diff --git a/conf/requirements.txt b/conf/requirements.txt index d9dd802..8bcb55d 100644 --- a/conf/requirements.txt +++ b/conf/requirements.txt @@ -12,3 +12,4 @@ qrcode==6.1 rwlock==0.0.7 websockify==0.9.0 zipp==3.4.0 +ldap3==2.9.0 diff --git a/webvirtcloud/ldapbackend.py b/webvirtcloud/ldapbackend.py new file mode 100644 index 0000000..f9eae75 --- /dev/null +++ b/webvirtcloud/ldapbackend.py @@ -0,0 +1,76 @@ +from django.contrib.auth.backends import ModelBackend +from django.contrib.auth.models import User +from ldap3 import Server, Connection, ALL +from django.conf import settings +from accounts.models import UserAttributes, UserInstance, UserSSHKey +from django.contrib.auth.models import Permission +from logs.models import Logs +import uuid +import logging + +#/srv/webvirtcloud/ldap/ldapbackend.py +class LdapAuthenticationBackend(ModelBackend): + + def get_LDAP_user(self, username, password, filterString): + logger.error("get_LDAP_user") + try: + server = Server(settings.LDAP_URL, port=settings.LDAP_PORT, + use_ssl=settings.USE_SSL get_info=ALL) + connection = Connection(server, + settings.LDAP_MASTER_DN, + settings.LDAP_MASTER_PW, auto_bind=True) + + connection.search(settings.LDAP_ROOT_DN, + '(&({attr}={login})({filter}))'.format( + attr=settings.LDAP_USER_UID_PREFIX, + login=username, + filter=filterString), attributes=[settings.LDAP_USER_UID_PREFIX]) + + if len(connection.response) == 0: + return None + + return connection.response[0] + except: + return None + + def authenticate(self, request, username=None, password=None, **kwargs): + logger.error("authenticate") + # Get the user information from the LDAP if he can be authenticated + isAdmin = False + isStaff = False + if ldapAdmin + if get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_ADMINS) is None: + if get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_STAFF) is None: + if get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_USERS) is None: + return None + else + isStaff = True + else + isAdmin = True + isStaff = True + + try: + user = User.objects.get(username=username) + except User.DoesNotExist: + user = User(username=username) + user.is_staff = isStaff + user.is_superuser = isAdmin + user.password = uuid.uuid4().hex + UserAttributes.objects.create( + user=user, + max_instances=1, + max_cpus=1, + max_memory=2048, + max_disk_size=20, + ) + permission = Permission.objects.get(codename='clone_instances') + user.user_permissions.add(permission) + user.save() + return user + + def get_user(self, user_id): + logger.error("get_user") + try: + return User.objects.get(pk=user_id) + except User.DoesNotExist: + return None \ No newline at end of file diff --git a/webvirtcloud/settings.py.template b/webvirtcloud/settings.py.template index 37ca195..5c0463b 100644 --- a/webvirtcloud/settings.py.template +++ b/webvirtcloud/settings.py.template @@ -95,6 +95,7 @@ DATABASES = { AUTHENTICATION_BACKENDS = [ "django.contrib.auth.backends.ModelBackend", + "ldapbackend.LdapAuthenticationBackend" ] LOGIN_URL = "/accounts/login/" @@ -212,3 +213,16 @@ SHOW_PROFILE_EDIT_PASSWORD = True OTP_ENABLED = False LOGIN_REQUIRED_IGNORE_VIEW_NAMES = ["accounts:email_otp"] + +LDAP_URL = '192.168.1.67' +LDAP_PORT = 389 +USE_SSL = False +LDAP_MASTER_DN = 'cn=admin,dc=kendar,dc=org' +LDAP_MASTER_PW = 'secret' +LDAP_ROOT_DN = 'dc=kendar,dc=org' +LDAP_SEARCH_GROUP_FILTER_ADMINS = 'memberOf=dc=admins,dc=staff,dc=webvirtcloud,ou=groups,dc=kendar,dc=org' +LDAP_SEARCH_GROUP_FILTER_STAFF = 'memberOf=dc=staff,dc=webvirtcloud,ou=groups,dc=kendar,dc=org' +LDAP_SEARCH_GROUP_FILTER_USERS = 'memberOf=dc=webvirtcloud,ou=groups,dc=kendar,dc=org' +LDAP_USER_UID_PREFIX = 'cn' + +#sudo sed -r "s/SECRET_KEY = ''/SECRET_KEY = '"`python3 /srv/webvirtcloud/conf/runit/secret_generator.py`"'/" -i /srv/webvirtcloud/webvirtcloud/settings.py \ No newline at end of file