From 7baffec406bc5bd26ce6c32765bdba130229eee3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20Gr=C3=B6ger?= Date: Sun, 28 Jun 2020 12:59:06 +0200 Subject: [PATCH] =?UTF-8?q?add=20config=20f=C3=BCr=20LDAPS?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitignore | 1 + geruecht/__init__.py | 13 +++++++++++-- geruecht/config.yml.example | 5 ++++- geruecht/configparser.py | 27 ++++++++++++++++++++++----- geruecht/controller/ldapController.py | 2 +- 5 files changed, 39 insertions(+), 9 deletions(-) diff --git a/.gitignore b/.gitignore index f48f2f7..ed93d09 100644 --- a/.gitignore +++ b/.gitignore @@ -124,4 +124,5 @@ dmypy.json # custom test_pricelist/ test_project/ +config.yml geruecht.config.yml diff --git a/geruecht/__init__.py b/geruecht/__init__.py index d2eb11d..2687a9a 100644 --- a/geruecht/__init__.py +++ b/geruecht/__init__.py @@ -8,6 +8,7 @@ from .logger import getDebugLogger from geruecht.controller import dbConfig, ldapConfig from flask_mysqldb import MySQL from flask_ldapconn import LDAPConn +import ssl DEBUG = getDebugLogger() DEBUG.info("Initialize App") @@ -25,9 +26,17 @@ app.config['MYSQL_PASSWORD'] = dbConfig['passwd'] app.config['MYSQL_DB'] = dbConfig['database'] app.config['MYSQL_CURSORCLASS'] = 'DictCursor' app.config['LDAP_SERVER'] = ldapConfig['URL'] -app.config['LDAP_PORT'] = ldapConfig['port'] -app.config['LDAP_BINDDN'] = ldapConfig['dn'] +app.config['LDAP_PORT'] = ldapConfig['PORT'] +if ldapConfig['BIND_DN']: + app.config['LDAP_BINDDN'] = ldapConfig['BIND_DN'] +else: + app.config['LDAP_BINDDN'] = ldapConfig['DN'] +if ldapConfig['BIND_SECRET']: + app.config['LDAP_SECRET'] = ldapConfig['BIND_SECRET'] app.config['LDAP_USE_TLS'] = False +app.config['LDAP_USE_SSL'] = ldapConfig['SSL'] +app.config['LDAP_TLS_VERSION'] = ssl.PROTOCOL_TLSv1_2 +app.config['LDAP_REQUIRE_CERT'] = ssl.CERT_NONE app.config['FORCE_ATTRIBUTE_VALUE_AS_LIST'] = True ldap = LDAPConn(app) diff --git a/geruecht/config.yml.example b/geruecht/config.yml.example index 06f3e71..62a16a2 100644 --- a/geruecht/config.yml.example +++ b/geruecht/config.yml.example @@ -6,7 +6,10 @@ Database: database: LDAP: URL: - dn: + DN: + BIND_DN: + BIND_SECRET: + SSL: USER_DN: ADMIN_DN: ADMIN_SECRET: diff --git a/geruecht/configparser.py b/geruecht/configparser.py index b2835c7..1fbe90c 100644 --- a/geruecht/configparser.py +++ b/geruecht/configparser.py @@ -34,14 +34,14 @@ class ConifgParser(): if 'LDAP' not in self.config: self.__error__( - 'Wrong Configuration for LDAP. You should configure ldapconfig with "URL" and "dn"') - if 'URL' not in self.config['LDAP'] or 'dn' not in self.config['LDAP']: + 'Wrong Configuration for LDAP. You should configure ldapconfig with "URL" and "BIND_DN"') + if 'URL' not in self.config['LDAP'] or 'DN' not in self.config['LDAP']: self.__error__( - 'Wrong Configuration for LDAP. You should configure ldapconfig with "URL" and "dn"') - if 'port' not in self.config['LDAP']: + 'Wrong Configuration for LDAP. You should configure ldapconfig with "URL" and "BIND_DN"') + if 'PORT' not in self.config['LDAP']: DEBUG.info( 'No Config for port in LDAP found. Set it to default: {}'.format(389)) - self.config['LDAP']['port'] = 389 + self.config['LDAP']['PORT'] = 389 if 'ADMIN_DN' not in self.config['LDAP']: DEBUG.info( 'No Config for ADMIN_DN in LDAP found. Set it to default {}. (Maybe Password reset not working)'.format(None) @@ -57,6 +57,23 @@ class ConifgParser(): 'No Config for USER_DN in LDAP found. Set it to default {}. (Maybe Password reset not working)'.format(None) ) self.config['LDAP']['USER_DN'] = None + if 'BIND_DN' not in self.config['LDAP']: + DEBUG.info( + 'No Config for BIND_DN in LDAP found. Set it to default {}. (Maybe Password reset not working)'.format(None) + ) + self.config['LDAP']['BIND_DN'] = None + if 'BIND_SECRET' not in self.config['LDAP']: + DEBUG.info( + 'No Config for BIND_SECRET in LDAP found. Set it to default {}. (Maybe Password reset not working)'.format(None) + ) + self.config['LDAP']['BIND_SECRET'] = None + if 'SSL' not in self.config['LDAP']: + DEBUG.info( + 'No Config for SSL in LDAP found. Set it to default {}. (Maybe Password reset not working)'.format(False) + ) + self.config['LDAP']['SSL'] = False + else: + self.config['LDAP']['SSL'] = bool(self.config['LDAP']['SSL']) self.ldap = self.config['LDAP'] DEBUG.info("Set LDAPconfig: {}".format(self.ldap)) if 'AccessTokenLifeTime' in self.config: diff --git a/geruecht/controller/ldapController.py b/geruecht/controller/ldapController.py index bc85d8f..da3044e 100644 --- a/geruecht/controller/ldapController.py +++ b/geruecht/controller/ldapController.py @@ -17,7 +17,7 @@ class LDAPController(metaclass=Singleton): def __init__(self): debug.info("init ldap controller") - self.dn = ldapConfig['dn'] + self.dn = ldapConfig['DN'] self.ldap = ldap debug.debug("base dn is {{ {} }}".format(self.dn)) debug.debug("ldap is {{ {} }}".format(self.ldap))