diff --git a/cps/admin.py b/cps/admin.py index 57796080..6ed48785 100644 --- a/cps/admin.py +++ b/cps/admin.py @@ -44,7 +44,7 @@ from .gdriveutils import is_gdrive_ready, gdrive_support from .web import admin_required, render_title_template, before_request, unconfigured, login_required_if_no_ano feature_support = { - 'ldap': False, # bool(services.ldap), + 'ldap': bool(services.ldap), 'goodreads': bool(services.goodreads_support) } @@ -326,13 +326,16 @@ def _configuration_update_helper(): return _configuration_result('Please enter a LDAP service account and password', gdriveError) config.set_from_dictionary(to_save, "config_ldap_serv_password", base64.b64encode) - _config_checkbox("config_ldap_use_ssl") - _config_checkbox("config_ldap_use_tls") - _config_checkbox("config_ldap_openldap") - _config_checkbox("config_ldap_require_cert") - _config_string("config_ldap_cert_path") - if config.config_ldap_cert_path and not os.path.isfile(config.config_ldap_cert_path): - return _configuration_result('LDAP Certfile location is not valid, please enter correct path', gdriveError) + _config_string("config_ldap_group_object_filter") + _config_string("config_ldap_group_members_field") + _config_string("config_ldap_group_name") + _config_checkbox("config_ldap_use_ssl") + _config_checkbox("config_ldap_use_tls") + _config_checkbox("config_ldap_openldap") + _config_checkbox("config_ldap_require_cert") + _config_string("config_ldap_cert_path") + if config.config_ldap_cert_path and not os.path.isfile(config.config_ldap_cert_path): + return _configuration_result('LDAP Certfile location is not valid, please enter correct path', gdriveError) # Remote login configuration _config_checkbox("config_remote_login") diff --git a/cps/config_sql.py b/cps/config_sql.py index 809e97d8..fcffc3bc 100644 --- a/cps/config_sql.py +++ b/cps/config_sql.py @@ -37,6 +37,8 @@ _Base = declarative_base() class _Settings(_Base): __tablename__ = 'settings' + config_is_initial = Column(Boolean, default=True) + id = Column(Integer, primary_key=True) mail_server = Column(String, default='mail.example.org') mail_port = Column(Integer, default=25) @@ -86,18 +88,21 @@ class _Settings(_Base): # config_oauth_provider = Column(Integer) - config_ldap_provider_url = Column(String, default='localhost') + config_ldap_provider_url = Column(String, default='example.org') config_ldap_port = Column(SmallInteger, default=389) config_ldap_schema = Column(String, default='ldap') - config_ldap_serv_username = Column(String) + config_ldap_serv_username = Column(String, default='cn=admin,dc=example,dc=org') config_ldap_serv_password = Column(String) config_ldap_use_ssl = Column(Boolean, default=False) config_ldap_use_tls = Column(Boolean, default=False) config_ldap_require_cert = Column(Boolean, default=False) config_ldap_cert_path = Column(String) - config_ldap_dn = Column(String) - config_ldap_user_object = Column(String) - config_ldap_openldap = Column(Boolean, default=False) + config_ldap_dn = Column(String, default='dc=example,dc=org') + config_ldap_user_object = Column(String, default='uid=%s') + config_ldap_openldap = Column(Boolean, default=True) + config_ldap_group_object_filter = Column(String, default='(&(objectclass=posixGroup)(cn=%s))') + config_ldap_group_members_field = Column(String, default='memberUid') + config_ldap_group_name = Column(String, default='calibreweb') config_ebookconverter = Column(Integer, default=0) config_converterpath = Column(String) diff --git a/cps/services/simpleldap.py b/cps/services/simpleldap.py index 42a9aacd..03f9704c 100644 --- a/cps/services/simpleldap.py +++ b/cps/services/simpleldap.py @@ -35,8 +35,7 @@ def init_app(app, config): app.config['LDAP_HOST'] = config.config_ldap_provider_url app.config['LDAP_PORT'] = config.config_ldap_port app.config['LDAP_SCHEMA'] = config.config_ldap_schema - app.config['LDAP_USERNAME'] = config.config_ldap_user_object.replace('%s', config.config_ldap_serv_username)\ - + ',' + config.config_ldap_dn + app.config['LDAP_USERNAME'] = config.config_ldap_serv_username app.config['LDAP_PASSWORD'] = base64.b64decode(config.config_ldap_serv_password) app.config['LDAP_REQUIRE_CERT'] = bool(config.config_ldap_require_cert) if config.config_ldap_require_cert: @@ -46,17 +45,29 @@ def init_app(app, config): app.config['LDAP_USE_SSL'] = bool(config.config_ldap_use_ssl) app.config['LDAP_USE_TLS'] = bool(config.config_ldap_use_tls) app.config['LDAP_OPENLDAP'] = bool(config.config_ldap_openldap) + app.config['LDAP_GROUP_OBJECT_FILTER'] = config.config_ldap_group_object_filter + app.config['LDAP_GROUP_MEMBERS_FIELD'] = config.config_ldap_group_members_field _ldap.init_app(app) +def get_object_details(user=None, group=None, query_filter=None, dn_only=False): + return _ldap.get_object_details(user, group, query_filter, dn_only) + + +def bind(): + return _ldap.bind() + + +def get_group_members(group): + return _ldap.get_group_members(group) + def basic_auth_required(func): return _ldap.basic_auth_required(func) def bind_user(username, password): - # ulf= _ldap.get_object_details('admin') '''Attempts a LDAP login. :returns: True if login succeeded, False if login failed, None if server unavailable. diff --git a/cps/templates/admin.html b/cps/templates/admin.html index 17b84f34..ef60ab33 100644 --- a/cps/templates/admin.html +++ b/cps/templates/admin.html @@ -32,7 +32,11 @@ {% endif %} {% endfor %} -
+ {% if not (config.config_login_type == 1) %} + + {% else %} + + {% endif %} @@ -190,3 +194,15 @@ {% endblock %} +{% block js %} + +{% endblock %} diff --git a/cps/templates/config_edit.html b/cps/templates/config_edit.html index 85b9598e..88d2631d 100644 --- a/cps/templates/config_edit.html +++ b/cps/templates/config_edit.html @@ -186,6 +186,7 @@ {% endif %} + {% if not config.config_is_initial %} {% if feature_support['ldap'] or feature_support['oauth'] %}