Merge branch 'master' into 'master'
Improved ldap handling & docs; binds against AD == New config options - adds port and encryption options for binding over SSL/TLS - adds 'searchattr' option, the LDAP attribute to search on, defaults to 'uid' == LdapLoader.fetch() changes: - uses python format() to render the search attribute and search value into the search filter - if search filter is not specified, uses a simple attr=value search filter - returns DN and CN of the object if found == LdapLoader.check() changes: - binds to the LDAP server using the DN found in fetch(). Previously it was trying to bind using 'uid' and the search base which would not work for non-POSIX accounts or objects found in sub-trees. == LdapUser.__init__() changes: - records the DN of the user in order to re-bind as that object == LdapUser.login() changes: - searches for the user again to prevent binding as a disabled user. In AD, a user may still be able to bind even though their userAccountControl attribute prevents them from logging in to a host. This check overrides the cached result in case the account was disabled since last login. - disables the user if it can no longer be found in LDAP. == Overall improvements - better documentation of the classes and functions = TODO - add better user documentation explaining the new config options and how search filter should be used properly. See merge request !1 Closes #63
Showing with 129 additions and 34 deletions