Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vwvol patch 1 #10

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Vwvol patch 1 #10

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
22e5a1e
Update app.py
vwvol Aug 9, 2017
618b22c
Update app.py
vwvol Aug 9, 2017
bb66dbb
Update settings.ini.example
vwvol Aug 9, 2017
3453808
Update app.py
vwvol Aug 9, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 34 additions & 3 deletions app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,14 @@
from bottle import get, post, static_file, request, route, template
from bottle import SimpleTemplate
from configparser import ConfigParser
from ldap3 import Connection, Server
from ldap3 import Connection, Server, Tls
from ldap3 import SIMPLE, SUBTREE
from ldap3.core.exceptions import LDAPBindError, LDAPConstraintViolationResult, \
LDAPInvalidCredentialsResult, LDAPUserNameIsMandatoryError
import logging
import os
from os import environ, path
from ssl import CERT_REQUIRED, PROTOCOL_TLSv1


BASE_DIR = path.dirname(__file__)
Expand Down Expand Up @@ -66,6 +67,29 @@ def connect_ldap(**kwargs):
return Connection(server, raise_exceptions=True, **kwargs)


def connect_ldaps(**kwargs):
t = Tls(validate=CERT_REQUIRED, \
version=PROTOCOL_TLSv1, \
ca_certs_file=CONF['ldap'].get('ca_cert'))
server = Server(host=CONF['ldap']['host'],
port=CONF['ldap'].getint('port', None),
use_ssl=CONF['ldap'].getboolean('use_ssl', False),
tls=t,
connect_timeout=5)

return Connection(server, raise_exceptions=True, **kwargs)


def check_ca():
if CONF['ldap'].getboolean('use_ssl', False) and \
type(CONF['ldap'].get('ca_cert')) is unicode:
if os.access(CONF['ldap'].get('ca_cert'), os.R_OK):
return True
else:
LOG.warning('CA verification configured, but failed to open file')
return False


def change_password(*args):
try:
if CONF['ldap'].get('type') == 'ad':
Expand All @@ -83,8 +107,15 @@ def change_password(*args):


def change_password_ldap(username, old_pass, new_pass):
with connect_ldap() as c:
user_dn = find_user_dn(c, username)
if check_ca():
connect_ldap = connect_ldaps

if CONF['ldap'].getboolean('anon_bind', True):
with connect_ldap() as c:
user_dn = find_user_dn(c, username)
else:
user_dn = CONF['ldap']['search_filter'].replace('{uid}', username) + \
',' + CONF['ldap']['base']

# Note: raises LDAPUserNameIsMandatoryError when user_dn is None.
with connect_ldap(authentication=SIMPLE, user=user_dn, password=old_pass) as c:
Expand Down
2 changes: 2 additions & 0 deletions settings.ini.example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,10 @@ page_title = Change your password on example.org
host = localhost
port = 636
use_ssl = true
ca_cert = ca.cert
base = ou=People,dc=example,dc=org
search_filter = uid={uid}
anon_bind = false

# Uncomment for AD / Samba 4
#type = ad
Expand Down