mirrors/Radicale
1
0
Fork 0
mirror of https://github.com/Kozea/Radicale.git synced 2025-04-01 20:27:37 +03:00
Code Issues Projects Releases Packages Wiki Activity

Support loading ldap secret from file

Browse source
This commit is contained in:
Bishtawi 2024-07-30 00:22:07 -07:00
parent 687624a403
commit ee2af306d7
8 changed files with 33 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

10
DOCUMENTATION.md
View file

@ -824,7 +824,13 @@ Default:
##### ldap_secret ##### ldap_secret
The password of the ldap_reader_dn. This parameter must be provided if auth type is ldap. The password of the ldap_reader_dn. Either this parameter or `ldap_secret_file` must be provided if auth type is ldap.
Default:
##### ldap_secret_file
Path of the file containing the password of the ldap_reader_dn. Either this parameter or `ldap_secret` must be provided if auth type is ldap.
Default: Default:
@ -869,7 +875,7 @@ Default:
##### lc_username ##### lc_username
Сonvert username to lowercase, must be true for case-insensitive auth Сonvert username to lowercase, must be true for case-insensitive auth
providers like ldap, kerberos providers like ldap, kerberos
Default: `False` Default: `False`

2
Dockerfile
View file

@ -5,7 +5,7 @@ FROM python:3-alpine AS builder
# Version of Radicale (e.g. v3) # Version of Radicale (e.g. v3)
ARG VERSION=master ARG VERSION=master
# Optional dependencies (e.g. bcrypt) # Optional dependencies (e.g. bcrypt or ldap)
ARG DEPENDENCIES=bcrypt ARG DEPENDENCIES=bcrypt
RUN apk add --no-cache --virtual gcc libffi-dev musl-dev \ RUN apk add --no-cache --virtual gcc libffi-dev musl-dev \

2
Dockerfile.dev
View file

@ -1,6 +1,6 @@
FROM python:3-alpine AS builder FROM python:3-alpine AS builder
# Optional dependencies (e.g. bcrypt) # Optional dependencies (e.g. bcrypt or ldap)
ARG DEPENDENCIES=bcrypt ARG DEPENDENCIES=bcrypt
COPY . /app COPY . /app

3
config
View file

@ -68,6 +68,9 @@
# Password of the reader DN # Password of the reader DN
#ldap_secret = ldapreader-secret #ldap_secret = ldapreader-secret
# Path of the file containing password of the reader DN
#ldap_secret_file = /run/secrets/ldap_password
# If the ldap groups of the user need to be loaded # If the ldap groups of the user need to be loaded
#ldap_load_groups = True #ldap_load_groups = True

1
pyproject.toml
View file

@ -41,6 +41,7 @@ dependencies = [
[project.optional-dependencies] [project.optional-dependencies]
test = ["pytest>=7", "waitress", "bcrypt"] test = ["pytest>=7", "waitress", "bcrypt"]
bcrypt = ["bcrypt"] bcrypt = ["bcrypt"]
ldap = ["ldap3"]
[project.scripts] [project.scripts]
radicale = "radicale.__main__:run" radicale = "radicale.__main__:run"

