William Stein a écrit : > > > Why don't we work together on this.
Yes :-) >Write a pure-python file > called something like "notebook_ldap.py" that provides a > simple interface to the ldap stuff you have setup. Show > some examples of how to use it from the command line > to authenticate a user. Then I bet *i* can easily plug your > code into the notebook so that it will work. > > I have written scripts to perform ldap identification (but they are not yet integrated in Sage). The files are joint. It works with my ldap server. The class notebook_ldap (the name will certainly change) has: -a start(self) method which performs a persisting connection on the server, -a search(self,user,passwd) method. Both return True or False if they succeed or not. I am absolutely not sure that it will work out of my lab... It seems that, with an Active Directory, TLS is not used, but SSL is. Changing ldap:// in ldaps:// and puting self.withTLS=False should work, but I have no mean to verify. If if works "everywhere", insertion into Sage will be possible. I'm waiting for comments, suggestions and so on... Yours t.d. -- Thierry Dumont. Institut Camille Jordan -- Mathematiques-- Univ. Lyon I,43 Bd du 11 Novembre 1918, 69622 - Villeurbanne Cedex - France. [EMAIL PROTECTED] web: http://math.univ-lyon1.fr/~tdumont
#!/usr/bin/env python
import sys,getpass
from notebook_ldap import *
x=notebook_ldap()
# initialize connection to server
if x.start():
print 'connection to ldap server is ok.'
else:
print 'impossible to connect to ldap server'
sys.exit()
# user name must be on the command line.
# get the passwd:
cred=getpass.getpass()
#try some identifications:
print "With arg[1] and your password: ",x.search(sys.argv[1],cred),'\n'
# Whatever the preceeding request returned True or False,
# the following ones will certainly return false:
print x.search('bla',cred),'\n'
print x.search(sys.argv[1],'bla'),'\n'
#and this should again be ok:
print x.search(sys.argv[1],cred)
"""
Simple ldap identification.
"""
import sys,ldap
class notebook_ldap:
def __init__(self):
# change this to fit your configuration.
# ( for ssl, you should have self.server='ldaps//....'
# and self.withTLS=False )
self.server='ldap://ldap-math.univ-lyon1.fr'
self.base='o=people,dc=math,dc=univ-lyon1,dc=fr'
self.CAPath='/etc/ssl/certs/ca-certificates.crt'
self.withTLS=True
def start(self):
# we want to test the connection; thus all this cannot go
# in __init__
try:
self.l = ldap.initialize(self.server)
self.l.set_option(ldap.OPT_X_TLS_DEMAND, self.withTLS)
self.l = ldap.initialize(self.server)
self.l.set_option(ldap.OPT_X_TLS_DEMAND, self.withTLS)
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,self.CAPath)
self.l.start_tls_s()
self.l.bind_s("", "")
return True
except ldap.CONNECT_ERROR:
print "connection impossible with ldap server"
return False
except ldap.LDAPError,e:
print "configuration or ldap server problem"
return False
def search(self,user,cred):
# check for a username 'user' and a password 'cred'.
# if the result is False and you are sure that 'user' and 'cred'
# are ok, check self.base.
try:
res = self.l.search_s(self.base, ldap.SCOPE_SUBTREE,
'uid='+user,[''])
if res!=[]:
for dn,hash in res:
my_dn=dn
self.l.simple_bind_s(my_dn,cred)
return True;
else:
print "Incorrect user name"
return False
except ldap.INVALID_CREDENTIALS:
print "Your username or password is incorrect."
return False
except ldap.CONNECT_ERROR:
print "connection impossible with ldap server"
return False
except ldap.LDAPError, e:
print "configuration or ldap server problem"
return False
begin:vcard fn:Thierry Dumont n:Dumont;Thierry org;quoted-printable:CNRS - Universit=C3=A9 Lyon 1.;Institut Camille Jordan adr:;;43 Bd du 11 Novembre;Villeurbanne Cedex;F;69621;France email;internet:[EMAIL PROTECTED] title;quoted-printable:Ing=C3=A9nieur de Recherche/Research Ingeneer x-mozilla-html:FALSE url:http://math.univ-lyon1.fr/~tdumont version:2.1 end:vcard
smime.p7s
Description: S/MIME Cryptographic Signature
