Changeset 1968

Show
Ignore:
Timestamp:
12/02/04 23:01:58 (20 years ago)
Author:
jalet
Message:

TLS is now supported with the LDAP backend

Location:
pykota/trunk
Files:
4 modified

Legend:

Unmodified
Added
Removed
  • pykota/trunk/conf/pykota.conf.sample

    r1956 r1968  
    8181#storageuser: cn=notadmin,dc=librelogiciel,dc=com 
    8282#storageuserpw: abc.123 
     83# 
     84# TLS support for LDAP 
     85# 
     86# ldaptls can be set to either Yes or No 
     87# the default value when not set is No, meaning that TLS won't be used. 
     88#ldaptls: No 
     89# 
     90# cacert points to the CA Certificate file to use for TLS. 
     91# Ensure that every user who can launch PyKota commands can read this file. 
     92# There's NO default value for this directive. 
     93#cacert /etc/pykota/mycertfile 
     94# 
    8395# 
    8496# Here we define some helpers to know where  
     
    92104#printerbase: ou=Printers,ou=PyKota,dc=librelogiciel,dc=com 
    93105#printerrdn: cn 
    94 #jobbase: ou=Jobs,ou=PyKota,dc=librelogiciel,dc=com 
    95106#userquotabase: ou=UQuotas,ou=PyKota,dc=librelogiciel,dc=com 
    96107#groupquotabase: ou=GQuotas,ou=PyKota,dc=librelogiciel,dc=com 
     108#jobbase: ou=Jobs,ou=PyKota,dc=librelogiciel,dc=com 
    97109#lastjobbase: ou=LastJobs,ou=PyKota,dc=librelogiciel,dc=com 
    98110# 
  • pykota/trunk/NEWS

    r1967 r1968  
    2424    - 1.21alpha11 : 
    2525     
     26        - TLS is now supported with the LDAP backend. Thanks to Stefan 
     27          Wold for the patch. 
     28           
    2629        - edpkota now accepts the -U | --used value command line argument 
    2730          to preset the page counters to an initial value. Thanks to 
  • pykota/trunk/pykota/config.py

    r1956 r1968  
    2222# 
    2323# $Log$ 
     24# Revision 1.58  2004/12/02 22:01:58  jalet 
     25# TLS is now supported with the LDAP backend 
     26# 
    2427# Revision 1.57  2004/11/22 21:53:38  jalet 
    2528# Added the reject_unknown directive to pykota.conf to reject user/group 
     
    337340            if ldapinfo[field].lower().startswith('attach(') : 
    338341                ldapinfo[field] = ldapinfo[field][7:-1] 
     342                 
     343        # should we use TLS, by default (if unset) value is NO         
     344        ldapinfo["ldaptls"] = self.isTrue(self.getGlobalOption("ldaptls", ignore=1)) 
     345        ldapinfo["cacert"] = self.getGlobalOption("cacert", ignore=1) 
     346        if ldapinfo["cacert"] : 
     347            ldapinfo["cacert"] = ldapinfo["cacert"].strip() 
     348        if ldapinfo["ldaptls"] :     
     349            if not os.access(ldapinfo["cacert"] or "", os.R_OK) : 
     350                raise PyKotaConfigError, _("Option ldaptls is set, but certificate %s is not readable.") % str(ldapinfo["cacert"]) 
    339351        return ldapinfo 
    340352         
  • pykota/trunk/pykota/storages/ldapstorage.py

    r1966 r1968  
    2222# 
    2323# $Log$ 
     24# Revision 1.88  2004/12/02 22:01:58  jalet 
     25# TLS is now supported with the LDAP backend 
     26# 
    2427# Revision 1.87  2004/12/02 12:34:00  jalet 
    2528# Now automates LDAP reconnections if the server dropped the connection due 
     
    353356            try : 
    354357                self.database = ldap.initialize(self.savedhost)  
     358                if self.info["ldaptls"] : 
     359                    # we want TLS 
     360                    ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, self.info["cacert"]) 
     361                    self.database.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND) 
     362                    self.database.start_tls_s() 
    355363                self.database.simple_bind_s(self.saveduser, self.savedpasswd) 
    356364                self.basedn = self.saveddbname