Configurator method to set the LDAP login search. base_dn is the DN at which to begin the search. filter_tmpl is a string which can be used as an LDAP filter: it should contain the replacement value %(login)s. Scope is any valid LDAP scope value (e.g. ldap.SCOPE_ONELEVEL). cache_period is the number of seconds to cache login search results; if it is 0, login search results will not be cached.
Example:
config.set_ldap_login_query(
base_dn='CN=Users,DC=example,DC=com',
filter_tmpl='(sAMAccountName=%(login)s)',
scope=ldap.SCOPE_ONELEVEL,
)
The registered search must return one and only one value to be considered a valid login.
Configurator method to set the LDAP groups search. base_dn is the DN at which to begin the search. filter_tmpl is a string which can be used as an LDAP filter: it should contain the replacement value %(userdn)s. Scope is any valid LDAP scope value (e.g. ldap.SCOPE_SUBTREE). cache_period is the number of seconds to cache groups search results; if it is 0, groups search results will not be cached.
Example:
config.set_ldap_groups_query(
base_dn='CN=Users,DC=example,DC=com',
filter_tmpl='(&(objectCategory=group)(member=%(userdn)s))'
scope=ldap.SCOPE_SUBTREE,
)
Configurator method to set up an LDAP connection pool.
uri: ldap server uri [mandatory]
bind: default bind that will be used to bind a connector. default: None
passwd: default password that will be used to bind a connector. default: None
size: pool size. default: 10
retry_max: number of attempts when a server is down. default: 3
retry_delay: delay in seconds before a retry. default: .1
use_tls: activate TLS when connecting. default: False
timeout: connector timeout. default: -1
each time. default: True
Set up Configurator methods for pyramid_ldap
Return the LDAP connector attached to the request. If pyramid.config.Configurator.ldap_setup() was not called, using this function will raise an pyramid.exceptions.ConfigurationError.
Provides API methods for accessing LDAP authentication information.
An ldappool ConnectionManager instance that can be used to perform arbitrary LDAP queries. See https://github.com/mozilla-services/ldappool
Given a login name and a password, return a tuple of (dn, attrdict) if the matching user if the user exists and his password is correct. Otherwise return None.
In a (dn, attrdict) return value, dn will be the distinguished name of the authenticated user. Attrdict will be a dictionary mapping LDAP user attributes to sequences of values. The keys and values in the dictionary values provided will be decoded from UTF-8, recursively, where possible. The dictionary returned is a case-insensitive dictionary implemenation.
If pyramid.config.Configurator.ldap_set_login_query() was not called, using this function will raise an pyramid.exceptions.ConfiguratorError.
Given a user DN, return a sequence of LDAP attribute dictionaries matching the groups of which the DN is a member. If the DN does not exist, return None.
In a return value [(dn, attrdict), ...], dn will be the distinguished name of the group. Attrdict will be a dictionary mapping LDAP group attributes to sequences of values. The keys and values in the dictionary values provided will be decoded from UTF-8, recursively, where possible. The dictionary returned is a case-insensitive dictionary implemenation.
If pyramid.config.Configurator.ldap_set_groups_query() was not called, using this function will raise an pyramid.exceptions.ConfiguratorError
A groupfinder implementation useful in conjunction with out-of-the-box Pyramid authentication policies. It returns the DN of each group belonging to the user specified by userdn to as a principal in the list of results; if the user does not exist, it returns None.