mediagoblin/plugins/ldap/tools.py

   1 # GNU MediaGoblin -- federated, autonomous media hosting
   2 # Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
   3 #
   4 # This program is free software: you can redistribute it and/or modify
   5 # it under the terms of the GNU Affero General Public License as published by
   6 # the Free Software Foundation, either version 3 of the License, or
   7 # (at your option) any later version.
   8 #
   9 # This program is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU Affero General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU Affero General Public License
  15 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16 import ldap
  17 import logging
  18
  19 from mediagoblin.tools import pluginapi
  20
  21 _log = logging.getLogger(__name__)
  22
  23
  24 class LDAP(object):
  25     def __init__(self):
  26         self.ldap_settings = pluginapi.get_config('mediagoblin.plugins.ldap')
  27
  28     def _connect(self, server):
  29         _log.info('Connecting to {0}.'.format(server['LDAP_SERVER_URI']))
  30         self.conn = ldap.initialize(server['LDAP_SERVER_URI'])
  31
  32         if server['LDAP_START_TLS'] == 'true':
  33             _log.info('Initiating TLS')
  34             self.conn.start_tls_s()
  35
  36     def _get_email(self, server, username):
  37         try:
  38             results = self.conn.search_s(server['LDAP_SEARCH_BASE'],
  39                                         ldap.SCOPE_SUBTREE, 'uid={0}'
  40                                         .format(username),
  41                                         [server['EMAIL_SEARCH_FIELD']])
  42
  43             email = results[0][1][server['EMAIL_SEARCH_FIELD']][0]
  44         except KeyError:
  45             email = None
  46
  47         return email
  48
  49     def login(self, username, password):
  50         for k, v in self.ldap_settings.iteritems():
  51             try:
  52                 self._connect(v)
  53                 user_dn = v['LDAP_USER_DN_TEMPLATE'].format(username=username)
  54                 self.conn.simple_bind_s(user_dn, password.encode('utf8'))
  55                 email = self._get_email(v, username)
  56                 return username, email
  57
  58             except ldap.LDAPError, e:
  59                 _log.info(e)
  60
  61             finally:
  62                 _log.info('Unbinding {0}.'.format(v['LDAP_SERVER_URI']))
  63                 self.conn.unbind()
  64
  65         return False, None