Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- """
- authen_msad
- A port of Perl's Apache::AuthenMSAD
- Takes advantage of Microsoft Active Directory allowing a user to be verified
- with 'user@domain' instead of searching for the distinguished name.
- To merge as seamlessly as possible with existing systems (i.e. SharePoint,
- etc.) munge the incoming 'domain\user' into 'user@domain'.
- Usage:
- <Location /directory.to.protect/>
- AddHandler mod_python .py
- PythonHandler authen_msad
- PythonAuthenHandler authen_msad
- PythonOption authen_msad.ldap_url ldap://<server ip address>:1234/
- AuthType Basic
- AuthName "This Content is Protected"
- require valid-user
- </Location>
- """
- from mod_python import apache
- import ldap
- def authenhandler(req):
- """This function gets called by mod_python to handle Apache's authentication phase"""
- try:
- LDAP_PASSWORD = req.get_basic_auth_pw()
- LDAP_DOMAIN, LDAP_USER = req.user.split("\\")
- LDAP_SERVER = req.get_options().get('authen_msad.ldap_url')
- except:
- return apache.HTTP_UNAUTHORIZED
- try:
- ldap_client = ldap.initialize(LDAP_SERVER)
- ldap_client.simple_bind_s("%s@%s" % (LDAP_USER, LDAP_DOMAIN), LDAP_PASSWORD)
- return apache.OK
- except ldap.INVALID_CREDENTIALS:
- return apache.HTTP_UNAUTHORIZED
- except ldap.SERVER_DOWN:
- return apache.HTTP_EXPECTATION_FAILED
Add Comment
Please, Sign In to add comment