From e08e165be9587c863a54f96bd3cd2a9e1a4e0d01 Mon Sep 17 00:00:00 2001 From: jgr68 Date: Mon, 27 Oct 2014 15:22:19 -0400 Subject: [PATCH] Added dn as keyword argument to authenticate(), search_params as keyword argument to __init__. netid is now a keyword argument in authenticate(). Addresses #2, #3 --- ScarletLDAP3/__init__.py | 72 +++++++++++++++++++++++++--------------- test | 1 + 2 files changed, 47 insertions(+), 26 deletions(-) diff --git a/ScarletLDAP3/__init__.py b/ScarletLDAP3/__init__.py index f77c630..966c2ad 100644 --- a/ScarletLDAP3/__init__.py +++ b/ScarletLDAP3/__init__.py @@ -4,41 +4,61 @@ class ScarletLDAP: def __init__(self, server, search_base, port, - user_srv = ['eden', 'pegasus', 'clam'], admin_srv = ['rci']): + user_srv = ['eden', 'pegasus', 'clam'], + admin_srv = ['rci'], search_params=None): self.server = Server(host=server, port=port, use_ssl=True) self.base = search_base self.user_srv = user_srv self.admin_srv = admin_srv - def authenticate(self, netid, passwd, use_enigma=False): + # set default search parameters + self.search_params = { + 'filter' : '(uid=%s)', + 'scope' : SEARCH_SCOPE_WHOLE_SUBTREE, + 'base' : search_base + } + + if search_params is not None: + + # update self.search_params from valid keys search_params.keys() + self.search_params.update( + { key:val for key,val in search_params.items() + if key in self.search_params.keys() } + ) - # establish initial connection to ldap server and bind anonymously - conn = Connection(self.server, user=netid, auto_bind=True) + def authenticate(self, passwd, netid=None, use_enigma=False, dn=None): + + if dn is None: + + if netid is None: + raise Exception("Must specify either netid or dn as keyword arg") + + # establish initial connection to ldap server and bind anonymously + conn = Connection(self.server, user=netid, auto_bind=True) - # search for dn to authenticate against - conn.search( - search_base = self.base, - search_scope = SEARCH_SCOPE_WHOLE_SUBTREE, - search_filter = '(uid='+netid+')', - attributes = ['dn'] - ) - - # the user may have an account in any of the servers in server_names - server_names = self.admin_srv if use_enigma else self.user_srv - - dn = None - for resp in conn.response: - - # check if dn is associated with a valid account in server_names - if len( [ s for s in server_names if s in resp['dn'] ] ): - dn = resp['dn'] - break - - if dn == None: - return False + # search for dn to authenticate against + conn.search( + search_base = self.search_params['base'], + search_scope = self.search_params['scope'], + search_filter = self.search_params['filter'] % ( netid ), + attributes = ['dn'] + ) - conn.unbind() + # the user may have an account in any of the servers in server_names + server_names = self.admin_srv if use_enigma else self.user_srv + + for resp in conn.response: + + # check if dn is associated with a valid account in server_names + if len( [ s for s in server_names if s in resp['dn'] ] ): + dn = resp['dn'] + break + + if dn is None: + return False + + conn.unbind() # attempt to authenticate against dn using passwd try: diff --git a/test b/test index 2f80bb5..9e84a0f 100755 --- a/test +++ b/test @@ -1,4 +1,5 @@ #!env/bin/python3.3 + from ScarletLDAP3 import ScarletLDAP from getpass import getpass