Review Board

beta

TLS support for LDAP authentication

Updated 6 months ago

Dan Sheridan Reviewers
reviewboard
None Review Board SVN 
Add TLS support to the LDAP authentication backend. Enable by adding LDAP_TLS=True to settings_local.py. Assumes appropriate settings (certificate, etc.) in /etc/ldap/ldap.conf.
Authentication continues to work here.

Diff revision 2 (Latest)

1 2
1 2

  1. /trunk/reviewboard/accounts/backends.py: 2 changes [ 1 2 ]
/trunk/reviewboard/accounts/backends.py
Revision 1390 New Change
62 
    def authenticate(self, username, password):
 62 
    def authenticate(self, username, password):
63 
        try:
 63 
        try:
64 
            import ldap
 64 
            import ldap
65 
            ldapo = ldap.initialize(settings.LDAP_URI)
 65 
            ldapo = ldap.initialize(settings.LDAP_URI)
66 
            ldapo.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
 66 
            ldapo.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
 

   67
   
            if settings.LDAP_TLS:


  


  


   


   

   68
   
                ldapo.start_tls_s()


  


 



 

  


   67


   
            ldapo.simple_bind_s(settings.LDAP_UID_MASK % username, password)

   69
   
            ldapo.simple_bind_s(settings.LDAP_UID_MASK % username, password)


  


  


   68


   

   70
   


  


  


   69


   
            return self.get_or_create_user(username)

   71
   
            return self.get_or_create_user(username)


  


  


   70


   

   72
   


  


  


   71


   
        except ImportError:

   73
   
        except ImportError:


  


 



 



 

  


   79


   
        except User.DoesNotExist:

   81
   
        except User.DoesNotExist:


  


  


   80


   
            try:

   82
   
            try:


  


  


   81


   
                import ldap

   83
   
                import ldap


  


  


   82


   
                ldapo = ldap.initialize(settings.LDAP_URI)

   84
   
                ldapo = ldap.initialize(settings.LDAP_URI)


  


  


   83


   
                ldapo.set_option(ldap.OPT_PROTOCOL_VERSION, 3)

   85
   
                ldapo.set_option(ldap.OPT_PROTOCOL_VERSION, 3)


  


 



 

  


   


   

   86
   
                if settings.LDAP_TLS:


  


  


   


   

   87
   
                    ldapo.start_tls_s()


  


 



 

  


   84


   
                ldapo.simple_bind_s(settings.LDAP_ANON_BIND_UID, settings.LDAP_ANON_BIND_PASSWD)

   88
   
                ldapo.simple_bind_s(settings.LDAP_ANON_BIND_UID, settings.LDAP_ANON_BIND_PASSWD)


  


  


   85


   

   89
   


  


  


   86


   
                passwd = ldapo.search_s(settings.LDAP_UID_MASK % username,

   90
   
                passwd = ldapo.search_s(settings.LDAP_UID_MASK % username,


  


  


   87


   
                                        ldap.SCOPE_SUBTREE, "objectclass=*")

   91
   
                                        ldap.SCOPE_SUBTREE, "objectclass=*")


  


  


   88


   

   92
   


  


 



 













    

 
  1. /trunk/reviewboard/accounts/backends.py:
 
  
  2 changes
   [
   
    
     1
    
     2
    
   
]
    2.