[Twisted-Python] ldaptor and bind
Ottavio Campana
ottavio at campana.vi.it
Mon Jan 7 17:52:52 EST 2008
Tommi Virtanen ha scritto:
> On Mon, Jan 07, 2008 at 11:05:10PM +0100, Ottavio Campana wrote:
>> 1) does it support bind? I think so, even though I'm not able to make it
>> work by now.
>
> The unit test in ldaptor.test.test_server.LDAPServerTest.test_bind_success
> says it does.
I'll give a look at it
>> 2) it doesn't support access control, but for what I've seen class
>> LDAPServer has a handle_LDAPSearchRequest method. I think I have to modify
>> its behavior, especially when it calls root.lookup(dn). Do think that
>> subclassing LDAPServer might be a good way of doing it?
>
> Yup, but don't think that's the only thing you'd need to change.
> Really, if you don't know LDAP already you probably will not be
> able to make it secure.
Yes, I agree with you, it's everything but easy. I'm thinking about
other solutions because I don't need full acl as in openldap.
Since each inetOrgPerson class has the userPassword field, I could add
it to each element of the address book and I can check it in
LDAPServer._cbSearchGotBase by modifying the filter object and adding a
check to match the password in the inetOrgPerson classes with the
password that the user gave to bind to the server.
In this case I just need to know
1) how do I get the username and password used to bind in function
def _cbSearchGotBase(self, base, dn, request, reply):
? with request.dn and request.auth?
2) how do I modify request.filter? can I just append text?
In this case, after having biding working I would be done. It's not full
acl support, but it would be enough.
What do you think about it?
--
Non c'e' piu' forza nella normalita', c'e' solo monotonia.
More information about the Twisted-Python
mailing list