I know you posted this a while ago, but I just wanted to thank you for this one. It was exactly what I was looking for/needed.
Maybe this one could/should go on the wiki? Noufal wrote: > Hello everyone, > I found the SQLobject LDAP identity provider on this list which > automatically creates users based on LDAP accounts. I was able to > adapt it to for my project using Elixir. I've appended the code here > just in case someone wants it. > It's based off the code from > http://groups.google.com/group/turbogears/browse_thread/thread/e273fbc0c9e9b1de/c9733e4a79370c6a?lnk=gst&q=sqlobject+ldap+identity+provider#c9733e4a79370c6a > but I removed the groups bit since it interfered with my code. > > > import os > import ldap > import turbogears > import logging > import saprovider > > class log: > default=logging.getLogger('emailgency.system.saldapprovider') > system=logging.getLogger('emailgency.system') > > class SaLdapIdentityProvider(saprovider.SqlAlchemyIdentityProvider): > """ > IdentityProvider that uses LDAP for authentication. > """ > def __init__(self): > saprovider.SqlAlchemyIdentityProvider.__init__(self) > # super(SqlAlchemyIdentityProvider, self).__init__() > # print super(SqlAlchemyIdentityProvider, self) > get = turbogears.config.get > self.host = get("identity.saldapprovider.host", > "directory.synopsys.COM") > self.port = get("identity.saldapprovider.port", 389) > self.basedn = get("identity.saldapprovider.basedn", > "o=synopsys.com") > self.autocreate = get("identity.saldapprovider.autocreate", > True) > log.default.info("host :: %s" % self.host) > log.default.info("port :: %d" % self.port) > log.default.info("basedn :: %s" % self.basedn) > log.default.info("autocreate :: %s" % self.autocreate) > > def validate_identity( self, user_name, password, visit_key ): > """ > Look up the identity represented by user_name and determine > whether the password is correct. > Must return either None if the credentials weren't valid or an > object > with the following properties: > user_name: original user name > user: a provider dependant object (TG_User or similar) > groups: a set of group IDs > permissions: a set of permission IDs > """ > if not self.autocreate: > return > saprovider.SqlAlchemyIdentityProvider.validate_identity(user_name, > password, visit_key ) > # user = > user_class.query.filter_by(user_name=user_name).first() > # if not user: > # log.warning("No such user: %s", user_name) > # return None > # if not self.validate_password(user, user_name, password): > # log.info("Passwords don't match for user: %s", > user_name) > # return None > # log.info("Associating user (%s) with visit (%s)", > # user_name, visit_key) > # return SqlAlchemyIdentity(visit_key, user) > > user=None > > user=saprovider.user_class.query.filter_by(user_name=user_name).first() > if not self.validate_password(user, user_name, password): > log.default.info( "user '%s' or password > invalid",user_name ) > return None > if not user: > try: > > user=saprovider.user_class(user_name=user_name,email_address=user_name, > display_name=user_name, password=u'ldap') > except: > log.default.error( "Creating user: %s", user_name ) > return None > else: > log.default.info( "user created: %s", user_name ) > > # Skip the groups stuff we're not interested > (Noufal) > # for gr in user.groups: user.removeGroup(gr) > # for gr_name in group_lst: > # > user.addGroup(saprovider.group_class.by_group_name(gr_name)) > # log.default.info( 'user "%s"in groups %r', > user_name,group_lst ) > # Link the user to the visit > # > link=saprovider.visit_class.query.filter_by(visit_key = visit_key) > link=saprovider.visit_class.query.filter_by(visit_key = > visit_key).first() > if link: > link.user_id = user.user_id > else: > link = > saprovider.visit_class(visit_key=visit_key,user_id=user.user_id ) > saprovider.session.flush() > return saprovider.SqlAlchemyIdentity( visit_key, user ) > > def validate_password( self, user, user_name, password ): > ''' > Validates user_name and password against an AD domain. > > ''' > ldapcon = ldap.open(self.host, self.port) > filter = "(uid=%s)" % user_name > rc = ldapcon.search(self.basedn, ldap.SCOPE_SUBTREE, filter) > objects = ldapcon.result(rc)[1] > if(len(objects) == 0): > log.default.warning("No such LDAP user: %s" % user_name) > return False > elif(len(objects) > 1): > log.default.error("Too many users: %s" % user_name) > return False > dn = objects[0][0] > try: > rc = ldapcon.simple_bind(dn, password) > ldapcon.result(rc) > except ldap.INVALID_CREDENTIALS: > log.default.error("Invalid password supplied for %s" % > user_name) > return False > return True > > > > > -- David Gardner Pipeline Tools Programmer, "Sid the Science Kid" Jim Henson Creature Shop (323) 802-1717 [EMAIL PROTECTED] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears?hl=en -~----------~----~----~----~------~----~------~--~---
