From c5436f22fa0223873ac57e0531d20f6a7a55ac2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20Gr=C3=B6ger?= Date: Fri, 17 Feb 2023 16:40:54 +0100 Subject: [PATCH] feat(ldap) fix get right config --- flaschengeist/plugins/auth_ldap/__init__.py | 34 ++++++++++++--------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/flaschengeist/plugins/auth_ldap/__init__.py b/flaschengeist/plugins/auth_ldap/__init__.py index 56d139b..2f76498 100644 --- a/flaschengeist/plugins/auth_ldap/__init__.py +++ b/flaschengeist/plugins/auth_ldap/__init__.py @@ -20,34 +20,38 @@ from flaschengeist.plugins import AuthPlugin, before_role_updated class AuthLDAP(AuthPlugin): def load(self): + self.config = config.get("auth_ldap", None) + if self.config is None: + logger.error("auth_ldap was not configured in flaschengeist.toml", exc_info=True) + raise InternalServerError app.config.update( - LDAP_SERVER=config.get("host", "localhost"), - LDAP_PORT=config.get("port", 389), - LDAP_BINDDN=config.get("bind_dn", None), - LDAP_SECRET=config.get("secret", None), - LDAP_USE_SSL=config.get("use_ssl", False), + LDAP_SERVER=self.config.get("host", "localhost"), + LDAP_PORT=self.config.get("port", 389), + LDAP_BINDDN=self.config.get("bind_dn", None), + LDAP_SECRET=self.config.get("secret", None), + LDAP_USE_SSL=self.config.get("use_ssl", False), # That's not TLS, its dirty StartTLS on unencrypted LDAP LDAP_USE_TLS=False, LDAP_TLS_VERSION=ssl.PROTOCOL_TLS, FORCE_ATTRIBUTE_VALUE_AS_LIST=True, ) if "ca_cert" in config: - app.config["LDAP_CA_CERTS_FILE"] = config["ca_cert"] + app.config["LDAP_CA_CERTS_FILE"] = self.config["ca_cert"] else: # Default is CERT_REQUIRED app.config["LDAP_REQUIRE_CERT"] = ssl.CERT_OPTIONAL self.ldap = LDAPConn(app) - self.base_dn = config["base_dn"] - self.search_dn = config.get("search_dn", "ou=people,{base_dn}").format(base_dn=self.base_dn) - self.group_dn = config.get("group_dn", "ou=group,{base_dn}").format(base_dn=self.base_dn) - self.password_hash = config.get("password_hash", "SSHA").upper() - self.object_classes = config.get("object_classes", ["inetOrgPerson"]) - self.user_attributes: dict = config.get("user_attributes", {}) - self.dn_template = config.get("dn_template") + self.base_dn = self.config["base_dn"] + self.search_dn = self.config.get("search_dn", "ou=people,{base_dn}").format(base_dn=self.base_dn) + self.group_dn = self.config.get("group_dn", "ou=group,{base_dn}").format(base_dn=self.base_dn) + self.password_hash = self.config.get("password_hash", "SSHA").upper() + self.object_classes = self.config.get("object_classes", ["inetOrgPerson"]) + self.user_attributes: dict = self.config.get("user_attributes", {}) + self.dn_template = self.config.get("dn_template") # TODO: might not be set if modify is called - self.root_dn = config.get("root_dn", None) - self.root_secret = config.get("root_secret", None) + self.root_dn = self.config.get("root_dn", None) + self.root_secret = self.config.get("root_secret", None) @before_role_updated def _role_updated(role, new_name):