15
radicale/auth/ldap.py
View file

@ -16,11 +16,12 @@
""" """
Authentication backend that checks credentials with a ldap server. Authentication backend that checks credentials with a ldap server.
Following parameters are needed in the configuration: Following parameters are needed in the configuration:
ldap_uri The ldap url to the server like ldap://localhost ldap_uri The ldap url to the server like ldap://localhost
ldap_base The baseDN of the ldap server ldap_base The baseDN of the ldap server
ldap_reader_dn The DN of a ldap user with read access to get the user accounts ldap_reader_dn The DN of a ldap user with read access to get the user accounts
ldap_secret The password of the ldap_reader_dn ldap_secret The password of the ldap_reader_dn
ldap_filter The search filter to find the user to authenticate by the username ldap_secret_file The path of the file containing the password of the ldap_reader_dn
ldap_filter The search filter to find the user to authenticate by the username
ldap_load_groups If the groups of the authenticated users need to be loaded ldap_load_groups If the groups of the authenticated users need to be loaded
Following parameters controls SSL connections: Following parameters controls SSL connections:
ldap_use_ssl If the connection ldap_use_ssl If the connection
@ -64,6 +65,10 @@ class Auth(auth.BaseAuth):
self._ldap_load_groups = configuration.get("auth", "ldap_load_groups") self._ldap_load_groups = configuration.get("auth", "ldap_load_groups")
self._ldap_secret = configuration.get("auth", "ldap_secret") self._ldap_secret = configuration.get("auth", "ldap_secret")
self._ldap_filter = configuration.get("auth", "ldap_filter") self._ldap_filter = configuration.get("auth", "ldap_filter")
ldap_secret_file_path = configuration.get("auth", "ldap_secret_file")
if ldap_secret_file_path:
with open(ldap_secret_file_path, 'r') as file:
self._ldap_secret = file.read().rstrip('\n')
if self._ldap_version == 3: if self._ldap_version == 3:
self._ldap_use_ssl = configuration.get("auth", "ldap_use_ssl") self._ldap_use_ssl = configuration.get("auth", "ldap_use_ssl")
if self._ldap_use_ssl: if self._ldap_use_ssl:

10
radicale/config.py
View file

@ -200,17 +200,21 @@ DEFAULT_CONFIG_SCHEMA: types.CONFIG_SCHEMA = OrderedDict([
"help": "URI to the ldap server", "help": "URI to the ldap server",
"type": str}), "type": str}),
("ldap_base", { ("ldap_base", {
"value": "none", "value": "",
"help": "LDAP base DN of the ldap server", "help": "LDAP base DN of the ldap server",
"type": str}), "type": str}),
("ldap_reader_dn", { ("ldap_reader_dn", {
"value": "none", "value": "",
"help": "the DN of a ldap user with read access to get the user accounts", "help": "the DN of a ldap user with read access to get the user accounts",
"type": str}), "type": str}),
("ldap_secret", { ("ldap_secret", {
"value": "none", "value": "",
"help": "the password of the ldap_reader_dn", "help": "the password of the ldap_reader_dn",
"type": str}), "type": str}),
("ldap_secret_file", {
"value": "",
"help": "path of the file containing the password of the ldap_reader_dn",
"type": str}),
("ldap_filter", { ("ldap_filter", {
"value": "(cn={0})", "value": "(cn={0})",
"help": "the search filter to find the user DN to authenticate by the username", "help": "the search filter to find the user DN to authenticate by the username",

3
setup.py.legacy
View file

@ -40,6 +40,7 @@ install_requires = ["defusedxml", "passlib", "vobject>=0.9.6",
"pika>=1.1.0", "pika>=1.1.0",
] ]
bcrypt_requires = ["bcrypt"] bcrypt_requires = ["bcrypt"]
ldap_requires = ["ldap3"]
test_requires = ["pytest>=7", "waitress", *bcrypt_requires] test_requires = ["pytest>=7", "waitress", *bcrypt_requires]
setup( setup(
@ -58,7 +59,7 @@ setup(
package_data={"radicale": [*web_files, "py.typed"]}, package_data={"radicale": [*web_files, "py.typed"]},
entry_points={"console_scripts": ["radicale = radicale.__main__:run"]}, entry_points={"console_scripts": ["radicale = radicale.__main__:run"]},
install_requires=install_requires, install_requires=install_requires,
extras_require={"test": test_requires, "bcrypt": bcrypt_requires}, extras_require={"test": test_requires, "bcrypt": bcrypt_requires, "ldap": ldap_requires},
keywords=["calendar", "addressbook", "CalDAV", "CardDAV"], keywords=["calendar", "addressbook", "CalDAV", "CardDAV"],
python_requires=">=3.8.0", python_requires=">=3.8.0",
classifiers=[ classifiers=[