src/Microservices/Authentication/LdapAuthenticator.py - gerrit/titan/titan.Libraries.ServiceFramework - Git at Google

 #// Copyright (c) 2000-2017 Ericsson Telecom AB                                                         //
 #// All rights reserved. This program and the accompanying materials are made available under the terms //
 #// of the Eclipse Public License v1.0 which accompanies this distribution, and is available at         //
 #// http://www.eclipse.org/legal/epl-v10.html                                                           //
 #/////////////////////////////////////////////////////////////////////////////////////////////////////////
 '''
 This module provides an authenticate(username, password) function that uses LDAP to authenticate a user.
 '''

 import ldap, logging

 #LDAP_ADDRESS = 'ldaps://159.107.49.152:3269'
 #LDAP_ADDRESS = 'ldaps://ldap-egad.internal.ericsson.com:3269'
 #LDAP_ADDRESS = 'ldaps://ericsson.se:636')
 LDAP_ADDRESS = 'ldaps://sesbiwegad0001.ericsson.se:636'
 USER_PREFIX = 'ERICSSON\\'

 def _setLdapOptions(ld):
     ld.set_option(ldap.OPT_NETWORK_TIMEOUT, 5) # timeout on ldap connection
     ld.set_option(ldap.OPT_TIMEOUT, 5) # timeout on ldap actions
     ld.set_option(ldap.OPT_REFERRALS, 0)
     ld.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
     ld.set_option(ldap.OPT_DEBUG_LEVEL, 255)

 def authenticate(username, password):
     # admin allowed by default for now
     if username == 'admin' and password == 'admin':
         return True
     logging.getLogger(__name__).info('LDAP authentication for ' + username)
     if password.strip() == '':
         raise Exception('Password must not be empty')
     if username.strip() == '':
         raise Exception('Username must not be empty')
     username = USER_PREFIX + username

     # Must be set before initialize. The rest of the option can be set afterwards
     ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)

     try:
         ld = ldap.initialize(LDAP_ADDRESS)
         _setLdapOptions(ld)
         ld.simple_bind_s(username, password)
     except Exception as e:
         # Extract textual error message from the exception
         errorMessage = e.args[0]['desc']
         raise Exception(errorMessage)
     finally:
         # Must be invoked otherwise upcoming requests may be denied by LDAP server
         ld.unbind_s()

     return True
	#// Copyright (c) 2000-2017 Ericsson Telecom AB //
	#// All rights reserved. This program and the accompanying materials are made available under the terms //
	#// of the Eclipse Public License v1.0 which accompanies this distribution, and is available at //
	#// http://www.eclipse.org/legal/epl-v10.html //
	#/////////////////////////////////////////////////////////////////////////////////////////////////////////
	'''
	This module provides an authenticate(username, password) function that uses LDAP to authenticate a user.
	'''

	import ldap, logging

	#LDAP_ADDRESS = 'ldaps://159.107.49.152:3269'
	#LDAP_ADDRESS = 'ldaps://ldap-egad.internal.ericsson.com:3269'
	#LDAP_ADDRESS = 'ldaps://ericsson.se:636')
	LDAP_ADDRESS = 'ldaps://sesbiwegad0001.ericsson.se:636'
	USER_PREFIX = 'ERICSSON\\'

	def _setLdapOptions(ld):
	ld.set_option(ldap.OPT_NETWORK_TIMEOUT, 5) # timeout on ldap connection
	ld.set_option(ldap.OPT_TIMEOUT, 5) # timeout on ldap actions
	ld.set_option(ldap.OPT_REFERRALS, 0)
	ld.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
	ld.set_option(ldap.OPT_DEBUG_LEVEL, 255)

	def authenticate(username, password):
	# admin allowed by default for now
	if username == 'admin' and password == 'admin':
	return True
	logging.getLogger(__name__).info('LDAP authentication for ' + username)
	if password.strip() == '':
	raise Exception('Password must not be empty')
	if username.strip() == '':
	raise Exception('Username must not be empty')
	username = USER_PREFIX + username

	# Must be set before initialize. The rest of the option can be set afterwards
	ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)

	try:
	ld = ldap.initialize(LDAP_ADDRESS)
	_setLdapOptions(ld)
	ld.simple_bind_s(username, password)
	except Exception as e:
	# Extract textual error message from the exception
	errorMessage = e.args[0]['desc']
	raise Exception(errorMessage)
	finally:
	# Must be invoked otherwise upcoming requests may be denied by LDAP server
	ld.unbind_s()

	return True