feat(ldap) fix get right config
This commit is contained in:
parent
7796f45097
commit
c5436f22fa
|
@ -20,34 +20,38 @@ from flaschengeist.plugins import AuthPlugin, before_role_updated
|
|||
|
||||
class AuthLDAP(AuthPlugin):
|
||||
def load(self):
|
||||
self.config = config.get("auth_ldap", None)
|
||||
if self.config is None:
|
||||
logger.error("auth_ldap was not configured in flaschengeist.toml", exc_info=True)
|
||||
raise InternalServerError
|
||||
app.config.update(
|
||||
LDAP_SERVER=config.get("host", "localhost"),
|
||||
LDAP_PORT=config.get("port", 389),
|
||||
LDAP_BINDDN=config.get("bind_dn", None),
|
||||
LDAP_SECRET=config.get("secret", None),
|
||||
LDAP_USE_SSL=config.get("use_ssl", False),
|
||||
LDAP_SERVER=self.config.get("host", "localhost"),
|
||||
LDAP_PORT=self.config.get("port", 389),
|
||||
LDAP_BINDDN=self.config.get("bind_dn", None),
|
||||
LDAP_SECRET=self.config.get("secret", None),
|
||||
LDAP_USE_SSL=self.config.get("use_ssl", False),
|
||||
# That's not TLS, its dirty StartTLS on unencrypted LDAP
|
||||
LDAP_USE_TLS=False,
|
||||
LDAP_TLS_VERSION=ssl.PROTOCOL_TLS,
|
||||
FORCE_ATTRIBUTE_VALUE_AS_LIST=True,
|
||||
)
|
||||
if "ca_cert" in config:
|
||||
app.config["LDAP_CA_CERTS_FILE"] = config["ca_cert"]
|
||||
app.config["LDAP_CA_CERTS_FILE"] = self.config["ca_cert"]
|
||||
else:
|
||||
# Default is CERT_REQUIRED
|
||||
app.config["LDAP_REQUIRE_CERT"] = ssl.CERT_OPTIONAL
|
||||
self.ldap = LDAPConn(app)
|
||||
self.base_dn = config["base_dn"]
|
||||
self.search_dn = config.get("search_dn", "ou=people,{base_dn}").format(base_dn=self.base_dn)
|
||||
self.group_dn = config.get("group_dn", "ou=group,{base_dn}").format(base_dn=self.base_dn)
|
||||
self.password_hash = config.get("password_hash", "SSHA").upper()
|
||||
self.object_classes = config.get("object_classes", ["inetOrgPerson"])
|
||||
self.user_attributes: dict = config.get("user_attributes", {})
|
||||
self.dn_template = config.get("dn_template")
|
||||
self.base_dn = self.config["base_dn"]
|
||||
self.search_dn = self.config.get("search_dn", "ou=people,{base_dn}").format(base_dn=self.base_dn)
|
||||
self.group_dn = self.config.get("group_dn", "ou=group,{base_dn}").format(base_dn=self.base_dn)
|
||||
self.password_hash = self.config.get("password_hash", "SSHA").upper()
|
||||
self.object_classes = self.config.get("object_classes", ["inetOrgPerson"])
|
||||
self.user_attributes: dict = self.config.get("user_attributes", {})
|
||||
self.dn_template = self.config.get("dn_template")
|
||||
|
||||
# TODO: might not be set if modify is called
|
||||
self.root_dn = config.get("root_dn", None)
|
||||
self.root_secret = config.get("root_secret", None)
|
||||
self.root_dn = self.config.get("root_dn", None)
|
||||
self.root_secret = self.config.get("root_secret", None)
|
||||
|
||||
@before_role_updated
|
||||
def _role_updated(role, new_name):
|
||||
|
|
Loading…
Reference in New Issue