Revert to simple python-ldap, authentication works

2014-03-25 18:53:22 +00:00 · 2014-03-25 18:53:22 +00:00 · cba46b6c66
parent 1a08cba3f8
commit cba46b6c66
3 changed files with 16 additions and 6 deletions
--- a/config.cfg.sample
+++ b/config.cfg.sample
@ -12,6 +12,5 @@ DEBUG = True

 LDAP_HOST = "aw2clouddc01.hpcloud.ms"
 LDAP_DOMAIN = "hpcloud.ms"
-LDAP_BASE = "CN=Users,DC=hpcloud,DC=ms"

 BACKDOOR_AUTH = True
--- a/ephemeral_ca/init.py
+++ b/ephemeral_ca/init.py
@ -10,19 +10,30 @@ import sys
 import time
 import uuid
 import yaml
+import ldap

 from flask import Flask, request, redirect, Response
-from flask.ext.ldap import LDAP

 app = Flask(__name__)
 app.config.from_pyfile(os.environ.get('EPHEMERAL_CA_SETTINGS', 'config.cfg'))
-ldap = LDAP(app)
+
+
+def ldap_login(user, secret):
+    ldo = ldap.initialize("ldap://%s" % (app.config['LDAP_HOST'],))
+    ldo.set_option(ldap.OPT_REFERRALS, 0)
+    try:
+        ldo.simple_bind_s("%s@%s" % (user, app.config['LDAP_DOMAIN']), secret)
+        return True
+    except ldap.INVALID_CREDENTIALS:
+        return False
+

 def auth(user, secret):
    if app.config['BACKDOOR_AUTH']:
-        return secret=='woot' and user=='woot'
+        if secret=='woot' and user=='woot':
+            return True

-    return ldap.ldap_login(user, secret)
+    return ldap_login(user, secret)


 def sign(csr,encoding):
--- a/setup.py
+++ b/setup.py
@ -10,7 +10,7 @@ setup(
    install_requires=[
        'm2crypto',
        'flask',
-        'flask-ldap',
+        'python-ldap',
        'setuptools>=1.0',
    ],
    setup_requires=[