mirror of
https://github.com/retspen/webvirtcloud
synced 2025-07-31 12:41:08 +00:00
LDAP Integration ( https://github.com/retspen/webvirtcloud/issues/243 ) (#443)
* Added ldap support * Update * Added logging * Update * Working * Working * Working * Working * Check for ldap3 existence * Check for ldap3 existence * Check for ldap3 existence * Check for ldap3 existence * Check for ldap3 existence * Check for ldap3 existence * Check for ldap3 existence * Check for ldap3 existence * Check for ldap3 existence * Check for ldap3 existence * Add eol Co-authored-by: Kendar <unknown@kendar.org>
This commit is contained in:
kendarorg
GitHub
parent
a20fa8e8d7
commit
e9b57bfcf7
5 changed files with 183 additions and 2 deletions
113
webvirtcloud/ldapbackend.py
Normal file
113
webvirtcloud/ldapbackend.py
Normal file
|
|
@ -0,0 +1,113 @@
|
|||
from django.contrib.auth.backends import ModelBackend
|
||||
from django.contrib.auth.models import User
|
||||
from django.conf import settings
|
||||
from accounts.models import UserAttributes, UserInstance, UserSSHKey
|
||||
from django.contrib.auth.models import Permission
|
||||
from logs.models import Logs
|
||||
import uuid
|
||||
|
||||
try:
|
||||
from ldap3 import Server, Connection, ALL
|
||||
#/srv/webvirtcloud/ldap/ldapbackend.py
|
||||
class LdapAuthenticationBackend(ModelBackend):
|
||||
|
||||
def get_LDAP_user(self, username, password, filterString):
|
||||
print('get_LDAP_user')
|
||||
try:
|
||||
server = Server(settings.LDAP_URL, port=settings.LDAP_PORT,
|
||||
use_ssl=settings.USE_SSL,get_info=ALL)
|
||||
connection = Connection(server,
|
||||
settings.LDAP_MASTER_DN,
|
||||
settings.LDAP_MASTER_PW, auto_bind=True)
|
||||
|
||||
connection.search(settings.LDAP_ROOT_DN,
|
||||
'(&({attr}={login})({filter}))'.format(
|
||||
attr=settings.LDAP_USER_UID_PREFIX,
|
||||
login=username,
|
||||
filter=filterString), attributes=['*'])
|
||||
|
||||
if len(connection.response) == 0:
|
||||
print('get_LDAP_user-no response')
|
||||
return None
|
||||
specificUser = connection.response[0]
|
||||
userDn = str(specificUser.get('raw_dn'),'utf-8')
|
||||
with Connection(server,
|
||||
userDn,
|
||||
password) as con:
|
||||
return username
|
||||
return None
|
||||
|
||||
def authenticate(self, request, username=None, password=None, **kwargs):
|
||||
if not settings.LDAP_ENABLED:
|
||||
return None
|
||||
print("authenticate_ldap")
|
||||
# Get the user information from the LDAP if he can be authenticated
|
||||
isAdmin = False
|
||||
isStaff = False
|
||||
|
||||
if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_ADMINS) is None:
|
||||
if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_STAFF) is None:
|
||||
if self.get_LDAP_user(username, password, settings.LDAP_SEARCH_GROUP_FILTER_USERS) is None:
|
||||
return None
|
||||
else:
|
||||
isStaff = True
|
||||
else:
|
||||
isAdmin = True
|
||||
isStaff = True
|
||||
|
||||
try:
|
||||
user = User.objects.get(username=username)
|
||||
attributes = UserAttributes.objects.get(user=user)
|
||||
# TODO VERIFY
|
||||
except User.DoesNotExist:
|
||||
print("authenticate-create new user")
|
||||
user = User(username=username)
|
||||
user.is_active = True
|
||||
user.is_staff = isStaff
|
||||
user.is_superuser = isAdmin
|
||||
user.set_password(uuid.uuid4().hex)
|
||||
user.save()
|
||||
maxInstances = 1
|
||||
maxCpus = 1
|
||||
maxMemory = 128
|
||||
maxDiskSize = 1
|
||||
if isStaff:
|
||||
maxMemory = 2048
|
||||
maxDiskSize = 20
|
||||
permission = Permission.objects.get(codename='clone_instances')
|
||||
user.user_permissions.add(permission)
|
||||
if isAdmin:
|
||||
maxInstances = -1
|
||||
maxCpus = -1
|
||||
maxMemory = -1
|
||||
maxDiskSize = -1
|
||||
permission = Permission.objects.get(codename='clone_instances')
|
||||
user.user_permissions.add(permission)
|
||||
user.save()
|
||||
UserAttributes.objects.create(
|
||||
user=user,
|
||||
max_instances=maxInstances,
|
||||
max_cpus=maxCpus,
|
||||
max_memory=maxMemory,
|
||||
max_disk_size=maxDiskSize,
|
||||
)
|
||||
user.save()
|
||||
|
||||
print("authenticate-user created")
|
||||
return user
|
||||
|
||||
def get_user(self, user_id):
|
||||
if not settings.LDAP_ENABLED:
|
||||
return None
|
||||
print("get_user_ldap")
|
||||
try:
|
||||
return User.objects.get(pk=user_id)
|
||||
except User.DoesNotExist:
|
||||
print("get_user-user not found")
|
||||
return None
|
||||
except:
|
||||
class LdapAuthenticationBackend(ModelBackend):
|
||||
def authenticate(self, request, username=None, password=None, **kwargs):
|
||||
return None
|
||||
def get_user(self, user_id):
|
||||
return None
|
||||
|
|
@ -95,6 +95,7 @@ DATABASES = {
|
|||
|
||||
AUTHENTICATION_BACKENDS = [
|
||||
"django.contrib.auth.backends.ModelBackend",
|
||||
"webvirtcloud.ldapbackend.LdapAuthenticationBackend",
|
||||
]
|
||||
|
||||
LOGIN_URL = "/accounts/login/"
|
||||
|
|
@ -212,3 +213,24 @@ SHOW_PROFILE_EDIT_PASSWORD = True
|
|||
OTP_ENABLED = False
|
||||
|
||||
LOGIN_REQUIRED_IGNORE_VIEW_NAMES = ["accounts:email_otp"]
|
||||
|
||||
LDAP_ENABLED = False
|
||||
LDAP_URL = ''
|
||||
LDAP_PORT = 389
|
||||
USE_SSL = False
|
||||
## The user with search rights on ldap. (e.g cn=admin,dc=kendar,dc=org)
|
||||
LDAP_MASTER_DN = ''
|
||||
LDAP_MASTER_PW = ''
|
||||
## The root dn (e.g. dc=kendar,dc=org)
|
||||
LDAP_ROOT_DN = ''
|
||||
## Queries to identify the users, i use groupOfUniqueNames on openldap
|
||||
|
||||
## e.g. memberOf=cn=admins,cn=staff,cn=webvirtcloud,ou=groups,dc=kendar,dc=org
|
||||
LDAP_SEARCH_GROUP_FILTER_ADMINS = ''
|
||||
## e.g. memberOf=cn=staff,cn=webvirtcloud,ou=groups,dc=kendar,dc=org
|
||||
LDAP_SEARCH_GROUP_FILTER_STAFF = ''
|
||||
## e.g. memberOf=cn=webvirtcloud,ou=groups,dc=kendar,dc=org
|
||||
LDAP_SEARCH_GROUP_FILTER_USERS = ''
|
||||
|
||||
## The user name prefix to identify the user name (e.g. cn)
|
||||
LDAP_USER_UID_PREFIX = ''
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue