Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDAP Authentication and SSL #41

Open
joshua-d-miller opened this issue Mar 15, 2016 · 3 comments
Open

LDAP Authentication and SSL #41

joshua-d-miller opened this issue Mar 15, 2016 · 3 comments

Comments

@joshua-d-miller
Copy link

Hello,

I have been forking this repo for a year now and adding LDAP Authentication with SSL which you can see here - https://github.com/joshua-d-miller/margarita. I was wondering if there is interest in putting this code in with the main code and maybe making a settings.py file or something similar where users can enable Margarita's LDAP Authentication and SSL.

Thanks!
@mkuron
Copy link
Contributor

mkuron commented Mar 16, 2016

LDAP support would be great. Unfortunately, your current code only implements it for use with the standalone server. I guess many people are running Margarita via WSGI.
Below is the WSGI file we currently use to get LDAP logins:

import os, sys
import site

ENV_DIR = '/Volumes/deploy/reposado'

sys.path.append(ENV_DIR)
sys.path.append(os.path.join(ENV_DIR, 'margarita'))

from margarita import app as application
os.chdir(os.path.join(os.path.dirname(__file__), "../reposado/reposado/code"))
application.debug = True

### LDAP Login below ###

application.secret_key = 'xxx'

from flask_ldap_login import LDAPLoginForm, LDAPLoginManager
from flask import request, render_template_string, redirect, session

@application.before_request
def check_valid_login():
   if (request.endpoint and 'login' not in request.endpoint and not 'user' in session) :
       return redirect('login')

LDAP = {
   'URI': 'ldaps://ldap.example.com:636',
   'BIND_DN': '',
   'BIND_AUTH': '',
   'USER_SEARCH': {
       'base': 'cn=users,dc=ldap,dc=example,dc=com',
       'filter': 'uid=%(username)s',
   },
   'KEY_MAP': {
       'username': 'uid',
       'group': 'gidNumber',
   },
   'OPTIONS': {
       'OPT_PROTOCOL_VERSION': 3,
   },
}

application.config.update(LDAP=LDAP)
ldap_mgr = LDAPLoginManager(application)

@application.route('/logout', methods=['GET', 'POST'])
def ldap_logout():
   del session['user']
   return redirect('login')

@application.route('/login', methods=['GET', 'POST'])
def ldap_login():
   form = LDAPLoginForm(request.form)
   if form.validate_on_submit():
       print "Valid"
       return redirect('/margarita')
   print "Invalid"
   return render_template_string("""{% block body %}
 <h2>Login</h2>
 {% if error %}<p class=error><strong>Error:</strong> {{ error }}{% endif %}
 <form method=post>
 {{ form.csrf_token }}
   <dl>
     <dt>Username:
     <dd><input type=text name=username>
     <dt>Password:
     <dd><input type=password name=password>
     <dd><input type=submit value=Login>
   </dl>
 </form>
{% endblock %}""", form=form)

@ldap_mgr.save_user
def save_user(username, userdata):
   print username, "logged in", userdata
   if int(userdata['group']) == 1025:
       session['user'] = username

@gmarnin
Copy link

gmarnin commented Mar 16, 2016

I agree AD/LDAP support would be a great addition

@Tim81
Copy link

Tim81 commented Jul 28, 2017

Would be great to have AD/LDAP login support

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Tim81 @gmarnin @mkuron @joshua-d-miller