From b71adb30ec16127a90c17ec9c397c74c95317f8f Mon Sep 17 00:00:00 2001 From: holczer Date: Mon, 15 Jun 2020 16:13:37 +0200 Subject: [PATCH 1/5] multiple ldap servers can be defined in ldap_url --- README.md | 2 +- radicale_auth_ldap/__init__.py | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 7d4a4be..2ede9a9 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ You will need to set a few options inside your radicale config file. Example: [auth] type = radicale_auth_ldap -# LDAP server URL, with protocol and port +# LDAP server URL, with protocol and port (multiple servers can be separated by spaces) ldap_url = ldap://ldap:389 # LDAP base path diff --git a/radicale_auth_ldap/__init__.py b/radicale_auth_ldap/__init__.py index 55ed3d5..f940e4c 100644 --- a/radicale_auth_ldap/__init__.py +++ b/radicale_auth_ldap/__init__.py @@ -45,6 +45,9 @@ def is_authenticated(self, user, password): PASSWORD = self.configuration.get("auth", "ldap_password") SCOPE = self.configuration.get("auth", "ldap_scope") SUPPORT_EXTENDED = self.configuration.getboolean("auth", "ldap_support_extended", fallback=True) + + if ' ' in SERVER: # Handle if multiple LDAP server is defined in ldap_url with space separation + SERVER = SERVER.split(' ') # ldap3.connection can handle multiple servers in a list as an implicit server pool if BINDDN and PASSWORD: conn = ldap3.Connection(SERVER, BINDDN, PASSWORD) From a3b2e41864631eab926de8a379edff97ad1e1936 Mon Sep 17 00:00:00 2001 From: holczer Date: Tue, 16 Jun 2020 16:53:20 +0200 Subject: [PATCH 2/5] corrected multi ldap server handling --- radicale_auth_ldap/__init__.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/radicale_auth_ldap/__init__.py b/radicale_auth_ldap/__init__.py index f940e4c..5741f5e 100644 --- a/radicale_auth_ldap/__init__.py +++ b/radicale_auth_ldap/__init__.py @@ -37,7 +37,14 @@ class Auth(BaseAuth): def is_authenticated(self, user, password): """Check if ``user``/``password`` couple is valid.""" - SERVER = ldap3.Server(self.configuration.get("auth", "ldap_url")) + server_list = self.configuration.get("auth", "ldap_url") + if ' ' in server_list: # Handle for multiple LDAP server defined in ldap_url with space separation + servers = server_list.split(' ') + SERVER = ldap3.ServerPool(None) + for s in servers: + SERVER.add(ldap3.Server(s)) + else: # only one server is defined + SERVER = ldap3.Server(server_list) BASE = self.configuration.get("auth", "ldap_base") ATTRIBUTE = self.configuration.get("auth", "ldap_attribute") FILTER = self.configuration.get("auth", "ldap_filter") @@ -46,9 +53,6 @@ def is_authenticated(self, user, password): SCOPE = self.configuration.get("auth", "ldap_scope") SUPPORT_EXTENDED = self.configuration.getboolean("auth", "ldap_support_extended", fallback=True) - if ' ' in SERVER: # Handle if multiple LDAP server is defined in ldap_url with space separation - SERVER = SERVER.split(' ') # ldap3.connection can handle multiple servers in a list as an implicit server pool - if BINDDN and PASSWORD: conn = ldap3.Connection(SERVER, BINDDN, PASSWORD) else: From 1b0a41e402d5a89fbfafc3f02efd7e60b3eed26c Mon Sep 17 00:00:00 2001 From: holczer Date: Wed, 17 Jun 2020 13:27:13 +0200 Subject: [PATCH 3/5] server list logging added --- radicale_auth_ldap/__init__.