Update LDAP, fix Windows AD login (#1697)

This commit is contained in:
Ozzieisaacs 2020-11-22 08:17:00 +01:00
parent 2cd653c773
commit e2be655d74

View file

@ -38,6 +38,7 @@ def init_app(app, config):
app.config['LDAP_HOST'] = config.config_ldap_provider_url app.config['LDAP_HOST'] = config.config_ldap_provider_url
app.config['LDAP_PORT'] = config.config_ldap_port app.config['LDAP_PORT'] = config.config_ldap_port
app.config['LDAP_CUSTOM_OPTIONS'] = {pyLDAP.OPT_REFERRALS, 0}
if config.config_ldap_encryption == 2: if config.config_ldap_encryption == 2:
app.config['LDAP_SCHEMA'] = 'ldaps' app.config['LDAP_SCHEMA'] = 'ldaps'
else: else:
@ -54,15 +55,13 @@ def init_app(app, config):
app.config['LDAP_USERNAME'] = "" app.config['LDAP_USERNAME'] = ""
app.config['LDAP_PASSWORD'] = base64.b64decode("") app.config['LDAP_PASSWORD'] = base64.b64decode("")
if bool(config.config_ldap_cert_path): if bool(config.config_ldap_cert_path):
# app.config['LDAP_REQUIRE_CERT'] = True app.config['LDAP_CUSTOM_OPTIONS'].update({
# app.config['LDAP_CERT_PATH'] = config.config_ldap_cert_path
app.config['LDAP_CUSTOM_OPTIONS'] = {
pyLDAP.OPT_X_TLS_REQUIRE_CERT: pyLDAP.OPT_X_TLS_DEMAND, pyLDAP.OPT_X_TLS_REQUIRE_CERT: pyLDAP.OPT_X_TLS_DEMAND,
pyLDAP.OPT_X_TLS_CACERTFILE: config.config_ldap_cacert_path, pyLDAP.OPT_X_TLS_CACERTFILE: config.config_ldap_cacert_path,
pyLDAP.OPT_X_TLS_CERTFILE: config.config_ldap_cert_path, pyLDAP.OPT_X_TLS_CERTFILE: config.config_ldap_cert_path,
pyLDAP.OPT_X_TLS_KEYFILE: config.config_ldap_key_path, pyLDAP.OPT_X_TLS_KEYFILE: config.config_ldap_key_path,
pyLDAP.OPT_X_TLS_NEWCTX: 0 pyLDAP.OPT_X_TLS_NEWCTX: 0
} })
app.config['LDAP_BASE_DN'] = config.config_ldap_dn app.config['LDAP_BASE_DN'] = config.config_ldap_dn
app.config['LDAP_USER_OBJECT_FILTER'] = config.config_ldap_user_object app.config['LDAP_USER_OBJECT_FILTER'] = config.config_ldap_user_object
@ -73,17 +72,11 @@ def init_app(app, config):
app.config['LDAP_GROUP_OBJECT_FILTER'] = config.config_ldap_group_object_filter app.config['LDAP_GROUP_OBJECT_FILTER'] = config.config_ldap_group_object_filter
app.config['LDAP_GROUP_MEMBERS_FIELD'] = config.config_ldap_group_members_field app.config['LDAP_GROUP_MEMBERS_FIELD'] = config.config_ldap_group_members_field
try: try:
_ldap.init_app(app) _ldap.init_app(app)
except ValueError: except ValueError:
if bool(config.config_ldap_cert_path): if bool(config.config_ldap_cert_path):
app.config['LDAP_CUSTOM_OPTIONS'] = { app.config['LDAP_CUSTOM_OPTIONS'].pop(pyLDAP.OPT_X_TLS_NEWCTX)
pyLDAP.OPT_X_TLS_REQUIRE_CERT: pyLDAP.OPT_X_TLS_DEMAND,
pyLDAP.OPT_X_TLS_CACERTFILE: config.config_ldap_cacert_path,
pyLDAP.OPT_X_TLS_CERTFILE: config.config_ldap_cert_path,
pyLDAP.OPT_X_TLS_KEYFILE: config.config_ldap_key_path,
}
try: try:
_ldap.init_app(app) _ldap.init_app(app)
except RuntimeError as e: except RuntimeError as e: