William Stein a écrit : > > > Why don't we work together on this.
Yes :-) >Write a pure-python file > called something like "notebook_ldap.py" that provides a > simple interface to the ldap stuff you have setup. Show > some examples of how to use it from the command line > to authenticate a user. Then I bet *i* can easily plug your > code into the notebook so that it will work. > > I have written scripts to perform ldap identification (but they are not yet integrated in Sage). The files are joint. It works with my ldap server. The class notebook_ldap (the name will certainly change) has: -a start(self) method which performs a persisting connection on the server, -a search(self,user,passwd) method. Both return True or False if they succeed or not. I am absolutely not sure that it will work out of my lab... It seems that, with an Active Directory, TLS is not used, but SSL is. Changing ldap:// in ldaps:// and puting self.withTLS=False should work, but I have no mean to verify. If if works "everywhere", insertion into Sage will be possible. I'm waiting for comments, suggestions and so on... Yours t.d. -- Thierry Dumont. Institut Camille Jordan -- Mathematiques-- Univ. Lyon I,43 Bd du 11 Novembre 1918, 69622 - Villeurbanne Cedex - France. [EMAIL PROTECTED] web: http://math.univ-lyon1.fr/~tdumont
#!/usr/bin/env python import sys,getpass from notebook_ldap import * x=notebook_ldap() # initialize connection to server if x.start(): print 'connection to ldap server is ok.' else: print 'impossible to connect to ldap server' sys.exit() # user name must be on the command line. # get the passwd: cred=getpass.getpass() #try some identifications: print "With arg[1] and your password: ",x.search(sys.argv[1],cred),'\n' # Whatever the preceeding request returned True or False, # the following ones will certainly return false: print x.search('bla',cred),'\n' print x.search(sys.argv[1],'bla'),'\n' #and this should again be ok: print x.search(sys.argv[1],cred)
""" Simple ldap identification. """ import sys,ldap class notebook_ldap: def __init__(self): # change this to fit your configuration. # ( for ssl, you should have self.server='ldaps//....' # and self.withTLS=False ) self.server='ldap://ldap-math.univ-lyon1.fr' self.base='o=people,dc=math,dc=univ-lyon1,dc=fr' self.CAPath='/etc/ssl/certs/ca-certificates.crt' self.withTLS=True def start(self): # we want to test the connection; thus all this cannot go # in __init__ try: self.l = ldap.initialize(self.server) self.l.set_option(ldap.OPT_X_TLS_DEMAND, self.withTLS) self.l = ldap.initialize(self.server) self.l.set_option(ldap.OPT_X_TLS_DEMAND, self.withTLS) ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,self.CAPath) self.l.start_tls_s() self.l.bind_s("", "") return True except ldap.CONNECT_ERROR: print "connection impossible with ldap server" return False except ldap.LDAPError,e: print "configuration or ldap server problem" return False def search(self,user,cred): # check for a username 'user' and a password 'cred'. # if the result is False and you are sure that 'user' and 'cred' # are ok, check self.base. try: res = self.l.search_s(self.base, ldap.SCOPE_SUBTREE, 'uid='+user,['']) if res!=[]: for dn,hash in res: my_dn=dn self.l.simple_bind_s(my_dn,cred) return True; else: print "Incorrect user name" return False except ldap.INVALID_CREDENTIALS: print "Your username or password is incorrect." return False except ldap.CONNECT_ERROR: print "connection impossible with ldap server" return False except ldap.LDAPError, e: print "configuration or ldap server problem" return False
begin:vcard fn:Thierry Dumont n:Dumont;Thierry org;quoted-printable:CNRS - Universit=C3=A9 Lyon 1.;Institut Camille Jordan adr:;;43 Bd du 11 Novembre;Villeurbanne Cedex;F;69621;France email;internet:[EMAIL PROTECTED] title;quoted-printable:Ing=C3=A9nieur de Recherche/Research Ingeneer x-mozilla-html:FALSE url:http://math.univ-lyon1.fr/~tdumont version:2.1 end:vcard
smime.p7s
Description: S/MIME Cryptographic Signature