Source

iredadmin-ose / libs / ldaplib / auth.py

#!/usr/bin/env python
# encoding: utf-8

# Author: Zhang Huangbin <michaelbibby (at) gmail.com>

#---------------------------------------------------------------------
# This file is part of iRedAdmin-OSE, which is official web-based admin
# panel (Open Source Edition) for iRedMail.
#
# iRedMail is an open source mail server solution for Red Hat(R)
# Enterprise Linux, CentOS, Debian and Ubuntu.
#
# iRedAdmin-OSE is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# iRedAdmin-OSE is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with iRedAdmin-OSE.  If not, see <http://www.gnu.org/licenses/>.
#---------------------------------------------------------------------

import web
import ldap, ldap.filter

cfg = web.iredconfig

# Used for user auth.
def Auth(dn, pw, session=web.config.get('_session')):
    try:
        conn = ldap.initialize(cfg.ldap.get('uri', 'ldap://127.0.0.1'))

        dn = ldap.filter.escape_filter_chars(web.safestr(dn.strip()))
        pw = pw.strip()

        try:
            res = conn.bind_s(dn, pw)

            if res:
                # Check whether this user is a site wide global admin.
                global_admin_result = conn.search_s(
                        dn,
                        ldap.SCOPE_BASE,
                        "(objectClass=*)",
                        ['domainGlobalAdmin']
                        )
                result = global_admin_result[0][1]
                if result.get('domainGlobalAdmin', 'no')[0].lower() == 'yes':
                    session['domainGlobalAdmin'] = 'yes'
                else:
                    pass

                return True
            else:
                return False
        except ldap.INVALID_CREDENTIALS:
            return 'INVALID_CREDENTIALS'
        except ldap.SERVER_DOWN:
            return 'SERVER_DOWN'
        except ldap.LDAPError, e:
            if type(e.args) == dict and e.args.has_key('desc'):
                return e.args['desc']
            else:
                return str(e)
    except Exception, e:
        return str(e)
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.