.. image:: https://img.shields.io/pypi/v/cone.ldap.svg
:target: https://pypi.python.org/pypi/cone.ldap
:alt: Latest PyPI version
.. image:: https://img.shields.io/pypi/dm/cone.ldap.svg
:target: https://pypi.python.org/pypi/cone.ldap
:alt: Number of PyPI downloads
.. image:: https://travis-ci.org/bluedynamics/cone.ldap.svg?branch=master
:target: https://travis-ci.org/bluedynamics/cone.ldap
.. image:: https://coveralls.io/repos/github/bluedynamics/cone.ldap/badge.svg?branch=master
:target: https://coveralls.io/github/bluedynamics/cone.ldap?branch=master
Plugin for `cone.app <http://packages.python.org/cone.app>`_ providing LDAP
integration.
Features
--------
- LDAP access via ``node.ext.ldap``
- Application integration into ``cone.app``
- Integration into ``cone.ugm``
- POSIX support
- Samba support
Development Setup
=================
Prerequirements
---------------
``lxml``, ``python-ldap`` and ``openldap`` gets compiled, the required dev
headers must be installed on the system.
On debian based systems install:
.. code-block:: shell
$ apt-get install -y libxml2-dev libxslt1-dev
$ apt-get install -y libsasl2-dev libssl-dev libdb-dev
Installation
------------
``cone.ldap`` contains a buildout configuration. Download or checkout package
and run:
.. code-block:: shell
cone.ldap$ ./bootstrap.sh python3
Start Test LDAP server with appropriate LDIF layer:
.. code-block:: shell
cone.ldap$ ./bin/testldap start groupOfNames_10_10
Start the application:
.. code-block:: shell
cone.ldap$ ./bin/pserve cfg/gon_10_10/ldap_gon_10_10.ini
and browse ``http://localhost:8081/``. Default ``admin`` user password is
``admin``.
The "roles" behavior in the principal form is only displayed if roles
configuration is sane. The LDIF imported for test layer does not provide the
roles container by default. Browse "Settings -> LDAP Roles" and perform
"create roles container" action if you want to enable roles in the demo.
**Note**: If ``python_ldap`` fails, don't use buildout offline mode!
Configuration and Customization
===============================
General
-------
For customizing the plugin, make an integration package and include it in
your setup.
Application configuration
-------------------------
To define the LDAP related configuration locations, provide the following
settings in your application ini file.
.. code-block:: ini
# LDAP UGM backend activation
ugm.backend = ldap
# Basic LDAP server configuration
ldap.server_config = /path/to/ldap_server.xml
# LDAP UGM backend related configuration
ldap.users_config = /path/to/ldap_users.xml
ldap.groups_config = /path/to/ldap_groups.xml
ldap.roles_config = /path/to/ldap_roles.xml
Examples of these configuration file can be found at ``cfg`` folder of the
source package.
UGM Default values and default value callbacks
----------------------------------------------
Depending on the LDAP object classes used for users and groups, more or less
attributes are required for the entries. Maybe not all of these attributes
should be visible to the user. Some might even require to be computed.
Therefor the plugin supports default values and default value callbacks.
Default values and callbacks are registered via ``factory_defaults.users``,
``factory_defaults.groups`` and ``factory_defaults.roles``.
.. code-block:: python
from cone.ldap.settings import factory_defaults
The factory defaults can be static values.
.. code-block:: python
factory_defaults.user['someField'] = '12345'
Default value callbacks get the principal node and id as attributes.
.. code-block:: python
def some_field_callback(node, id):
return 'some computed value'
factory_defaults.user['someField'] = some_field_callback
Samba support
-------------
Example configuration to enable samba support.
.. code-block:: python
from cone.ldap.settings import factory_defaults
from node.ext.ldap.ugm import posix
from node.ext.ldap.ugm import shadow
from node.ext.ldap.ugm import samba
samba.SAMBA_LOCAL_SID = 'S-1-5-21-1234567890-1234567890-1234567890'
samba.SAMBA_DEFAULT_DOMAIN = 'yourdomain'
samba.SAMBA_PRIMARY_GROUP_SID = 'S-1-5-21-1234567890-1234567890-1234567890-123'
user = factory_defaults.user
user['gidNumber'] = posix.memberGid
user['loginShell'] = posix.loginShell
user['shadowFlag'] = shadow.shadowFlag
user['shadowMin'] = shadow.shadowMin
user['shadowMax'] = shadow.shadowMax
user['shadowWarning'] = shadow.shadowWarning
user['shadowInactive'] = shadow.shadowInactive
user['shadowLastChange'] = shadow.shadowLastChange
user['shadowExpire'] = shadow.shadowExpire
user['sambaSID'] = samba.sambaUserSID
user['sambaDomainName'] = samba.sambaDomainName
user['sambaPrimaryGroupSID'] = samba.sambaPrimaryGroupSID
user['sambaAcctFlags'] = samba.sambaAcctFlags
user['sambaPwdLastSet'] = samba.sambaPwdLastSet
group = factory_defaults.group
factory_defaults.group['memberUid'] = posix.memberUid
Contributors
============
- Robert Niederreiter (Author)
Changes
=======
0.2 (2022-12-05)
----------------
- Move ``users_expires_attr`` and ``users_expires_unit`` settings from cone.ugm,
since they always have been used only for LDAP UGM backend.
0.1 (2020-07-09)
----------------
- Initial release.
License
=======
Copyright (c) 2019-2021, BlueDynamics Alliance, Austria
Copyright (c) 2021-2022, Cone Contributors
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this
list of conditions and the following disclaimer in the documentation and/or
other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Raw data
{
"_id": null,
"home_page": "http://github.com/conestack/cone.ldap",
"name": "cone.ldap",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "",
"author": "Cone Contributors",
"author_email": "dev@conestack.org",
"download_url": "https://files.pythonhosted.org/packages/48/6d/f096cda9f67ed7d066b703732cc5e354aae67b1d8f5945b8d4f38cca8c24/cone.ldap-0.2.tar.gz",
"platform": null,
"description": ".. image:: https://img.shields.io/pypi/v/cone.ldap.svg\n :target: https://pypi.python.org/pypi/cone.ldap\n :alt: Latest PyPI version\n\n.. image:: https://img.shields.io/pypi/dm/cone.ldap.svg\n :target: https://pypi.python.org/pypi/cone.ldap\n :alt: Number of PyPI downloads\n\n.. image:: https://travis-ci.org/bluedynamics/cone.ldap.svg?branch=master\n :target: https://travis-ci.org/bluedynamics/cone.ldap\n\n.. image:: https://coveralls.io/repos/github/bluedynamics/cone.ldap/badge.svg?branch=master\n :target: https://coveralls.io/github/bluedynamics/cone.ldap?branch=master\n\nPlugin for `cone.app <http://packages.python.org/cone.app>`_ providing LDAP\nintegration.\n\n\nFeatures\n--------\n\n- LDAP access via ``node.ext.ldap``\n- Application integration into ``cone.app``\n- Integration into ``cone.ugm``\n- POSIX support\n- Samba support\n\n\nDevelopment Setup\n=================\n\nPrerequirements\n---------------\n\n``lxml``, ``python-ldap`` and ``openldap`` gets compiled, the required dev\nheaders must be installed on the system.\n\nOn debian based systems install:\n\n.. code-block:: shell\n\n $ apt-get install -y libxml2-dev libxslt1-dev\n $ apt-get install -y libsasl2-dev libssl-dev libdb-dev\n\n\nInstallation\n------------\n\n``cone.ldap`` contains a buildout configuration. Download or checkout package\nand run:\n\n.. code-block:: shell\n\n cone.ldap$ ./bootstrap.sh python3\n\nStart Test LDAP server with appropriate LDIF layer:\n\n.. code-block:: shell\n\n cone.ldap$ ./bin/testldap start groupOfNames_10_10\n\nStart the application:\n\n.. code-block:: shell\n\n cone.ldap$ ./bin/pserve cfg/gon_10_10/ldap_gon_10_10.ini\n\nand browse ``http://localhost:8081/``. Default ``admin`` user password is\n``admin``.\n\nThe \"roles\" behavior in the principal form is only displayed if roles\nconfiguration is sane. The LDIF imported for test layer does not provide the\nroles container by default. Browse \"Settings -> LDAP Roles\" and perform\n\"create roles container\" action if you want to enable roles in the demo.\n\n**Note**: If ``python_ldap`` fails, don't use buildout offline mode!\n\n\nConfiguration and Customization\n===============================\n\nGeneral\n-------\n\nFor customizing the plugin, make an integration package and include it in\nyour setup.\n\n\nApplication configuration\n-------------------------\n\nTo define the LDAP related configuration locations, provide the following\nsettings in your application ini file.\n\n.. code-block:: ini\n\n # LDAP UGM backend activation\n ugm.backend = ldap\n\n # Basic LDAP server configuration\n ldap.server_config = /path/to/ldap_server.xml\n\n # LDAP UGM backend related configuration\n ldap.users_config = /path/to/ldap_users.xml\n ldap.groups_config = /path/to/ldap_groups.xml\n ldap.roles_config = /path/to/ldap_roles.xml\n\nExamples of these configuration file can be found at ``cfg`` folder of the\nsource package.\n\n\nUGM Default values and default value callbacks\n----------------------------------------------\n\nDepending on the LDAP object classes used for users and groups, more or less\nattributes are required for the entries. Maybe not all of these attributes\nshould be visible to the user. Some might even require to be computed.\nTherefor the plugin supports default values and default value callbacks.\n\nDefault values and callbacks are registered via ``factory_defaults.users``,\n``factory_defaults.groups`` and ``factory_defaults.roles``.\n\n.. code-block:: python\n\n from cone.ldap.settings import factory_defaults\n\nThe factory defaults can be static values.