Home       Trees       Indices       Help   
repoze.who LDAP plugin
Package repoze :: Package who :: Package plugins :: Package ldap :: Module plugins :: Class LDAPBaseAuthenticatorPlugin
[hide private]

Class LDAPBaseAuthenticatorPlugin

source code

Instance Methods [hide private]
 
__init__(self, ldap_connection, base_dn, returned_id='dn', start_tls=False, bind_dn='', bind_pass='', **kwargs)
Create an LDAP authentication plugin.		 source code
unicode
_get_dn(self, environ, identity)
Return the user DN based on the environment and the identity.		 source code
unicode or None
authenticate(self, environ, identity)
Return the naming identifier of the user to be authenticated.		 source code
 
__repr__(self)
repr(x)		 source code
 
__providedBy__(...)
Object Specification Descriptor		 source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Variables [hide private]
  __implemented__ = <implementedBy repoze.who.plugins.ldap.plugi...
  __provides__ = <zope.interface.declarations.ClassProvides obje...
Properties [hide private]

Inherited from object: __class__

Method Details [hide private]

__init__(self, ldap_connection, base_dn, returned_id='dn', start_tls=False, bind_dn='', bind_pass='', **kwargs)
(Constructor)

source code 

Create an LDAP authentication plugin.

By passing an existing LDAPObject, you're free to use the LDAP authentication method you want, the way you want.

This is an *abstract* class, which means it's useless in itself. You can only use subclasses of this class that implement the _get_dn method (e.g., the built-in authenticators).

This plugin is compatible with any identifier plugin that defines the login and password items in the identity dictionary.

Parameters:
  • ldap_connection (ldap.ldapobject.SimpleLDAPObject) - An initialized LDAP connection.
  • base_dn (unicode) - The base for the Distinguished Name. Something like ou=employees,dc=example,dc=org, to which will be prepended the user id: uid=jsmith,ou=employees,dc=example,dc=org.
  • returned_id (str, 'dn' or 'login') - Should we return the full DN or just the bare naming identifier value on successful authentication?
  • start_tls (bool) - Should we negotiate a TLS upgrade on the connection with the directory server?
  • bind_dn (str) - Operate as the bind_dn directory entry
  • bind_pass (str) - The password for bind_dn directory entry
Raises:
  • ValueError - If at least one of the parameters is not defined.
Overrides: object.__init__

Attention: While the DN is always unique, if you configure the authenticator plugin to return the bare naming attribute, you have to ensure its uniqueness in the DIT.

_get_dn(self, environ, identity)

source code 

Return the user DN based on the environment and the identity.

Must be implemented in a subclass

Parameters:
  • environ - The WSGI environment.
  • identity - The identity dictionary.
Returns: unicode
The Distinguished Name (DN)
Raises:
  • ValueError - If the login key is not in the identity dict.

authenticate(self, environ, identity)

source code 

Return the naming identifier of the user to be authenticated.

Returns: unicode or None
The naming identifier, if the credentials were valid.

__repr__(self)
(Representation operator)

source code 

repr(x)

Overrides: object.__repr__
(inherited documentation)

Class Variable Details [hide private]

__implemented__

Value:
<implementedBy repoze.who.plugins.ldap.plugins.LDAPBaseAuthenticatorPl\
ugin>

__provides__

Value:
<zope.interface.declarations.ClassProvides object at 0x1e54650>

   Home       Trees       Indices       Help   
repoze.who LDAP plugin
Generated by Epydoc 3.0.1 on Thu Jun 3 10:41:55 2010 http://epydoc.sourceforge.net