():
isadmin = True
break
break
if isadmin:
break
return {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment