added LDAP import

update defaults
pull/1120/head
ground7 5 years ago
parent b586a32843
commit 54c4f40188

@ -44,7 +44,7 @@ from .gdriveutils import is_gdrive_ready, gdrive_support
from .web import admin_required, render_title_template, before_request, unconfigured, login_required_if_no_ano from .web import admin_required, render_title_template, before_request, unconfigured, login_required_if_no_ano
feature_support = { feature_support = {
'ldap': False, # bool(services.ldap), 'ldap': bool(services.ldap),
'goodreads': bool(services.goodreads_support) 'goodreads': bool(services.goodreads_support)
} }
@ -326,6 +326,9 @@ def _configuration_update_helper():
return _configuration_result('Please enter a LDAP service account and password', gdriveError) return _configuration_result('Please enter a LDAP service account and password', gdriveError)
config.set_from_dictionary(to_save, "config_ldap_serv_password", base64.b64encode) config.set_from_dictionary(to_save, "config_ldap_serv_password", base64.b64encode)
_config_string("config_ldap_group_object_filter")
_config_string("config_ldap_group_members_field")
_config_string("config_ldap_group_name")
_config_checkbox("config_ldap_use_ssl") _config_checkbox("config_ldap_use_ssl")
_config_checkbox("config_ldap_use_tls") _config_checkbox("config_ldap_use_tls")
_config_checkbox("config_ldap_openldap") _config_checkbox("config_ldap_openldap")

@ -37,6 +37,8 @@ _Base = declarative_base()
class _Settings(_Base): class _Settings(_Base):
__tablename__ = 'settings' __tablename__ = 'settings'
config_is_initial = Column(Boolean, default=True)
id = Column(Integer, primary_key=True) id = Column(Integer, primary_key=True)
mail_server = Column(String, default='mail.example.org') mail_server = Column(String, default='mail.example.org')
mail_port = Column(Integer, default=25) mail_port = Column(Integer, default=25)
@ -86,18 +88,21 @@ class _Settings(_Base):
# config_oauth_provider = Column(Integer) # config_oauth_provider = Column(Integer)
config_ldap_provider_url = Column(String, default='localhost') config_ldap_provider_url = Column(String, default='example.org')
config_ldap_port = Column(SmallInteger, default=389) config_ldap_port = Column(SmallInteger, default=389)
config_ldap_schema = Column(String, default='ldap') config_ldap_schema = Column(String, default='ldap')
config_ldap_serv_username = Column(String) config_ldap_serv_username = Column(String, default='cn=admin,dc=example,dc=org')
config_ldap_serv_password = Column(String) config_ldap_serv_password = Column(String)
config_ldap_use_ssl = Column(Boolean, default=False) config_ldap_use_ssl = Column(Boolean, default=False)
config_ldap_use_tls = Column(Boolean, default=False) config_ldap_use_tls = Column(Boolean, default=False)
config_ldap_require_cert = Column(Boolean, default=False) config_ldap_require_cert = Column(Boolean, default=False)
config_ldap_cert_path = Column(String) config_ldap_cert_path = Column(String)
config_ldap_dn = Column(String) config_ldap_dn = Column(String, default='dc=example,dc=org')
config_ldap_user_object = Column(String) config_ldap_user_object = Column(String, default='uid=%s')
config_ldap_openldap = Column(Boolean, default=False) config_ldap_openldap = Column(Boolean, default=True)
config_ldap_group_object_filter = Column(String, default='(&(objectclass=posixGroup)(cn=%s))')
config_ldap_group_members_field = Column(String, default='memberUid')
config_ldap_group_name = Column(String, default='calibreweb')
config_ebookconverter = Column(Integer, default=0) config_ebookconverter = Column(Integer, default=0)
config_converterpath = Column(String) config_converterpath = Column(String)

@ -35,8 +35,7 @@ def init_app(app, config):
app.config['LDAP_HOST'] = config.config_ldap_provider_url app.config['LDAP_HOST'] = config.config_ldap_provider_url
app.config['LDAP_PORT'] = config.config_ldap_port app.config['LDAP_PORT'] = config.config_ldap_port
app.config['LDAP_SCHEMA'] = config.config_ldap_schema app.config['LDAP_SCHEMA'] = config.config_ldap_schema
app.config['LDAP_USERNAME'] = config.config_ldap_user_object.replace('%s', config.config_ldap_serv_username)\ app.config['LDAP_USERNAME'] = config.config_ldap_serv_username
+ ',' + config.config_ldap_dn
app.config['LDAP_PASSWORD'] = base64.b64decode(config.config_ldap_serv_password) app.config['LDAP_PASSWORD'] = base64.b64decode(config.config_ldap_serv_password)
app.config['LDAP_REQUIRE_CERT'] = bool(config.config_ldap_require_cert) app.config['LDAP_REQUIRE_CERT'] = bool(config.config_ldap_require_cert)
if config.config_ldap_require_cert: if config.config_ldap_require_cert:
@ -46,17 +45,29 @@ def init_app(app, config):
app.config['LDAP_USE_SSL'] = bool(config.config_ldap_use_ssl) app.config['LDAP_USE_SSL'] = bool(config.config_ldap_use_ssl)
app.config['LDAP_USE_TLS'] = bool(config.config_ldap_use_tls) app.config['LDAP_USE_TLS'] = bool(config.config_ldap_use_tls)
app.config['LDAP_OPENLDAP'] = bool(config.config_ldap_openldap) app.config['LDAP_OPENLDAP'] = bool(config.config_ldap_openldap)
app.config['LDAP_GROUP_OBJECT_FILTER'] = config.config_ldap_group_object_filter
app.config['LDAP_GROUP_MEMBERS_FIELD'] = config.config_ldap_group_members_field
_ldap.init_app(app) _ldap.init_app(app)
def get_object_details(user=None, group=None, query_filter=None, dn_only=False):
return _ldap.get_object_details(user, group, query_filter, dn_only)
def bind():
return _ldap.bind()
def get_group_members(group):
return _ldap.get_group_members(group)
def basic_auth_required(func): def basic_auth_required(func):
return _ldap.basic_auth_required(func) return _ldap.basic_auth_required(func)
def bind_user(username, password): def bind_user(username, password):
# ulf= _ldap.get_object_details('admin')
'''Attempts a LDAP login. '''Attempts a LDAP login.
:returns: True if login succeeded, False if login failed, None if server unavailable. :returns: True if login succeeded, False if login failed, None if server unavailable.

@ -32,7 +32,11 @@
{% endif %} {% endif %}
{% endfor %} {% endfor %}
</table> </table>
{% if not (config.config_login_type == 1) %}
<div class="btn btn-default" id="admin_new_user"><a href="{{url_for('admin.new_user')}}">{{_('Add new user')}}</a></div> <div class="btn btn-default" id="admin_new_user"><a href="{{url_for('admin.new_user')}}">{{_('Add new user')}}</a></div>
{% else %}
<a href=# id=import_ldap_users name=import_ldap_users><button type="submit" class="btn btn-default">{{_('Import LDAP Users')}}</button></a>
{% endif %}
</div> </div>
</div> </div>
@ -190,3 +194,15 @@
</div> </div>
</div> </div>
{% endblock %} {% endblock %}
{% block js %}
<script type="text/javascript">
$(function() {
$('a#import_ldap_users').bind('click', function() {
$.getJSON('/import_ldap_users',
function(data) {}
);
location.reload();
});
});
</script>
{% endblock %}

@ -186,6 +186,7 @@
</div> </div>
</div> </div>
{% endif %} {% endif %}
{% if not config.config_is_initial %}
{% if feature_support['ldap'] or feature_support['oauth'] %} {% if feature_support['ldap'] or feature_support['oauth'] %}
<div class="form-group"> <div class="form-group">
<label for="config_login_type">{{_('Login type')}}</label> <label for="config_login_type">{{_('Login type')}}</label>
@ -219,7 +220,7 @@
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="config_ldap_serv_password">{{_('LDAP Admin password')}}</label> <label for="config_ldap_serv_password">{{_('LDAP Admin password')}}</label>
<input type="password" class="form-control" id="config_ldap_serv_password" name="config_ldap_serv_password" value="{% if config.config_ldap_serv_password != None %}{{ config.config_ldap_serv_password }}{% endif %}" autocomplete="off"> <input type="password" class="form-control" id="config_ldap_serv_password" name="config_ldap_serv_password" autocomplete="off">
</div> </div>
<div class="form-group"> <div class="form-group">
<input type="checkbox" id="config_ldap_use_ssl" name="config_ldap_use_ssl" {% if config.config_ldap_use_ssl %}checked{% endif %}> <input type="checkbox" id="config_ldap_use_ssl" name="config_ldap_use_ssl" {% if config.config_ldap_use_ssl %}checked{% endif %}>
@ -251,6 +252,18 @@
<input type="checkbox" id="config_ldap_openldap" name="config_ldap_openldap" {% if config.config_ldap_openldap %}checked{% endif %}> <input type="checkbox" id="config_ldap_openldap" name="config_ldap_openldap" {% if config.config_ldap_openldap %}checked{% endif %}>
<label for="config_ldap_openldap">{{_('LDAP Server is OpenLDAP?')}}</label> <label for="config_ldap_openldap">{{_('LDAP Server is OpenLDAP?')}}</label>
</div> </div>
<div class="form-group">
<label for="config_ldap_group_object_filter">{{_('LDAP Group Object Filter')}}</label>
<input type="text" class="form-control" id="config_ldap_group_object_filter" name="config_ldap_group_object_filter" value="{% if config.config_ldap_group_object_filter != None %}{{ config.config_ldap_group_object_filter }}{% endif %}" autocomplete="off">
</div>
<div class="form-group">
<label for="config_ldap_group_members_field">{{_('LDAP Group Members Field')}}</label>
<input type="text" class="form-control" id="config_ldap_group_members_field" name="config_ldap_group_members_field" value="{% if config.config_ldap_group_members_field != None %}{{ config.config_ldap_group_members_field }}{% endif %}" autocomplete="off">
</div>
<div class="form-group">
<label for="config_ldap_group_name">{{_('LDAP Group Name')}}</label>
<input type="text" class="form-control" id="config_ldap_group_name" name="config_ldap_group_name" value="{% if config.config_ldap_group_name != None %}{{ config.config_ldap_group_name }}{% endif %}" autocomplete="off">
</div>
</div> </div>
{% endif %} {% endif %}
{% if feature_support['oauth'] %} {% if feature_support['oauth'] %}
@ -271,6 +284,7 @@
</div> </div>
{% endif %} {% endif %}
{% endif %} {% endif %}
{% endif %}
</div> </div>
</div> </div>
</div> </div>

@ -54,7 +54,7 @@ from .pagination import Pagination
from .redirect import redirect_back from .redirect import redirect_back
feature_support = { feature_support = {
'ldap': False, # bool(services.ldap), 'ldap': bool(services.ldap),
'goodreads': bool(services.goodreads_support) 'goodreads': bool(services.goodreads_support)
} }
@ -253,6 +253,29 @@ def before_request():
return redirect(url_for('admin.basic_configuration')) return redirect(url_for('admin.basic_configuration'))
@app.route('/import_ldap_users')
def import_ldap_users():
new_users = services.ldap.get_group_members(config.config_ldap_group_name)
for username in new_users:
user_data = services.ldap.get_object_details(user=username, group=None, query_filter=None, dn_only=False)
content = ub.User()
content.nickname = username
content.password = username # dummy password which will be replaced by ldap one
content.email = user_data['mail'][0]
if (len(user_data['mail']) > 1):
content.kindle_mail = user_data['mail'][1]
content.role = config.config_default_role
content.sidebar_view = config.config_default_show
content.mature_content = bool(config.config_default_show & constants.MATURE_CONTENT)
ub.session.add(content)
try:
ub.session.commit()
except Exception as e:
log.warning("Failed to create LDAP user: %s - %s", username, e)
ub.session.rollback()
return ""
# ################################### data provider functions ######################################################### # ################################### data provider functions #########################################################
@ -1155,10 +1178,12 @@ def login():
if user and check_password_hash(str(user.password), form['password']) and user.nickname != "Guest": if user and check_password_hash(str(user.password), form['password']) and user.nickname != "Guest":
login_user(user, remember=True) login_user(user, remember=True)
flash(_(u"You are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success") flash(_(u"You are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success")
config.config_is_initial = False
return redirect_back(url_for("web.index")) return redirect_back(url_for("web.index"))
else: else:
log.info('Login failed for user "%s" IP-adress: %s', form['username'], ipAdress) log.info('Login failed for user "%s" IP-adress: %s', form['username'], ipAdress)
flash(_(u"Wrong Username or Password"), category="error") flash(_(u"Wrong Username or Password"), category="error")
settings = config.get_mail_settings() settings = config.get_mail_settings()
mail_configured = bool(settings.get("mail_server", "mail.example.org") != "mail.example.org") mail_configured = bool(settings.get("mail_server", "mail.example.org") != "mail.example.org")

Loading…
Cancel
Save