pyramid_ldap3
API¶
Configuration¶
-
pyramid_ldap3.
ldap_set_login_query
(config, base_dn, filter_tmpl, scope='LEVEL', attributes=None, cache_period=0, realm=None)¶ Configurator method to set the LDAP login search.
base_dn
is the DN at which to begin the search.filter_tmpl
is a string which can be used as an LDAP filter: it should contain the replacement value%(login)s
.scope
is any valid LDAP scope value (e.g.ldap3.LEVEL
orldap3.SUBTREE
).attributes
is an optional list of attributes that shall be returned (can also be set to None orldap3.ALL_ATTRIBUTES
).cache_period
is the number of seconds to cache login search results; if it is 0 (the default), login search results will not be cached.realm
is an optional realm for this connection. This allows multiple ldap servers to be used.Example:
config.set_ldap_login_query( base_dn='CN=Users,DC=example,DC=com', filter_tmpl='(sAMAccountName=%(login)s)', scope=ldap3.LEVEL)
The registered search must return one and only one value to be considered a valid login.
-
pyramid_ldap3.
ldap_set_groups_query
(config, base_dn, filter_tmpl, scope='SUBTREE', attributes=None, cache_period=0, realm=None)¶ Configurator method to set the LDAP groups search.
base_dn
is the DN at which to begin the search.filter_tmpl
is a string which can be used as an LDAP filter: it should contain the replacement value%(userdn)s
.scope
is any valid LDAP scope value (e.g.ldap3.LEVEL
orldap3.SUBTREE
).attributes
is an optional list of attributes that shall be returned (can also be set to None orldap3.ALL_ATTRIBUTES
).cache_period
is the number of seconds to cache groups search results; if it is 0 (the default), groups search results will not be cached.realm
is an optional realm for this connection. This allows multiple ldap servers to be used.Example:
config.set_ldap_groups_query( base_dn='CN=Users,DC=example,DC=com', filter_tmpl='(&(objectCategory=group)(member=%(userdn)s))' scope=ldap3.SUBTREE)
-
pyramid_ldap3.
ldap_setup
(config, uri, bind=None, passwd=None, use_tls=False, use_pool=True, pool_size=10, pool_lifetime=3600, get_info=None, realm=None)¶ Configurator method to set up an LDAP connection pool.
uri: ldap server uri(s) [mandatory]
bind: default bind that will be used to bind a connector. default: None
passwd: default password that will be used to bind a connector. default: None
use_tls: activate TLS when connecting. default: False
use_pool: activates the connection pool. If False, will recreate a connector each time. default: True
pool_size: connection pool size. default: 10
pool_lifetime: number of seconds before recreating a new connection when using a connection pool. default: 3600
get_info: specifies if schema or server specific info shall be read for proper formatting of attributes. default: None
realm: specify a realm for this connection. This allows multiple ldap servers to be used. default: None
-
pyramid_ldap3.
includeme
(config)¶ Set up Configurator methods for pyramid_ldap3.
Usage¶
-
pyramid_ldap3.
get_ldap_connector
(request, realm=None)¶ Return the LDAP connector attached to the request.
If
pyramid.config.Configurator.ldap_setup()
was not called, using this function will raise anpyramid.exceptions.ConfigurationError
.
-
class
pyramid_ldap3.
Connector
(registry, manager, realm=None)¶ Provides API methods for accessing LDAP authentication information.
-
manager
¶ A ConnectionManager instance that can be used to perform arbitrary LDAP queries.
-
authenticate
(login, password)¶ Validate the given login name and password.
Given a login name and a password, return a tuple of
(dn, attrdict)
if the matching user if the user exists and his password is correct. Otherwise returnNone
.In a
(dn, attrdict)
return value,dn
will be the distinguished name of the authenticated user. Attrdict will be a dictionary mapping LDAP user attributes to sequences of values.A zero length password will always be considered invalid since it results in a request for “unauthenticated authentication” which should not be used for LDAP based authentication. See section 5.1.2 of RFC-4513 for a description of this behavior.
If
pyramid.config.Configurator.ldap_set_login_query()
was not called, using this function will raise anpyramid.exceptions.ConfiguratorError
.
-
user_groups
(userdn)¶ Get the groups the user belongs to.
Given a user DN, return a sequence of LDAP attribute dictionaries matching the groups of which the DN is a member. If the DN does not exist, return
None
.In a return value
[(dn, attrdict), ...]
,dn
will be the distinguished name of the group. Attrdict will be a dictionary mapping LDAP group attributes to sequences of values.If
pyramid.config.Configurator.ldap_set_groups_query()
was not called, using this function will raise anpyramid.exceptions.ConfiguratorError
-
-
pyramid_ldap3.
groupfinder
(userdn, request)¶ Groupfinder function for Pyramid.
A groupfinder implementation useful in conjunction with out-of-the-box Pyramid authentication policies. It returns the DN of each group belonging to the user specified by
userdn
to as a principal in the list of results; if the user does not exist, it returns None.