Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Added an LDAP authentication module that can be used independently or…

… with the basic auth module, etc. Also added an examples/helloworld_basic_ldap.py demo
  • Loading branch information...
commit 4240d06b565ae0b0a64125cd314f17a41654990a 1 parent bec1872
@bkjones bkjones authored
View
30 examples/helloworld_basic_ldap.py
@@ -0,0 +1,30 @@
+#!/usr/bin/env python
+import tornado.httpserver
+import tornado.ioloop
+import tornado.options
+import tornado.web
+import tornado
+from basic import require_basic_auth
+import ldapauth
+from tornado.options import define, options
+
+define("port", default=8888, help="run on the given port", type=int)
+
+@require_basic_auth('Authrealm', ldapauth.auth_user_ldap)
+class MainHandler(tornado.web.RequestHandler):
+ def get(self):
+ self.write("Hello, world - Tornado %s" % tornado.version)
+
+
+def main():
+ tornado.options.parse_command_line()
+ application = tornado.web.Application([
+ (r"/", MainHandler),
+ ])
+ http_server = tornado.httpserver.HTTPServer(application)
+ http_server.listen(options.port)
+ tornado.ioloop.IOLoop.instance().start()
+
+
+if __name__ == "__main__":
+ main()
View
1  tinman/auth/__init__.py
@@ -1,2 +1,3 @@
from basic import require_basic_auth
from digest import digest_auth
+from ldapauth import auth_user_ldap
View
56 tinman/auth/ldapauth.py
@@ -0,0 +1,56 @@
+"""
+See an example that uses basic auth with an LDAP
+backend in examples/helloworld_basic_ldap.py
+
+"""
+import ldap
+import logging
+
+# where to start the search for users
+LDAP_SEARCH_BASE = 'ou=People,dc=yourdomain,dc=com'
+
+# the server to auth against
+LDAP_URL = 'ldap://ldap.yourdomain.com'
+
+# The attribute we try to match the username against.
+LDAP_UNAME_ATTR = 'uid'
+
+# The attribute we need to retrieve in order to perform a bind.
+LDAP_BIND_ATTR = 'dn'
+
+# Whether to use LDAPv3. Highly recommended.
+LDAP_VERSION_3 = True
+
+def auth_user_ldap(uname, pwd):
+ """
+ Attempts to bind using the uname/pwd combo passed in.
+ If that works, returns true. Otherwise returns false.
+
+ """
+ if not uname or not pwd:
+ logging.error("Username or password not supplied")
+ return False
+
+ ld = ldap.initialize(LDAP_URL)
+ if LDAP_VERSION_3:
+ ld.set_option(ldap.VERSION3, 1)
+ ld.start_tls_s()
+ udn = ld.search_s(LDAP_SEARCH_BASE, ldap.SCOPE_ONELEVEL,
+ '(%s=%s)' % (LDAP_UNAME_ATTR,uname), [LDAP_BIND_ATTR])
+ if udn:
+ try:
+ bindres = ld.simple_bind_s(udn[0][0], pwd)
+ except ldap.INVALID_CREDENTIALS, ldap.UNWILLING_TO_PERFORM:
+ logging.error("Invalid or incomplete credentials for %s", uname)
+ return False
+ except Exception as out:
+ logging.error("Auth attempt for %s had an unexpected error: %s",
+ uname, out)
+ return False
+ else:
+ return True
+ else:
+ logging.error("No user by that name")
+ return False
+
+

0 comments on commit 4240d06

Please sign in to comment.
Something went wrong with that request. Please try again.