Home       Trees       Indices       Help   
repoze.who LDAP plugin
Package repoze :: Package who :: Package plugins :: Package ldap :: Module plugins :: Class LDAPSearchAuthenticatorPlugin
[hide private]

Class LDAPSearchAuthenticatorPlugin

source code

Instance Methods [hide private]
 
__init__(self, ldap_connection, base_dn, naming_attribute='uid', search_scope='subtree', restrict='', **kwargs)
Create an LDAP authentication plugin determining the DN via LDAP searches.		 source code
unicode
_get_dn(self, environ, identity)
Return the DN based on the environment and the identity.		 source code

Inherited from LDAPBaseAuthenticatorPlugin: __providedBy__, __repr__, authenticate

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Variables [hide private]

Inherited from LDAPBaseAuthenticatorPlugin: __implemented__, __provides__

Properties [hide private]

Inherited from object: __class__

Method Details [hide private]

__init__(self, ldap_connection, base_dn, naming_attribute='uid', search_scope='subtree', restrict='', **kwargs)
(Constructor)

source code 

Create an LDAP authentication plugin determining the DN via LDAP searches.

By passing an existing LDAPObject, you're free to use the LDAP authentication method you want, the way you want.

This plugin is compatible with any identifier plugin that defines the login and password items in the identity dictionary.

Parameters:
  • ldap_connection (ldap.ldapobject.SimpleLDAPObject) - An initialized LDAP connection.
  • base_dn (unicode) - The base for the Distinguished Name. Something like ou=employees,dc=example,dc=org, to which will be prepended the user id: uid=jsmith,ou=employees,dc=example,dc=org.
  • naming_attribute (unicode) - The naming attribute for directory entries, uid by default.
  • search_scope (str, 'subtree' or 'onelevel', possibly abbreviated to at least the first three characters) - Scope for ldap searches
  • restrict (unicode) - An ldap filter which will be ANDed to the search filter while searching for entries matching the naming attribute
  • base_dn (unicode) - The base for the Distinguished Name. Something like ou=employees,dc=example,dc=org, to which will be prepended the user id: uid=jsmith,ou=employees,dc=example,dc=org.
  • returned_id - Should we return full Directory Names or just the bare naming identifier on successful authentication?
  • start_tls - Should we negotiate a TLS upgrade on the connection with the directory server?
  • bind_dn - Operate as the bind_dn directory entry
  • bind_pass - The password for bind_dn directory entry
Raises:
Overrides: object.__init__

Attention: restrict will be interpolated into the search string as a bare string like in "(&%s(identifier=login))". It must be correctly parenthesised for such usage as in restrict = "(objectClass=*)".

_get_dn(self, environ, identity)

source code 

Return the DN based on the environment and the identity.

Searches the directory entry with naming attribute matching the login item of the identity.

If the login item of the identity is rms, the naming attribute is uid and the base DN is dc=gnu,dc=org, we'll ask the server to search for uid = rms beneath the search base, hopefully finding uid=rms,ou=developers,dc=gnu,dc=org.

Parameters:
  • environ - The WSGI environment.
  • identity - The identity dictionary.
Returns: unicode
The Distinguished Name (DN)
Raises:
  • ValueError - If the login key is not in the identity dict.
Overrides: LDAPBaseAuthenticatorPlugin._get_dn

   Home       Trees       Indices       Help   
repoze.who LDAP plugin
Generated by Epydoc 3.0.1 on Thu Jun 3 10:41:55 2010 http://epydoc.sourceforge.net