[Twisted-Python] ldaptor and bind
Ottavio Campana
ottavio at campana.vi.it
Mon Jan 7 18:34:29 EST 2008
Tommi Virtanen ha scritto:
> On Mon, Jan 07, 2008 at 11:52:52PM +0100, Ottavio Campana wrote:
>> 1) how do I get the username and password used to bind in function
>> def _cbSearchGotBase(self, base, dn, request, reply):
>> ? with request.dn and request.auth?
>
> LDAPServer's self.boundUser. And the password isn't stored any
> longer than is required to process the LDAPBindRequest.
>
>> 2) how do I modify request.filter? can I just append text?
>
> It's an LDAPFilter instance. No, it's not a string.
>
>> In this case, after having biding working I would be done. It's not full
>> acl support, but it would be enough.
>
> Umm, if you didn't even realize you need to protect against
> modification, do you really think you can manage to implement
> it securely?
well, considering that data provided through ldap is for readonly use,
that ldap exports information saved in a database which is protected,
that clients access the ldap server only read only and the network is
not hostile, I think it could be acceptable.
I can't run openldap on that hardware and I need a way to separate
public and private address books and I need to be able to look in both
address books with only one search, so they have to be nested.
I know acls would do the job, I know the solution is not perfect, but do
you have any other idea?
PS: going on with my idea, I could overwrite handle_LDAPModifyDNRequest
by always rising ldaperrors.LDAPUnwillingToPerform. The same for all
other add/delete/modify request...
--
Non c'e' piu' forza nella normalita', c'e' solo monotonia.
More information about the Twisted-Python
mailing list