Improve LDAP authentication

* Adds an LDAP filter for locating the LDAP object * Adds a search scope policy when using the Base DN * Adds option required certificate policy when using LDAPS * Adds attribute mapping for username, firstname, lastname, email * Initializes rhodecode user using LDAP info (no longer uses "@ldap") * Remembers the user object (DN) in the user table * Updates admin interfaces * Authenticates against actual user objects in LDAP * Possibly other things. Really, this should be extended to a list of LDAP configurations, but this is a good start. --HG-- branch : issue-108
author: Thayne Harbaugh <thayne@fusionio.com> 2011-02-03 16:34:40 -0700
committer: Thayne Harbaugh <thayne@fusionio.com> 2011-02-03 16:34:40 -0700
commit: e7ea719107c8e484818069c30cca99b0967c5d7e (patch)
tree: c250003db891d4a760936a8cd1c0c7cb0879deb6 /rhodecode/model/user.py
parent: 4e9b420cd634949c01746644f1e70694a8eac3ca (diff)
1 files changed, 8 insertions, 6 deletions
diff --git a/rhodecode/model/user.py b/rhodecode/model/user.py
index 5409b80b..4f297626 100644
--- a/rhodecode/model/user.py
+++ b/rhodecode/model/user.py
@@ -75,25 +75,27 @@ class UserModel(BaseModel):
             self.sa.rollback()
             raise
 
-    def create_ldap(self, username, password):
+    def create_ldap(self, username, password, user_dn, attrs):
         """
         Checks if user is in database, if not creates this user marked
         as ldap user
         :param username:
         :param password:
+        :param user_dn:
+        :param attrs:
         """
         from rhodecode.lib.auth import get_crypt_password
         log.debug('Checking for such ldap account in RhodeCode database')
         if self.get_by_username(username, case_insensitive=True) is None:
             try:
                 new_user = User()
-                new_user.username = username.lower()#add ldap account always lowercase
+                new_user.username = username.lower() # add ldap account always lowercase
                 new_user.password = get_crypt_password(password)
-                new_user.email = '%s@ldap.server' % username
+                new_user.email = attrs['email']
                 new_user.active = True
-                new_user.is_ldap = True
-                new_user.name = '%s@ldap' % username
-                new_user.lastname = ''
+                new_user.ldap_dn = user_dn
+                new_user.name = attrs['name']
+                new_user.lastname = attrs['lastname']
 
 
                 self.sa.add(new_user)
author	Thayne Harbaugh <thayne@fusionio.com>	2011-02-03 16:34:40 -0700
committer	Thayne Harbaugh <thayne@fusionio.com>	2011-02-03 16:34:40 -0700
commit	e7ea719107c8e484818069c30cca99b0967c5d7e (patch)
tree	c250003db891d4a760936a8cd1c0c7cb0879deb6 /rhodecode/model/user.py
parent	4e9b420cd634949c01746644f1e70694a8eac3ca (diff)