I've been tasked with integrating LDAP with our MediaDrop server and came across this article: http://mediadrop.net/community/topic/mediadrop-user-authentication-methods
I've been following the advice in the article by modifying the auth.py file located in mediadrop/model/auth.py and I cannot get it to communicate to my LDAP server. I have isolated and tested the LDAP section of my code and had success (monitored our LDAP server's syslog for LDAP events), but as soon as I implement it into auth.py, it doesn't work. Code below
def validate_password(self, password):
"""Check the password against existing credentials.
:param password: the password that was provided by the user to
try and authenticate. This is the clear text version that we will
need to match against the hashed one in the database.
:type password: unicode object.
:return: Whether the password is valid.
:rtype: bool
"""
hashed_pass = sha1()
hashed_pass.update(password + self.password[:40])
authenticated = self.password[40:] == hashed_pass.hexdigest()
# Authenticate against LDAP if user is not local
if not authenticated:
ldap_server="x.x.x.x"
# the following is the user_dn format provided by the ldap server
username = self.user_name.replace("."," ").title()
user_dn = "cn="+username+",ou=orgunit,dc=domain,dc=domain"
base_dn = "dc=domain,dc=domain"
connect = ldap.open(ldap_server)
search_filter = "cn="+username
try:
#if authentication successful, get the full user data
connect.bind_s(user_dn,password)
result = connect.search_s(base_dn,ldap.SCOPE_SUBTREE,search_filter)
# return all user data results
if result is not None:
# if authenticated and returns some data, place user LDAP info into mediadrop DB
submit_to_md_db(self.user_name, str(self.user_name)+"@email.com", username, password.encode('UTF-8'))
connect.unbind_s()
authenticated = True
except ldap.LDAPError:
connect.unbind_s()
authenticated = False
return authenticated
When I try to log in, the debug console spits out these messages:
12:25:49,335 DEBUG [routes.middleware] [worker 0] Matched GET /
12:25:49,335 DEBUG [routes.middleware] [worker 0] Route path: '', defaults: {'action': u'explore', 'controller': u'media'}
12:25:49,336 DEBUG [routes.middleware] [worker 0] Match dict: {'action': u'explore', 'controller': u'media'}
12:25:49,336 DEBUG [pylons.wsgiapp] [worker 0] Setting up Pylons stacked object globals
12:25:49,336 DEBUG [pylons.wsgiapp] [worker 0] Resolved URL to controller: u'media'
12:25:49,337 DEBUG [pylons.wsgiapp] [worker 0] Controller appears to be a class, instantiating
12:25:49,337 DEBUG [pylons.wsgiapp] [worker 0] Calling controller class with WSGI interface
12:25:49,416 DEBUG [pylons.util] [worker 0] No attribute called nav_hide_main found on c object, returning empty string
I have also tried only including the LDAP code and removing these original lines of code (only cares about a bool returning) and I still have no response from our LDAP server that it was trying to authenticate against it (was tailing our syslog for LDAP activity)
hashed_pass = sha1()
hashed_pass.update(password + self.password[:40])
authenticated = self.password[40:] == hashed_pass.hexdigest()
I'm currently running this on ubuntu server 14.04 with MediaDrop 0.11dev using the python-LDAP package
If anything, I'm hoping I can get some help implementing this code or if someone could share what they did to get LDAP to work on their MediaDrop server, please let me know