From 9b219c587305961e8710ea475453ed40c264853b Mon Sep 17 00:00:00 2001
From: Alexander Sulfrian <alex@spline.inf.fu-berlin.de>
Date: Tue, 12 Jan 2016 19:10:34 +0100
Subject: utils: Drop python-ldap in favour of ldap3

The ldap3 library is python3 compatible and more future proof.
---
 utils/login.py | 40 ++++++++++++++++++----------------------
 1 file changed, 18 insertions(+), 22 deletions(-)

(limited to 'utils/login.py')

diff --git a/utils/login.py b/utils/login.py
index e6c8f21..cda1485 100644
--- a/utils/login.py
+++ b/utils/login.py
@@ -1,5 +1,6 @@
-import ldap
-from functools import reduce
+from ldap3 import Tls, Server, Connection, BASE
+from ldap3.utils.dn import safe_dn
+import ssl
 
 
 def user_cls(login):
@@ -9,32 +10,27 @@ def user_cls(login):
     return decorator
 
 
-def _format_dn(attr, base_dn=None):
-    attr = [attr]
-    if base_dn is not None:
-        attr.extend(base_dn)
-
-    return ','.join(['%s=%s' % (key, ldap.dn.escape_dn_chars(value))
-                     for (key, value) in attr])
+def _format_dn(parts):
+    return ','.join([safe_dn(part) for part in parts])
 
 
 def auth(config, model, username, password):
-    ldap.protocol_version = 3
-    l = ldap.initialize(config['host'])
-    l.set_option(ldap.OPT_X_TLS_DEMAND, True)
-    try:
-	user_dn = _format_dn(('uid', username), config['base_dn'])
-	l.simple_bind_s(user_dn, password)
-    except ldap.INVALID_CREDENTIALS:
-	return None
+    tls_configuration = Tls(validate=ssl.CERT_REQUIRED,
+                            version=ssl.PROTOCOL_TLSv1)
+    server = Server(config['host'], use_ssl=True, tls=tls_configuration)
+
+    user_dn = _format_dn(['uid=%s' % username] + config['base_dn'])
+    conn = Connection(server, user=user_dn, password=password)
+    if not conn.bind():
+        return None
 
     user = model.query.filter_by(name=username).first()
     if user is None:
-	user_data = l.search_s(user_dn, ldap.SCOPE_BASE)
-	if len(user_data) != 1:
-	    return None
+        if not conn.search(user_dn, '(objectclass=inetOrgPerson)',
+                           search_scope=BASE, attributes=['mail']):
+            return None
 
-	(dn, user_data) = user_data[0]
-	user = model.create(name=username, email=user_data['mail'][0])
+        user_data = conn.entries[0]
+        user = model.create(name=username, email=user_data.mail.value)
 
     return user
-- 
cgit v1.2.3-1-g7c22