\n\n.. code-block:: python\n\n factory_defaults.user['someField'] = '12345'\n\nDefault value callbacks get the principal node and id as attributes.\n\n.. code-block:: python\n\n def some_field_callback(node, id):\n return 'some computed value'\n\n factory_defaults.user['someField'] = some_field_callback\n\n\nSamba support\n-------------\n\nExample configuration to enable samba support.\n\n.. code-block:: python\n\n from cone.ldap.settings import factory_defaults\n from node.ext.ldap.ugm import posix\n from node.ext.ldap.ugm import shadow\n from node.ext.ldap.ugm import samba\n\n samba.SAMBA_LOCAL_SID = 'S-1-5-21-1234567890-1234567890-1234567890'\n samba.SAMBA_DEFAULT_DOMAIN = 'yourdomain'\n samba.SAMBA_PRIMARY_GROUP_SID = 'S-1-5-21-1234567890-1234567890-1234567890-123'\n\n user = factory_defaults.user\n user['gidNumber'] = posix.memberGid\n user['loginShell'] = posix.loginShell\n user['shadowFlag'] = shadow.shadowFlag\n user['shadowMin'] = shadow.shadowMin\n user['shadowMax'] = shadow.shadowMax\n user['shadowWarning'] = shadow.shadowWarning\n user['shadowInactive'] = shadow.shadowInactive\n user['shadowLastChange'] = shadow.shadowLastChange\n user['shadowExpire'] = shadow.shadowExpire\n user['sambaSID'] = samba.sambaUserSID\n user['sambaDomainName'] = samba.sambaDomainName\n user['sambaPrimaryGroupSID'] = samba.sambaPrimaryGroupSID\n user['sambaAcctFlags'] = samba.sambaAcctFlags\n user['sambaPwdLastSet'] = samba.sambaPwdLastSet\n\n group = factory_defaults.group\n factory_defaults.group['memberUid'] = posix.memberUid\n\n\nContributors\n============\n\n- Robert Niederreiter (Author)\n\n\nChanges\n=======\n\n0.2 (2022-12-05)\n----------------\n\n- Move ``users_expires_attr`` and ``users_expires_unit`` settings from cone.ugm,\n since they always have been used only for LDAP UGM backend.\n\n\n0.1 (2020-07-09)\n----------------\n\n- Initial release.\n\n\nLicense\n=======\n\nCopyright (c) 2019-2021, BlueDynamics Alliance, Austria\nCopyright (c) 2021-2022, Cone Contributors\nAll rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\n* Redistributions of source code must retain the above copyright notice, this\n list of conditions and the following disclaimer.\n\n* Redistributions in binary form must reproduce the above copyright notice, this\n list of conditions and the following disclaimer in the documentation and/or\n other materials provided with the distribution.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND\nANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\nWARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES\n(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\nLOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND\nON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\nSOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\n\n",
"bugtrack_url": null,
"license": "Simplified BSD",
"summary": "LDAP integration for cone.app",
"version": "0.2",
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"md5": "d32857bb3862ba735565eb7e6c925843",
"sha256": "27ada4678d634fd3c39a615357a4855b7351d8a4b140429cd0c26dee6eb5d7e4"
},
"downloads": -1,
"filename": "cone.ldap-0.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "d32857bb3862ba735565eb7e6c925843",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 40618,
"upload_time": "2022-12-05T15:32:37",
"upload_time_iso_8601": "2022-12-05T15:32:37.506281Z",
"url": "https://files.pythonhosted.org/packages/f7/20/e458a5497e8b3982fd6514bee7a3e5808fad080d5ff31b8fe9f88017bb95/cone.ldap-0.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"md5": "c8b76eb87549eb2159eadbd11ef28435",
"sha256": "deb3063d84505a644c7823d7794168548cafe2dc2a44d7c374487b1ea939d8e7"
},
"downloads": -1,
"filename": "cone.ldap-0.2.tar.gz",
"has_sig": false,
"md5_digest": "c8b76eb87549eb2159eadbd11ef28435",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 33794,
"upload_time": "2022-12-05T15:32:40",
"upload_time_iso_8601": "2022-12-05T15:32:40.313561Z",
"url": "https://files.pythonhosted.org/packages/48/6d/f096cda9f67ed7d066b703732cc5e354aae67b1d8f5945b8d4f38cca8c24/cone.ldap-0.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2022-12-05 15:32:40",
"github": true,
"gitlab": false,
"bitbucket": false,
"github_user": "conestack",
"github_project": "cone.ldap",
"travis_ci": true,
"coveralls": false,
"github_actions": false,
"lcname": "cone.ldap"
}