To be complete. The code in my previous post is store into /usr/lib/python2.4/site- packages/TurboGears-1.0-py2.4.egg/turbogears/identity/ soldapprovider.py
I modified a section into /usr/lib/python2.4/site-packages/ TurboGears-1.0-py2.4.egg/EGG-INFO/entry_points.txt [turbogears.identity.provider] soldapprovider = turbogears.identity.soldapprovider:SoLdapIdentityProvider and myproject/config/app.cfg identity.soldapprovider.host = "localhost" identity.soldapprovider.port = 389 identity.soldapprovider.basedn = "dc=asxnet,dc=loc" identity.soldapprovider.login = "cn=nobody,cn=internal,dc=asxnet,dc=loc" identity.soldapprovider.password="**************" identity.soldapprovider.autocreate = False On 29 jan, 10:30, "aspineux" <[EMAIL PROTECTED]> wrote: > Hello I wrote yet anoter version of solapprovier.py > > The originality is to duplicate LDAP data into 'local' tables, just > for identity usage. > > - This is a sample, customized for my need and freshly written, you > will have to modify the code for your own use ! > - This one create new user at first login > - This one search for groups defined into LDAP and create groups into > SQLObject > - Groups and user data are refreshed at every new loggon > - I don't use User, Groups, Permission for anything else than for > Identity module > - I upgraded field User.user_name to 255 (default 16) to contains > email address > - I need to delete unneeded users (any expired connections) somewhere, > at bootup, but also in a scheduled way. > > What is fucking missing into TG is a template or a description of what > is required to write its own s[oa]provider.py. > For example to make a in memory version ! > > any comment is welcome > > import ldap, ldapurl > > import soprovider > import sqlobject > import turbogears, cherrypy > > import logging > > class log: > default=logging.getLogger('emailgency.system.soldapprovider') > system=logging.getLogger('emailgency.system') > > class SoLdapIdentityProvider(soprovider.SqlObjectIdentityProvider): > """ > IdentityProvider that uses LDAP for authentication. > """ > > def __init__(self): > super(SoLdapIdentityProvider, self).__init__() > get = turbogears.config.get > > self.host = get("identity.soldapprovider.host", "localhost") > self.port = get("identity.soldapprovider.port", 389) > self.basedn = get("identity.soldapprovider.basedn", > "dc=localhost") > self.login = get("identity.soldapprovider.login", > "cn=nobody,cn=internal,"+self.basedn) > self.password = get("identity.soldapprovider.password", "") > self.autocreate = get("identity.soldapprovider.autocreate", > False) > # self.filter = get("identity.soldapprovider.filter", "(mail=% > (username)s)") > > log.default.info("host :: %s" % self.host) > log.default.info("port :: %d" % self.port) > log.default.info("basedn :: %s" % self.basedn) > log.default.info("login :: %s" % self.login) > log.default.info("password :: %s" % "********") > log.default.info("autocreate :: %s" % self.autocreate) > # log.default.info("filter :: %s" % self.filter) > > self.ldap_url=ldapurl.LDAPUrl('ldap://%s:%d/%s' % (self.host, > self.port, self.basedn)) > self.ldap_url.applyDefaults({ 'who': self.login, 'cred' : > self.password, }) > self.ldap_con=None > > def validate_identity( self, user_name, password, visit_key ): > ''' > Look up the identity represented by user_name and determine > whether the > password is correct. > > Must return either None if the credentials weren't valid or an > object > with the following properties: > user_name: original user name > user: a provider dependant object (TG_User or similar) > groups: a set of group IDs > permissions: a set of permission IDs > ''' > # if not self.autocreate: > # return super(SoLdapIdentityProvider, > self).validate_identity(user_name, password, visit_key ) > > user_name=soprovider.to_db_encoding( user_name, > self.user_class_db_encoding ) > user=None > group_lst=self.validate_password(user, user_name, password) > if not group_lst: > log.default.info( "user '%s' or password invalid", > user_name ) > return None > > try: > user=soprovider.user_class.by_user_name( user_name ) > except sqlobject.SQLObjectNotFound: > try: > user=soprovider.user_class(user_name=user_name, > email_address=user_name, display_name=user_name, password='ldap') > except: > log.default.error( "Creating user: %s", user_name ) > return None > else: > log.default.info( "user created: %s", user_name ) > > for gr in user.groups: user.removeGroup(gr) > for gr_name in group_lst: > user.addGroup(soprovider.group_class.by_group_name(gr_name)) > > log.default.info( 'user "%s"in groups %r', user_name, > group_lst ) > > # Link the user to the visit > try: > link=soprovider.visit_class.by_visit_key( visit_key ) > link.user_id= user.id > except sqlobject.SQLObjectNotFound: > link= soprovider.visit_class( visit_key=visit_key, > user_id=user.id ) > return soprovider.SqlObjectIdentity( visit_key, user ) > > def validate_password( self, user, user_name, password ): > """ Validates user_name and password against an LDAP > directory > and retrieve information about groups and permissions""" > > if not self.ldap_con: > try: > > self.ldap_con=ldap.ldapobject.ReconnectLDAPObject(self.ldap_url.initial > izeUrl()) > self.ldap_con.simple_bind_s(self.ldap_url.who, > self.ldap_url.cred) > except ldap.INVALID_CREDENTIALS: > log.error("invalid ldap credential for %s" % > self.ldap_url.who) > self.ldap_con=None > raise > except ldap.LDAPError: > log.exception('cannot initialize primary ldap > connection: %s', self.ldap_url.initializeUrl()) > self.ldap_con=None > raise > > filter="(&(uid=%(username)s)(objectclass=kolabInetOrgPerson))" > % { 'username' :user_name } # uid because dom. maintainer doesn't have > any email address > try: > objects=self.ldap_con.search_s(self.basedn, > ldap.SCOPE_SUBTREE, filter) > except ldap.LDAPError: > log.exception('searching ldap for %s', filter) > self.ldap_con=None > raise > > if len(objects)==0: > log.warning("No such LDAP user: %s" % user_name) > return False > elif len(objects)>1: > log.error("Too many users: %s" % user_name) > return False > > # open a ldap connection as user_name with provided > credentials > dn=objects[0][0] > try: > ldap_url=ldapurl.LDAPUrl('ldap://%s:%d/%s' % (self.host, > self.port, self.basedn)) > ldap_url.applyDefaults({ 'who': dn, 'cred' : password, }) > > ldap_con=ldap.ldapobject.ReconnectLDAPObject(ldap_url.initializeUrl()) > ldap_con.simple_bind_s(ldap_url.who, ldap_url.cred) > except ldap.INVALID_CREDENTIALS: > log.error("Invalid password supplied for %s" % user_name) > return False > except ldap.LDAPError: > log.exception('cannot initialize ldap connection with %s', > self.ldap_url.initializeUrl()) > raise > > # keep connection for further use by user > cherrypy.session['ldap_url']=ldap_url > cherrypy.session['ldap_con']=ldap_con > > # Now retriev information about groups and permissions > > try: > filter='(member=%s)' % dn > rc=self.ldap_con.search_s(self.ldap_url.dn, > ldap.SCOPE_SUBTREE, filter, ['dn']) > except ldap.LDAPError: > log.error("Error searching groups for %s" % user_name) > self.ldap_con=None > raise > > # group is a type and then can contain only one element > group=None > for gr, gr_dn in [ ('admin', > 'cn=admin,cn=internal,dc=asxnet,dc=loc') , > ( 'admin', > 'cn=maintainer,cn=internal,dc=asxnet,dc=loc') , > ('domain-admin', 'cn=domain- > maintainer,cn=internal,dc=asxnet,dc=loc') ]: > gr_dn=ldap.explode_dn(gr_dn) > for dn, o in rc: > if ldap.explode_dn(dn)==gr_dn: > group=[ gr ] > break > if group: > break > > if not group: group=['user'] > > return group --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to turbogears@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears?hl=en -~----------~----~----~----~------~----~------~--~---