LDAP integration for cone.app
Project description
Plugin for cone.app providing LDAP integration.
Features
LDAP access via node.ext.ldap
Application integration into cone.app
Integration into cone.ugm
POSIX support
Samba support
Development Setup
Prerequirements
lxml, python-ldap and openldap gets compiled, the required dev headers must be installed on the system.
On debian based systems install:
$ apt-get install -y libxml2-dev libxslt1-dev
$ apt-get install -y libsasl2-dev libssl-dev libdb-dev
Installation
cone.ldap contains a buildout configuration. Download or checkout package and run:
cone.ldap$ ./bootstrap.sh python3
Start Test LDAP server with appropriate LDIF layer:
cone.ldap$ ./bin/testldap start groupOfNames_10_10
Start the application:
cone.ldap$ ./bin/pserve cfg/gon_10_10/ldap_gon_10_10.ini
and browse http://localhost:8081/. Default admin user password is admin.
The “roles” behavior in the principal form is only displayed if roles configuration is sane. The LDIF imported for test layer does not provide the roles container by default. Browse “Settings -> LDAP Roles” and perform “create roles container” action if you want to enable roles in the demo.
Note: If python_ldap fails, don’t use buildout offline mode!
Configuration and Customization
General
For customizing the plugin, make an integration package and include it in your setup.
Application configuration
To define the LDAP related configuration locations, provide the following settings in your application ini file.
# LDAP UGM backend activation
ugm.backend = ldap
# Basic LDAP server configuration
ldap.server_config = /path/to/ldap_server.xml
# LDAP UGM backend related configuration
ldap.users_config = /path/to/ldap_users.xml
ldap.groups_config = /path/to/ldap_groups.xml
ldap.roles_config = /path/to/ldap_roles.xml
Examples of these configuration file can be found at cfg folder of the source package.
UGM Default values and default value callbacks
Depending on the LDAP object classes used for users and groups, more or less attributes are required for the entries. Maybe not all of these attributes should be visible to the user. Some might even require to be computed. Therefor the plugin supports default values and default value callbacks.
Default values and callbacks are registered via factory_defaults.users, factory_defaults.groups and factory_defaults.roles.
from cone.ldap.settings import factory_defaults
The factory defaults can be static values.
factory_defaults.user['someField'] = '12345'
Default value callbacks get the principal node and id as attributes.
def some_field_callback(node, id):
return 'some computed value'
factory_defaults.user['someField'] = some_field_callback
Samba support
Example configuration to enable samba support.
from cone.ldap.settings import factory_defaults
from node.ext.ldap.ugm import posix
from node.ext.ldap.ugm import shadow
from node.ext.ldap.ugm import samba
samba.SAMBA_LOCAL_SID = 'S-1-5-21-1234567890-1234567890-1234567890'
samba.SAMBA_DEFAULT_DOMAIN = 'yourdomain'
samba.SAMBA_PRIMARY_GROUP_SID = 'S-1-5-21-1234567890-1234567890-1234567890-123'
user = factory_defaults.user
user['gidNumber'] = posix.memberGid
user['loginShell'] = posix.loginShell
user['shadowFlag'] = shadow.shadowFlag
user['shadowMin'] = shadow.shadowMin
user['shadowMax'] = shadow.shadowMax
user['shadowWarning'] = shadow.shadowWarning
user['shadowInactive'] = shadow.shadowInactive
user['shadowLastChange'] = shadow.shadowLastChange
user['shadowExpire'] = shadow.shadowExpire
user['sambaSID'] = samba.sambaUserSID
user['sambaDomainName'] = samba.sambaDomainName
user['sambaPrimaryGroupSID'] = samba.sambaPrimaryGroupSID
user['sambaAcctFlags'] = samba.sambaAcctFlags
user['sambaPwdLastSet'] = samba.sambaPwdLastSet
group = factory_defaults.group
factory_defaults.group['memberUid'] = posix.memberUid
Contributors
Robert Niederreiter (Author)
Changes
0.2 (2022-12-05)
Move users_expires_attr and users_expires_unit settings from cone.ugm, since they always have been used only for LDAP UGM backend.
0.1 (2020-07-09)
Initial release.
License
Copyright (c) 2019-2021, BlueDynamics Alliance, Austria Copyright (c) 2021-2022, Cone Contributors All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.