diff options
author | Thayne Harbaugh <thayne@fusionio.com> | 2011-02-03 16:34:40 -0700 |
---|---|---|
committer | Thayne Harbaugh <thayne@fusionio.com> | 2011-02-03 16:34:40 -0700 |
commit | e7ea719107c8e484818069c30cca99b0967c5d7e (patch) | |
tree | c250003db891d4a760936a8cd1c0c7cb0879deb6 /rhodecode/model/user.py | |
parent | 4e9b420cd634949c01746644f1e70694a8eac3ca (diff) |
Improve LDAP authentication
* Adds an LDAP filter for locating the LDAP object
* Adds a search scope policy when using the Base DN
* Adds option required certificate policy when using LDAPS
* Adds attribute mapping for username, firstname, lastname, email
* Initializes rhodecode user using LDAP info (no longer uses "@ldap")
* Remembers the user object (DN) in the user table
* Updates admin interfaces
* Authenticates against actual user objects in LDAP
* Possibly other things.
Really, this should be extended to a list of LDAP configurations, but this is a good start.
--HG--
branch : issue-108
Diffstat (limited to 'rhodecode/model/user.py')
-rw-r--r-- | rhodecode/model/user.py | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/rhodecode/model/user.py b/rhodecode/model/user.py index 5409b80b..4f297626 100644 --- a/rhodecode/model/user.py +++ b/rhodecode/model/user.py @@ -75,25 +75,27 @@ class UserModel(BaseModel): self.sa.rollback() raise - def create_ldap(self, username, password): + def create_ldap(self, username, password, user_dn, attrs): """ Checks if user is in database, if not creates this user marked as ldap user :param username: :param password: + :param user_dn: + :param attrs: """ from rhodecode.lib.auth import get_crypt_password log.debug('Checking for such ldap account in RhodeCode database') if self.get_by_username(username, case_insensitive=True) is None: try: new_user = User() - new_user.username = username.lower()#add ldap account always lowercase + new_user.username = username.lower() # add ldap account always lowercase new_user.password = get_crypt_password(password) - new_user.email = '%s@ldap.server' % username + new_user.email = attrs['email'] new_user.active = True - new_user.is_ldap = True - new_user.name = '%s@ldap' % username - new_user.lastname = '' + new_user.ldap_dn = user_dn + new_user.name = attrs['name'] + new_user.lastname = attrs['lastname'] self.sa.add(new_user) |