diff --git a/config.cfg.sample b/config.cfg.sample index 28c7109..a57985e 100644 --- a/config.cfg.sample +++ b/config.cfg.sample @@ -12,6 +12,5 @@ DEBUG = True LDAP_HOST = "aw2clouddc01.hpcloud.ms" LDAP_DOMAIN = "hpcloud.ms" -LDAP_BASE = "CN=Users,DC=hpcloud,DC=ms" BACKDOOR_AUTH = True diff --git a/ephemeral_ca/__init__.py b/ephemeral_ca/__init__.py index 911cee6..c3b9403 100644 --- a/ephemeral_ca/__init__.py +++ b/ephemeral_ca/__init__.py @@ -10,19 +10,30 @@ import sys import time import uuid import yaml +import ldap from flask import Flask, request, redirect, Response -from flask.ext.ldap import LDAP app = Flask(__name__) app.config.from_pyfile(os.environ.get('EPHEMERAL_CA_SETTINGS', 'config.cfg')) -ldap = LDAP(app) + + +def ldap_login(user, secret): + ldo = ldap.initialize("ldap://%s" % (app.config['LDAP_HOST'],)) + ldo.set_option(ldap.OPT_REFERRALS, 0) + try: + ldo.simple_bind_s("%s@%s" % (user, app.config['LDAP_DOMAIN']), secret) + return True + except ldap.INVALID_CREDENTIALS: + return False + def auth(user, secret): if app.config['BACKDOOR_AUTH']: - return secret=='woot' and user=='woot' + if secret=='woot' and user=='woot': + return True - return ldap.ldap_login(user, secret) + return ldap_login(user, secret) def sign(csr,encoding): diff --git a/setup.py b/setup.py index c0d55c9..3f54c8a 100755 --- a/setup.py +++ b/setup.py @@ -10,7 +10,7 @@ setup( install_requires=[ 'm2crypto', 'flask', - 'flask-ldap', + 'python-ldap', 'setuptools>=1.0', ], setup_requires=[