6.2.1.1. useridresolver.LDAPIdResolver module¶
- This module implements the communication
- and data mapping to LDAP servers. The LinOTPd imports this module to use LDAP servers as a userstore.
Dependencies: UserIdResolver
- class useridresolver.LDAPIdResolver.IdResolver[source]¶
Bases: useridresolver.UserIdResolver.UserIdResolver
LDAP User Id resolver
- CERTFILE = None¶
- ca_certs = set([])¶
- ca_dir = None¶
- checkPass(uid, password)[source]¶
checkPass - checks the password for a given uid.
Parameters: - uid (string) – userid to be checked
- password (string) – user password
:return : true in case of success, false if password does not match :rtype : boolean
Attention : First the UID needs to be converted to the DN, in case the Uid is not the DN
- close()[source]¶
closes method is called, when the request ends - here we close the ldap connection by unbind
- conf = ''¶
- fields = {'username': 1, 'phone': 0, 'surname': 0, 'description': 0, 'mobile': 0, 'gender': 0, 'givenname': 0, 'userid': 1, 'email': 0}¶
- getConfigEntry(config, key, conf, required=True, default='')[source]¶
getConfigEntry - retrieve an entry from the config
Parameters: - config (dict) – dict of all configs
- key (string) – key which is searched
- conf (string) – scope of the config eg. connect.sql
- required (boolean) – if this value ist true and the key is not defined, an exception sill be raised
- default (any) – fallback value if confg has no such entry
Returns: the value of the specified key
Return type: value type - in most cases string ;-)
- classmethod getResolverClassDescriptor()[source]¶
return the descriptor of the resolver, which is - the class name and - the config description
Returns: resolver description dict Return type: dict
- getResolverId()[source]¶
getResolverId - provide the resolver identifier
Returns: returns the resolver identifier string or empty string if not exist :rtype : string
- getResolverType()[source]¶
getResolverType - return the type of the resolver
Returns: returns the string ‘ldapresolver’ Return type: string
- getSearchFields(searchDict=None)[source]¶
return all fields on which a search could be made
Returns: dictionary of the search fields and their types - not used!! Return type: dict
- getUserId(loginname)[source]¶
return the userId which mappes to an loginname
Parameters: loginName (string) – login name of the user Returns: userid - unique idenitfier for this unser Return type: string
- getUserInfo(userid)[source]¶
return all user related information
Parameters: userId (string) – specied user Returns: dictionary, containing all user related info Return type: dict The return is a dictionary with well defined keys: fields = {
“username”:1, “userid”:1, “description”:0, “phone”:0,”mobile”:0,”email”:0, “givenname”:0,”surname”:0,”gender”:0}
- getUserLDAPInfo(UserId)[source]¶
This function returns all user information for a given user object identified by UserID. In LDAP case this is the DN, but could also be ‘objectguid’ or uidtype
Parameters: userid (unicode or str) – user identifier (in unicode) Returns: user info dict Return type: dict
- getUserList(searchDict)[source]¶
retrieve a list of users
Parameters: searchDict (dict) – dictionary of the search criterias Returns: resultList, a dict with user info
- getUsername(userid)[source]¶
get the loginname from the given userid
Parameters: userId (string) – userid descriptor Returns: loginname Return type: string
- guid2str(guid)[source]¶
- convert the binary MS AD GUID to something that could be displayed
- http://support.microsoft.com/kb/325649
Parameters: guid (binary) – binary value Returns: string representation of the guid Return type: string
- loadConfig(config, conf='')[source]¶
- loadConfig - load the config for the resolver
- The calling applications passes the LDAP configuration: FILTER LDAPURI BASE BINDDN BINDPW
Parameters: - config (dict) – configuration for the sqlresolver
- conf (string) – configuration postfix
- nameDict = {}¶
- searchFields = {'username': 'text', 'surname': 'text', 'description': 'text', 'userid': 'text', 'givenname': 'text', 'email': 'text'}¶
- searchLDAPUserList(key, value)[source]¶
- finds the user objects, that have the term ‘value’ in the
- user object field ‘key’
Parameters: - key (string) – The key may be an ldap attribute like ‘loginname’ or ‘email’.
- value – The value is a regular expression.
:type value:string
Returns: a list of dictionaries (each dictionary contains a user object) or an empty string if no object is found. Return type: list
- classmethod setup(config=None, cache_dir=None)[source]¶
this setup hook is triggered, when the server starts to serve the first request
On this first call the CA certificate for the LDAP module is verified and set - if the CA certificate is specified.
Parameters: config (the linotp config dict) – the linotp config
- classmethod testconnection(params)[source]¶
This is used to test if the given parameter set will do a successful LDAP connection. params are:
BINDDN BINDPW LDAPURI TIMEOUT LDAPBASE LOGINNAMEATTRIBUTE’: ‘sAMAccountName’, LDAPSEARCHFILTER’: ‘(sAMAccountName=*)(objectClass=user)’, LDAPFILTER’: ‘(&(sAMAccountName=%s)(objectClass=user))’, USERINFO’: ‘{ “username”: “sAMAccountName”, “phone” :
“telephoneNumber”, “mobile” : “mobile”, “email” : “mail”, “surname” : “sn”, “givenname” : “givenName” }’SIZELIMIT NOREFERRALS CACERTIFICATE