{ "info": { "author": "Marco Martinez", "author_email": "", "bugtrack_url": null, "classifiers": [ "Intended Audience :: Developers", "Natural Language :: English", "Operating System :: OS Independent", "Programming Language :: Python", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3.4", "Topic :: Internet :: WWW/HTTP :: WSGI :: Middleware", "Topic :: System :: Systems Administration :: Authentication/Directory :: LDAP" ], "description": "who_ldap\n========\n\nLDAP Authentication for repoze.who-v2-enabled WSGI Applications\n\n**This project is a fork of the original repoze.who.plugins.ldap to support\nwho api v2 as well as Python 3 (and 2.7)**\n\n`who_ldap` an LDAP plugin for the identification and\nauthentication framework for WSGI applications, `repoze.who`, which acts as WSGI\nmiddleware.\n\n\nInstalling\n----------\n\n::\n\n pip install who_ldap\n\n\nInstalling the mainline development branch\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nThe plugin is hosted in `a git branch hosted at github.com\n`_. To get the latest source\ncode, run::\n\n git clone git@github.com:m-martinez/who_ldap.git\n\nThen run the command below::\n\n pip install -e who_ldap/\n\n\nSetting up ``repoze.who`` with the LDAP authenticator\n-----------------------------------------------------\n\nThis section explains how to setup ``repoze.who`` in order to use the LDAP plugins\nin your WSGI application. It is based on `the documentation for repoze.who\n`_.\n\nYou can configure your authentication mechanism powered by ``repoze.who`` with\ntwo methods: With an INI file or with Python code.\n\nIn the examples below we are only going to use the main plugin provided by this\npackage: The LDAP authenticator itself (``LDAPAuthenticatorPlugin``). The\nother plugins don't deal with authentication, but are useful to load automatically\ndata related to the authenticated user from the LDAP server.\n\nUsing the ``repoze.who`` terminology, ``LDAPAuthenticatorPlugin`` is an\n``authenticator plugin`` and the others are ``metadata provider plugins``.\n\n\nConfiguring ``repoze.who`` in a INI file\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nYou can configure your ``repoze.who`` based authentication via a ``*.ini`` file,\nand then load such settings in your application.\n\nSay we have a file called ``who.ini`` with the following contents::\n\n # These contents have been adapted from:\n # http://static.repoze.org/whodocs/#middleware-configuration-via-config-file\n [plugin:form]\n use = repoze.who.plugins.form:make_plugin\n rememberer_name = auth_tkt\n\n [plugin:auth_tkt]\n use = repoze.who.plugins.auth_tkt:make_plugin\n secret = something\n\n [plugin:ldap_auth]\n use = who_ldap:LDAPAuthenticatorPlugin\n url = ldap://ldap.yourcompany.com\n base_dn = ou=developers,dc=yourcompany,dc=com\n\n [general]\n request_classifier = repoze.who.classifiers:default_request_classifier\n challenge_decider = repoze.who.classifiers:default_challenge_decider\n\n [identifiers]\n plugins =\n form;browser\n auth_tkt\n\n [authenticators]\n plugins =\n ldap_auth\n\n [challengers]\n plugins =\n form;browser\n\n\nWith the settings above, authentication via ``repoze.who`` is configured this way:\nVisitors will login with a form, providing their user name and password; then\nthese credentials will be checked against the LDAP server ``ldap.yourcompany.com``\nunder ``ou=developers,dc=yourcompany,dc=com``. This form will be displayed\nwhen your WSGI application issues an HTTP **401** error.\n\nFor example, if an user enters ``jsmith`` as the user name and ``valencia`` as their\npassword, the LDAP authenticator will build their Distinguished Name (DN) as\n``uid=jsmith,ou=developers,dc=yourcompany,dc=com`` and will try to\nauthenticate them in the ``ldap.yourcompany.com`` LDAP server with this DN and\n``valencia`` as the password.\n\nFinally, you can load these settings by adding the `repoze.who` middleware to your\napplication::\n\n from repoze.who.config import make_middleware_with_config\n app_with_auth = make_middleware_with_config(app, global_confg, '/path/to/who.ini')\n\nIn the documentation for ``repoze.who`` there is `a more detailed explanation\n`_\nfor the INI file method.\n\n\nFramework-specific documentation\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nYou may want to check the following framework-specific documents to learn tips\non how to implement `repoze.who` in the framework you are using:\n\n * **Pyramid**: `pyramid_who\n `_.\n * **Pylons**: `Authentication and Authorization with repoze.who\n `_.\n * **TurboGears 2**: `Authentication and Authorization in TurboGears 2\n `_\n (``repoze.who`` is the default authentication library).\n\n\nUsing the LDAP plugins for repoze.who\n-------------------------------------\n\nLDAPAuthenticatorPlugin\n~~~~~~~~~~~~~~~~~~~~~~~\n\nThis plugin connects to the specified LDAP server and tries to `bind` with the\n`Distinguished Name` (DN) made by joining the `login` in the `identity`\ndictionary as the naming attribute value and the **base_dn** specified in the\nconstructor, and then it tries to bind with the `password` found in the\n`identity` dictionary; As a default, the used naming attribute is the\nuser id (`uid`).\n\nFor example, if the `login` provided by the identifier is `carla` and the\n**base_dn** provided in the constructor is `ou=employees,dc=example,dc=org`,\nthe resulting DN will be `uid=carla,ou=employees,dc=example,dc=org`.\n\nIf the directory server's naming attribute were the `email` attribute,\nand we provided naming_attribute='email' in the constructor, the DN\nresulting for the identifier `carla@example.org` would be\n`email=carla@example.org,ou=employees,dc=example,dc=org`.\n\nTo configure this plugin from an INI file, you'd have to include a section\nlike this::\n\n [plugin:ldap_auth]\n use = who_ldap:LDAPAuthenticatorPlugin\n url = ldap://yourcompany.com\n base_dn = ou=employees,dc=yourcompany,dc=com\n naming_attribute = uid\n start_tls = True\n\n\n==================== ======= ========================================================\nSetting Default Description\n==================== ======= ========================================================\n``url`` **Required** Connection URL\n``base_dn`` Location to begin queries\n``returned_id`` dn Attribute to return on authentication ('dn' or 'login')\n``start_tls`` False If set, initiates TLS on the connection\n``naming_attribute`` uid Naming attribute for directory entries\n==================== ======= ========================================================\n\n\n\nLDAPSearchAuthenticatorPlugin\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nThis plugin connects to the specified LDAP server and searches an entry\nresiding below the **base_dn**, whose naming attribute's value is equal\nto the supplied login. If such an entry is found, it tries to bind as the\nentry's DN with the ``password`` found in the ``identity`` dictionary; As a\ndefault, the used naming attribute is the user id (``uid``).\n\nThe ``search_scope`` parameter in the constructor allows to choose whether\nto search the entry in the whole subtree below **base_dn**, or just on\nthe level below if set as ``search_scope='onelevel'``.\n\nFor example, if the ``login`` provided by the identifier is ``carla`` and the\n**base_dn** provided in the constructor is ``dc=example,dc=org``,\nwith the default settings, the system could find the entry\n``uid=carla,ou=employees,dc=example,dc=org``; if we set\n``search_scope='onelevel'``, the entry would not be found.\n\nIf you would like to only allow some entries, you may setup a filter\nby means of the **filterstr** parameter, which is an string whose format is\ndefined by `RFC 4515 - Lightweight Directory Access Protocol (LDAP): String\nRepresentation of Search Filters `_.\nE.g. we can assert only person entries bearing a telephone number starting\nwith ``999111`` can login by setting:\n``filterstr='(&(objectClass=person)(telephoneNumber=999111*))'``\nin the constructor.\n\nTo configure this plugin from an INI file, you'd have to include a section\nlike this::\n\n [plugin:ldap_auth]\n use = who_ldap:LDAPSearchAuthenticatorPlugin\n url = ldap://yourcompany.com\n base_dn = ou=employees,dc=yourcompany,dc=com\n naming_attribute = uid\n search_scope = subtree\n start_tls = True\n\nFinally, add the plugin to the set of authenticators::\n\n [authenticators]\n plugins =\n ldap_auth\n\n\n==================== ======= =======================================================\nSetting Default Description\n==================== ======= =======================================================\n``url`` **Required** Connection URL\n``bind_dn`` Operating user\n``bind_pass`` Operating user password\n``base_dn`` Location to begin queries\n``returned_id`` dn Attribute to return on authentication ('dn' or 'login')\n``start_tls`` False If set, initiates TLS on the connection\n``naming_attribute`` uid Naming attribute for directory entries\n``search_scope`` subtree Scope of LDAP search ('subtree' or 'onelevel')\n``restrict`` Optional additional filter for search\n==================== ======= =======================================================\n\n\nLDAPAttributesPlugin\n~~~~~~~~~~~~~~~~~~~~\n\nThis plugin enables you to load data for the authenticated user\nautomatically and have it available from the WSGI environment \u2014 in the\n``identity`` dictionary, specifically.\n\n**attributes** represents\nthe list of user's attributes that you would like to fetch from the LDAP\nserver; it can be an iterable, an string where the attributes are separated\nby commas, or *None* to fetch all the available attributes.\n\nBy default it loads the attributes available for *any* entry whose *DN* is\nthe same as the one found by ``LDAPAuthenticatorPlugin``, which is\ndesired in most situations.\nHowever, if you would like to exclude some entries, you may setup a filter\nby means of the **filterstr** parameter, which shares the same semantics\nas the **filterstr** parameter in ``LDAPSearchAuthenticatorPlugin``.\n\nTo configure this plugin from an INI file, you'd have to include a section\nlike this::\n\n [plugin:ldap_attributes]\n use = who_ldap:LDAPAttributesPlugin\n url = ldap://ldap.yourcompany.com\n attributes = cn,sn,mail\n\nIf instead of loading the *Common Name*, *surname* and *email*, as with the\nsettings above, you'd prefer to load all the available attributes for the\nauthenticated user, you'd just have to remove the *attributes* directive.\n\nFinally, add the plugin to the set of metadata providers::\n\n [mdproviders]\n plugins =\n ldap_attributes\n\n\n=================== =============== =======================================================\nSetting Default Description\n=================== =============== =======================================================\n``url`` **Required** Connection URL\n``bind_dn`` Operating user\n``bind_pass`` Operating user password\n``base_dn`` Location to begin queries\n``start_tls`` False If set, initiates TLS on the connection\n``attributes`` LDAP attributes to use.\n Can be a simple comma-delimited list (e.g. uid,cn),\n or a mapping list (e.g. cn=fullname,mail=email).\n``filterstr`` (objectClass=*) A filter for the search\n``flatten`` False Cleans up LDAP values if they are not lists\n=================== =============== =======================================================\n\n\nLDAPGroupsPlugin\n~~~~~~~~~~~~~~~~\n\nThis plugin enables you to load all the group memberships of the authenticated\nuser.\n\n==================== ======= =======================================================\nSetting Default Description\n==================== ======= =======================================================\n``url`` **Required** Connection URL\n``bind_dn`` Operating user\n``bind_pass`` Operating user password\n``base_dn`` Location to begin queries\n``start_tls`` False If set, initiates TLS on the connection\n``filterstr`` A filter for the search (Default behaviour:\n (&(objectClass=groupOfUniqueNames)(uniqueMember=%(dn)s)))\n``name`` The property name in the identity to use\n``search_scope`` subtree Scope of LDAP search ('subtree' or 'onelevel')\n``returned_id`` cn Which attribute value of the group entry to return\n==================== ======= =======================================================\n\n\nChangelog\n=========\n\n3.2.2 (2017-02-15)\n--------------------\n\n- Properly escape search filter string (http://ldap3.readthedocs.io/searches.html#the-search-operation)\n\n\n3.2.1 (2016-06-22)\n--------------------\n\n- Alter release workflow\n\n\n3.2.0 (2016-06-22)\n--------------------\n\n- Use version 2.3 of ``repoze.who`` which implements improved userdata heuristics\n\n\n3.1.0 (2015-02-09)\n--------------------\n\n- Search for users via filter if present [domruf]\n- Switch to ``ldap3`` package (which was renamed from ``python3-ldap``) [Cito]\n- Convert b64de/encode byte strings to regular strings in Python 3 [Cito]\n- Use (objectClass=*) if no filter is specified when scope is base.\n\n\n3.0.2 (2014-06-11)\n------------------\n\n- Issue log messages instead of exceptions for invalid credentials. [lovelle]\n\n\n3.0.1 (2014-05-19)\n------------------\n\n- Updated documentation\n\n\n3.0.0 (2014-05-19)\n------------------\n\n- Major code cleanup\n- Deprecated ``LDAPBaseAuthenticatorPlugin``\n-\n- No longer accepts ldap_connection since in order to ensure connections are\n closed.\n- Allows to aliasing of LDAP properties\n- Switched group ``naming_attribute`` to ``returned_id``\n\n\n2.0.0 (2014-04-29)\n------------------\n\n- Forked original project\n (https://pypi.python.org/pypi/repoze.who.plugins.ldap)\n- Updated to work with repoze.who v2 API\n- Python 3.4 compatibility\n- Allows to aliasing of LDAP properties\n- Added group metadata provider\n\n\n1.2 Alpha 2 (unreleased)\n------------------------\n\n- Fixed installation problems under Windows (`Bug #608622\n `_).\n\n\n1.1 Alpha 1 (2010-01-03)\n------------------------\n\n- Changed the license to the `Repoze license `_.\n- Provided ``start_tls`` option both for the authenticator and the metadata\n provider.\n- Enable both pattern-replacement and subtree searches for the naming\n attribute in ``_get_dn()``.\n- Enable configuration of the naming attribute\n- Enable the option to bind to the server with privileged credential before\n doing searches\n- Add a restrict pattern to pre-authentication DN searches\n- Let the user choose whether to return the full DN or the supplied login as\n the user identifier\n\n\n1.0 (2008-09-11)\n----------------\n\nThe initial release.\n\n- Provided the LDAP authenticator, which is compatible with identifiers that\n define the 'login' item in the identity dict.\n- Included the plugin to load metadata about the authenticated user from the\n LDAP server.\n- Documented how to install and use the plugins.\n- Included Turbogears 3 demo project, using the plugin. There is also a section\n in the documentation to explain how the demo works.\n", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/m-martinez/who_ldap.git", "keywords": "ldap web application server wsgi repoze repoze.who", "license": "BSD-derived (http://www.repoze.org/LICENSE.txt)", "maintainer": "", "maintainer_email": "", "name": "who_ldap", "package_url": "https://pypi.org/project/who_ldap/", "platform": "", "project_url": "https://pypi.org/project/who_ldap/", "project_urls": { "Homepage": "https://github.com/m-martinez/who_ldap.git" }, "release_url": "https://pypi.org/project/who_ldap/4.0.0/", "requires_dist": null, "requires_python": "", "summary": "LDAP plugin for repoze.who", "version": "4.0.0" }, "last_serial": 3700477, "releases": { "2.0.0": [ { "comment_text": "", "digests": { "md5": "3f5a3917ae95310f76c66a166c68094e", "sha256": "0227731a4a6316dfbd75a1176c655e24802ee7cb3cd4d6d74f73308860f37980" }, "downloads": -1, "filename": "who_ldap-2.0.0.tar.gz", "has_sig": false, "md5_digest": "3f5a3917ae95310f76c66a166c68094e", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 16963, "upload_time": "2014-04-29T21:29:03", "url": "https://files.pythonhosted.org/packages/9b/53/ae2d415b28188fa0cde6efcdfa076ba95b8fad5d53dad9508e4592e9150c/who_ldap-2.0.0.tar.gz" } ], "3.0.0": [ { "comment_text": "", "digests": { "md5": "3d830d1dc32dc2571a7a02e5e3846e8d", "sha256": "3524f95ae7adf61bf3c28fec92fbe6672a16ee39171595188b4315cde1aee53f" }, "downloads": -1, "filename": "who_ldap-3.0.0.tar.gz", "has_sig": false, "md5_digest": "3d830d1dc32dc2571a7a02e5e3846e8d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 15605, "upload_time": "2014-05-19T22:05:52", "url": "https://files.pythonhosted.org/packages/dd/53/a13ae9e15210ac1b7bd8d257dc2bf688fc9b2b7fde2890b7a3c2f1b212cb/who_ldap-3.0.0.tar.gz" } ], "3.0.1": [ { "comment_text": "", "digests": { "md5": "d2398668c6e927fca2a920049052e4de", "sha256": "f61e59a1dc7fdf45626d972916a0a5ed960fb88099455105af9f5c0cdb81b275" }, "downloads": -1, "filename": "who_ldap-3.0.1.tar.gz", "has_sig": false, "md5_digest": "d2398668c6e927fca2a920049052e4de", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 15868, "upload_time": "2014-05-19T22:24:24", "url": "https://files.pythonhosted.org/packages/8d/2e/a8ffc63b0c3abd4e8759c35a500a063ba1af7198d1f236267c5b3d804cf9/who_ldap-3.0.1.tar.gz" } ], "3.0.2": [ { "comment_text": "", "digests": { "md5": "6f41d8cb8534b3c33763d7953dbe9b51", "sha256": "9ed809c53b3f7804effa582e8cfd8c13645ccb2ae7842bc5ca3c9ee5af118257" }, "downloads": -1, "filename": "who_ldap-3.0.2.tar.gz", "has_sig": false, "md5_digest": "6f41d8cb8534b3c33763d7953dbe9b51", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 16005, "upload_time": "2014-06-11T17:52:03", "url": "https://files.pythonhosted.org/packages/21/09/0468a04470a46a1e26db05a8e088e717fd52da844aad6acae2ac3d2faf4a/who_ldap-3.0.2.tar.gz" } ], "3.1.0": [ { "comment_text": "", "digests": { "md5": "d21eef2706219f62c767d35b38a684ae", "sha256": "67b0996146a4b01528d423cd8f2288ad9f431981bd6f5e91f5fadb75c2e3c8ae" }, "downloads": -1, "filename": "who_ldap-3.1.0.tar.gz", "has_sig": false, "md5_digest": "d21eef2706219f62c767d35b38a684ae", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 16412, "upload_time": "2015-02-09T22:15:11", "url": "https://files.pythonhosted.org/packages/a1/78/0753a67f211e065c4eb710215fd7b9b9092d10cf438dd8b26f2543752344/who_ldap-3.1.0.tar.gz" } ], "3.1.0b1": [ { "comment_text": "", "digests": { "md5": "60c74121ad4201247759e8620697143d", "sha256": "cc009fa97f0209a30c8a99cac7019fa363ce312cc3fc7bfa063af030421937fe" }, "downloads": -1, "filename": "who_ldap-3.1.0b1.tar.gz", "has_sig": false, "md5_digest": "60c74121ad4201247759e8620697143d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 16297, "upload_time": "2015-01-08T23:39:02", "url": "https://files.pythonhosted.org/packages/7b/89/db35c12bc9b6e7bb839bdc08342dd4c822962434d9f1c5d75c2630735098/who_ldap-3.1.0b1.tar.gz" } ], "3.1.0b2": [ { "comment_text": "", "digests": { "md5": "545ca590d66a7e36a87e1a69820f8486", "sha256": "a5e4e428b66249739f3d1d15524d7138537ee7fbf14b0e6746956b895532ef68" }, "downloads": -1, "filename": "who_ldap-3.1.0b2.tar.gz", "has_sig": false, "md5_digest": "545ca590d66a7e36a87e1a69820f8486", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 16439, "upload_time": "2015-02-03T01:08:01", "url": "https://files.pythonhosted.org/packages/93/ce/a74a335df10de4ffc588f4351664c7f67ea460ac79dfc3527a10bd6b6eb9/who_ldap-3.1.0b2.tar.gz" } ], "3.2.0": [], "3.2.1": [ { "comment_text": "", "digests": { "md5": "1c26e8297101bd6f00e70a743b6d7754", "sha256": "8559181486486db6ec7f53617552b0a90eb9e7c62223098ad89247df4c02f5b1" }, "downloads": -1, "filename": "who_ldap-3.2.1.tar.gz", "has_sig": false, "md5_digest": "1c26e8297101bd6f00e70a743b6d7754", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 16208, "upload_time": "2016-06-22T22:21:19", "url": "https://files.pythonhosted.org/packages/84/94/1c2321f7dbcc603a4921e04c1474851e58b17dfe25ed991c5d8fc2949de0/who_ldap-3.2.1.tar.gz" } ], "3.2.2": [ { "comment_text": "", "digests": { "md5": "134c31cc0f8d47c9950e160c2374cdcf", "sha256": "b990818130fe908ef866c606d997207c4d3094351aedaba3ae231ac40b7274c9" }, "downloads": -1, "filename": "who_ldap-3.2.2.tar.gz", "has_sig": false, "md5_digest": "134c31cc0f8d47c9950e160c2374cdcf", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 16510, "upload_time": "2017-02-16T01:15:02", "url": "https://files.pythonhosted.org/packages/be/54/e118c1295e7808dac92358721bfbc5d52d6b98bd59912cc67da9341a5c56/who_ldap-3.2.2.tar.gz" } ], "4.0.0": [ { "comment_text": "", "digests": { "md5": "26fd5643e67bb3d4572b93f7f15d41d6", "sha256": "d2cfd10fce5b8723348e61052cf2b9251a97f2dba5e89fceb82122872f37cb16" }, "downloads": -1, "filename": "who_ldap-4.0.0.tar.gz", "has_sig": false, "md5_digest": "26fd5643e67bb3d4572b93f7f15d41d6", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13588, "upload_time": "2018-03-23T22:37:26", "url": "https://files.pythonhosted.org/packages/9b/7a/08e84a2f09aa5bea5d2cd67cff9f529d269bff3d711b817cf964c2c06eb7/who_ldap-4.0.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "26fd5643e67bb3d4572b93f7f15d41d6", "sha256": "d2cfd10fce5b8723348e61052cf2b9251a97f2dba5e89fceb82122872f37cb16" }, "downloads": -1, "filename": "who_ldap-4.0.0.tar.gz", "has_sig": false, "md5_digest": "26fd5643e67bb3d4572b93f7f15d41d6", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13588, "upload_time": "2018-03-23T22:37:26", "url": "https://files.pythonhosted.org/packages/9b/7a/08e84a2f09aa5bea5d2cd67cff9f529d269bff3d711b817cf964c2c06eb7/who_ldap-4.0.0.tar.gz" } ] }