j3d1/webvirtcloud
1
0
Fork 0
mirror of https://github.com/retspen/webvirtcloud synced 2026-03-22 10:34:49 +00:00
Code Issues Projects Releases Wiki Activity

Added ldap support

Browse source
This commit is contained in:
Kendar 2021-05-28 09:11:11 +02:00
parent a20fa8e8d7
commit 0b7e334dad
3 changed files with 91 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
conf/requirements.txt
View file

@ -12,3 +12,4 @@ qrcode==6.1
rwlock==0.0.7 rwlock==0.0.7
websockify==0.9.0 websockify==0.9.0
zipp==3.4.0 zipp==3.4.0
ldap3==2.9.0

76
webvirtcloud/ldapbackend.py Normal file
View file

@ -0,0 +1,76 @@
from django.contrib.auth.backends import ModelBackend
from django.contrib.auth.models import User
from ldap3 import Server, Connection, ALL
from django.conf import settings
from accounts.models import UserAttributes, UserInstance, UserSSHKey
from django.contrib.auth.models import Permission
from logs.models import Logs
import uuid
import logging
#/srv/webvirtcloud/ldap/ldapbackend.py
class LdapAuthenticationBackend(ModelBackend):
def get_LDAP_user(self, username, password, filterString):
logger.error("get_LDAP_user")
try:
server = Server(settings.LDAP_URL, port=settings.LDAP_PORT,
use_ssl=settings.USE_SSL get_info=ALL)
connection = Connection(server,
settings.LDAP_MASTER_DN,
settings.LDAP_MASTER_PW, auto_bind=True)
connection.search(settings.LDAP_ROOT_DN,
'(&({attr}={login})({filter}))'.format(
attr=settings.LDAP_USER_UID_PREFIX,
login=username,
filter=filterString), attributes=[settings.LDAP_USER_UID_PREFIX])
if len(connection.response) == 0:
return None
return connection.response[0]
except:
return None
def authenticate(self, request, username=None, password=None, **kwargs):
logger.error("authenticate")
# Get the user information from the LDAP if he can be authenticated
isAdmin = False
isStaff = False
if ldapAdmin
if get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_ADMINS) is None:
if get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_STAFF) is None:
if get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_USERS) is None:
return None
else
isStaff = True
else
isAdmin = True
isStaff = True
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
user = User(username=username)
user.is_staff = isStaff
user.is_superuser = isAdmin
user.password = uuid.uuid4().hex
UserAttributes.objects.create(
user=user,
max_instances=1,
max_cpus=1,
max_memory=2048,
max_disk_size=20,
)
permission = Permission.objects.get(codename='clone_instances')
user.user_permissions.add(permission)
user.save()
return user
def get_user(self, user_id):
logger.error("get_user")
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None

14
webvirtcloud/settings.py.template
View file

@ -95,6 +95,7 @@ DATABASES = {
AUTHENTICATION_BACKENDS = [ AUTHENTICATION_BACKENDS = [
"django.contrib.auth.backends.ModelBackend", "django.contrib.auth.backends.ModelBackend",
"ldapbackend.LdapAuthenticationBackend"
] ]
LOGIN_URL = "/accounts/login/" LOGIN_URL = "/accounts/login/"
@ -212,3 +213,16 @@ SHOW_PROFILE_EDIT_PASSWORD = True
OTP_ENABLED = False OTP_ENABLED = False
LOGIN_REQUIRED_IGNORE_VIEW_NAMES = ["accounts:email_otp"] LOGIN_REQUIRED_IGNORE_VIEW_NAMES = ["accounts:email_otp"]
LDAP_URL = '192.168.1.67'
LDAP_PORT = 389
USE_SSL = False
LDAP_MASTER_DN = 'cn=admin,dc=kendar,dc=org'
LDAP_MASTER_PW = 'secret'
LDAP_ROOT_DN = 'dc=kendar,dc=org'
LDAP_SEARCH_GROUP_FILTER_ADMINS = 'memberOf=dc=admins,dc=staff,dc=webvirtcloud,ou=groups,dc=kendar,dc=org'
LDAP_SEARCH_GROUP_FILTER_STAFF = 'memberOf=dc=staff,dc=webvirtcloud,ou=groups,dc=kendar,dc=org'
LDAP_SEARCH_GROUP_FILTER_USERS = 'memberOf=dc=webvirtcloud,ou=groups,dc=kendar,dc=org'
LDAP_USER_UID_PREFIX = 'cn'
#sudo sed -r "s/SECRET_KEY = ''/SECRET_KEY = '"`python3 /srv/webvirtcloud/conf/runit/secret_generator.py`"'/" -i /srv/webvirtcloud/webvirtcloud/settings.py