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/radicale_auth_ldap/__init__.py b/radicale_auth_ldap/__init__.py index 5741f5e..76887e1 100644 --- a/radicale_auth_ldap/__init__.py +++ b/radicale_auth_ldap/__init__.py @@ -38,9 +38,14 @@ class Auth(BaseAuth): def is_authenticated(self, user, password): """Check if ``user``/``password`` couple is valid.""" server_list = self.configuration.get("auth", "ldap_url") + self.logger.info("Server list type: %s" % type(server_list)) + self.logger.info("Server list: %s" % server_list) if ' ' in server_list: # Handle for multiple LDAP server defined in ldap_url with space separation + self.logger.info("Server list contains multiple servers") servers = server_list.split(' ') SERVER = ldap3.ServerPool(None) + self.logger.info("Servers type: %s" % type(serverst)) + self.logger.info("Servers: %s" % servers) for s in servers: SERVER.add(ldap3.Server(s)) else: # only one server is defined From 844817a72b178c92c357fcd5d4f4e566debd2e69 Mon Sep 17 00:00:00 2001 From: holczer Date: Wed, 17 Jun 2020 13:36:54 +0200 Subject: [PATCH 4/5] more severe logging --- radicale_auth_ldap/__init__.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/radicale_auth_ldap/__init__.py b/radicale_auth_ldap/__init__.py index 76887e1..2f6fb16 100644 --- a/radicale_auth_ldap/__init__.py +++ b/radicale_auth_ldap/__init__.py @@ -38,14 +38,14 @@ class Auth(BaseAuth): def is_authenticated(self, user, password): """Check if ``user``/``password`` couple is valid.""" server_list = self.configuration.get("auth", "ldap_url") - self.logger.info("Server list type: %s" % type(server_list)) - self.logger.info("Server list: %s" % server_list) + self.logger.warn("Server list type: %s" % type(server_list)) + self.logger.warn("Server list: %s" % server_list) if ' ' in server_list: # Handle for multiple LDAP server defined in ldap_url with space separation - self.logger.info("Server list contains multiple servers") + self.logger.warn("Server list contains multiple servers") servers = server_list.split(' ') SERVER = ldap3.ServerPool(None) - self.logger.info("Servers type: %s" % type(serverst)) - self.logger.info("Servers: %s" % servers) + self.logger.warn("Servers type: %s" % type(servers)) + self.logger.warn("Servers: %s" % servers) for s in servers: SERVER.add(ldap3.Server(s)) else: # only one server is defined From 3c3a933f85ad2e27d73d3b64782614bdaa5e7d8d Mon Sep 17 00:00:00 2001 From: holczer Date: Wed, 17 Jun 2020 14:08:19 +0200 Subject: [PATCH 5/5] simplified logging in multi server setups --- radicale_auth_ldap/__init__.py | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/radicale_auth_ldap/__init__.py b/radicale_auth_ldap/__init__.py index 2f6fb16..d5c79f0 100644 --- a/radicale_auth_ldap/__init__.py +++ b/radicale_auth_ldap/__init__.py @@ -37,19 +37,16 @@ class Auth(BaseAuth): def is_authenticated(self, user, password): """Check if ``user``/``password`` couple is valid.""" - server_list = self.configuration.get("auth", "ldap_url") - self.logger.warn("Server list type: %s" % type(server_list)) - self.logger.warn("Server list: %s" % server_list) - if ' ' in server_list: # Handle for multiple LDAP server defined in ldap_url with space separation - self.logger.warn("Server list contains multiple servers") - servers = server_list.split(' ') + servers = self.configuration.get("auth", "ldap_url") + if ' ' in servers: # Handle for multiple LDAP server defined in ldap_url with space separation + servers = servers.split(' ') + self.logger.debug("Multiple servers: %s" % servers) SERVER = ldap3.ServerPool(None) - self.logger.warn("Servers type: %s" % type(servers)) - self.logger.warn("Servers: %s" % servers) for s in servers: SERVER.add(ldap3.Server(s)) else: # only one server is defined - SERVER = ldap3.Server(server_list) + self.logger.debug("Single server: %s" % servers) + SERVER = ldap3.Server(servers) BASE = self.configuration.get("auth", "ldap_base") ATTRIBUTE = self.configuration.get("auth", "ldap_attribute") FILTER = self.configuration.get("auth", "ldap_filter")