add config für LDAPS

This commit is contained in:
Tim Gröger 2020-06-28 12:59:06 +02:00
parent f87d7b9e5d
commit 7baffec406
5 changed files with 39 additions and 9 deletions

1
.gitignore vendored
View File

@ -124,4 +124,5 @@ dmypy.json
# custom # custom
test_pricelist/ test_pricelist/
test_project/ test_project/
config.yml
geruecht.config.yml geruecht.config.yml

View File

@ -8,6 +8,7 @@ from .logger import getDebugLogger
from geruecht.controller import dbConfig, ldapConfig from geruecht.controller import dbConfig, ldapConfig
from flask_mysqldb import MySQL from flask_mysqldb import MySQL
from flask_ldapconn import LDAPConn from flask_ldapconn import LDAPConn
import ssl
DEBUG = getDebugLogger() DEBUG = getDebugLogger()
DEBUG.info("Initialize App") DEBUG.info("Initialize App")
@ -25,9 +26,17 @@ app.config['MYSQL_PASSWORD'] = dbConfig['passwd']
app.config['MYSQL_DB'] = dbConfig['database'] app.config['MYSQL_DB'] = dbConfig['database']
app.config['MYSQL_CURSORCLASS'] = 'DictCursor' app.config['MYSQL_CURSORCLASS'] = 'DictCursor'
app.config['LDAP_SERVER'] = ldapConfig['URL'] app.config['LDAP_SERVER'] = ldapConfig['URL']
app.config['LDAP_PORT'] = ldapConfig['port'] app.config['LDAP_PORT'] = ldapConfig['PORT']
app.config['LDAP_BINDDN'] = ldapConfig['dn'] if ldapConfig['BIND_DN']:
app.config['LDAP_BINDDN'] = ldapConfig['BIND_DN']
else:
app.config['LDAP_BINDDN'] = ldapConfig['DN']
if ldapConfig['BIND_SECRET']:
app.config['LDAP_SECRET'] = ldapConfig['BIND_SECRET']
app.config['LDAP_USE_TLS'] = False app.config['LDAP_USE_TLS'] = False
app.config['LDAP_USE_SSL'] = ldapConfig['SSL']
app.config['LDAP_TLS_VERSION'] = ssl.PROTOCOL_TLSv1_2
app.config['LDAP_REQUIRE_CERT'] = ssl.CERT_NONE
app.config['FORCE_ATTRIBUTE_VALUE_AS_LIST'] = True app.config['FORCE_ATTRIBUTE_VALUE_AS_LIST'] = True
ldap = LDAPConn(app) ldap = LDAPConn(app)

View File

@ -6,7 +6,10 @@ Database:
database: database:
LDAP: LDAP:
URL: URL:
dn: DN:
BIND_DN:
BIND_SECRET:
SSL:
USER_DN: USER_DN:
ADMIN_DN: ADMIN_DN:
ADMIN_SECRET: ADMIN_SECRET:

View File

@ -34,14 +34,14 @@ class ConifgParser():
if 'LDAP' not in self.config: if 'LDAP' not in self.config:
self.__error__( self.__error__(
'Wrong Configuration for LDAP. You should configure ldapconfig with "URL" and "dn"') 'Wrong Configuration for LDAP. You should configure ldapconfig with "URL" and "BIND_DN"')
if 'URL' not in self.config['LDAP'] or 'dn' not in self.config['LDAP']: if 'URL' not in self.config['LDAP'] or 'DN' not in self.config['LDAP']:
self.__error__( self.__error__(
'Wrong Configuration for LDAP. You should configure ldapconfig with "URL" and "dn"') 'Wrong Configuration for LDAP. You should configure ldapconfig with "URL" and "BIND_DN"')
if 'port' not in self.config['LDAP']: if 'PORT' not in self.config['LDAP']:
DEBUG.info( DEBUG.info(
'No Config for port in LDAP found. Set it to default: {}'.format(389)) 'No Config for port in LDAP found. Set it to default: {}'.format(389))
self.config['LDAP']['port'] = 389 self.config['LDAP']['PORT'] = 389
if 'ADMIN_DN' not in self.config['LDAP']: if 'ADMIN_DN' not in self.config['LDAP']:
DEBUG.info( DEBUG.info(
'No Config for ADMIN_DN in LDAP found. Set it to default {}. (Maybe Password reset not working)'.format(None) 'No Config for ADMIN_DN in LDAP found. Set it to default {}. (Maybe Password reset not working)'.format(None)
@ -57,6 +57,23 @@ class ConifgParser():
'No Config for USER_DN in LDAP found. Set it to default {}. (Maybe Password reset not working)'.format(None) 'No Config for USER_DN in LDAP found. Set it to default {}. (Maybe Password reset not working)'.format(None)
) )
self.config['LDAP']['USER_DN'] = None self.config['LDAP']['USER_DN'] = None
if 'BIND_DN' not in self.config['LDAP']:
DEBUG.info(
'No Config for BIND_DN in LDAP found. Set it to default {}. (Maybe Password reset not working)'.format(None)
)
self.config['LDAP']['BIND_DN'] = None
if 'BIND_SECRET' not in self.config['LDAP']:
DEBUG.info(
'No Config for BIND_SECRET in LDAP found. Set it to default {}. (Maybe Password reset not working)'.format(None)
)
self.config['LDAP']['BIND_SECRET'] = None
if 'SSL' not in self.config['LDAP']:
DEBUG.info(
'No Config for SSL in LDAP found. Set it to default {}. (Maybe Password reset not working)'.format(False)
)
self.config['LDAP']['SSL'] = False
else:
self.config['LDAP']['SSL'] = bool(self.config['LDAP']['SSL'])
self.ldap = self.config['LDAP'] self.ldap = self.config['LDAP']
DEBUG.info("Set LDAPconfig: {}".format(self.ldap)) DEBUG.info("Set LDAPconfig: {}".format(self.ldap))
if 'AccessTokenLifeTime' in self.config: if 'AccessTokenLifeTime' in self.config:

View File

@ -17,7 +17,7 @@ class LDAPController(metaclass=Singleton):
def __init__(self): def __init__(self):
debug.info("init ldap controller") debug.info("init ldap controller")
self.dn = ldapConfig['dn'] self.dn = ldapConfig['DN']
self.ldap = ldap self.ldap = ldap
debug.debug("base dn is {{ {} }}".format(self.dn)) debug.debug("base dn is {{ {} }}".format(self.dn))
debug.debug("ldap is {{ {} }}".format(self.ldap)) debug.debug("ldap is {{ {} }}".format(self.ldap))