55import hashlib
66from datetime import datetime
77
8- import ldap
8+ from ldap3 import Server , Connection , ALL
9+ from ldap3 .core .exceptions import LDAPBindError , LDAPCertificateError
910from flask import current_app
1011from flask_sqlalchemy import BaseQuery
1112
@@ -57,9 +58,7 @@ def authenticate_with_key(self, key, secret, args, path):
5758 return user , authenticated
5859
5960 def authenticate_with_ldap (self , username , password ):
60- ldap_conn = ldap .initialize (current_app .config .get ('LDAP_SERVER' ))
61- ldap_conn .protocol_version = 3
62- ldap_conn .set_option (ldap .OPT_REFERRALS , 0 )
61+ server = Server (current_app .config .get ('LDAP_SERVER' ), get_info = ALL )
6362 if '@' in username :
6463 email = username
6564 who = current_app .config .get ('LDAP_USER_DN' ).format (username .split ('@' )[0 ])
@@ -70,11 +69,12 @@ def authenticate_with_ldap(self, username, password):
7069 username = username .split ('@' )[0 ]
7170 user = self .get_by_username (username )
7271 try :
73-
7472 if not password :
75- raise ldap . INVALID_CREDENTIALS
73+ raise LDAPCertificateError
7674
77- ldap_conn .simple_bind_s (who , password )
75+ conn = Connection (server , user = who , password = password )
76+ conn .bind ()
77+ conn .unbind ()
7878
7979 if not user :
8080 from api .lib .perm .acl .user import UserCRUD
@@ -84,7 +84,7 @@ def authenticate_with_ldap(self, username, password):
8484 op_record .apply_async (args = (None , username , OperateType .LOGIN , ["ACL" ]), queue = ACL_QUEUE )
8585
8686 return user , True
87- except ldap . INVALID_CREDENTIALS :
87+ except LDAPBindError :
8888 return user , False
8989
9090 def search (self , key ):
0 commit comments