module ldap : no module named .py
David Hláčik
david at hlacik.eu
Thu Jun 5 15:50:05 CEST 2008
Hello, i am trying to write python authentification hook for
InternetNewsService (INN) using *python-ldap module*
I have created nnrpd_auth.py ,which is working for me, when i am calling it
from my test.py script.
Alltought when i pass it to INN, when INN calls nnrpd_auth.py and comes to
line *when ldap module is used first time* it will return error
"no module named.py"
I will post you my test.py and nnrpd_auth.py.
test.py i am using to debug my
nnrpd_auth.py. Trought test.py as i mentioned nnrpd_auth.py is working (ldap
module will load fine and post results)
Is there some bug, or am i blind and forgetting about somethin?
I am using it on CentOs5.1 with python-2.4.3-19.el5 and
python-ldap-2.2.0-2.1
----------------nnrpd_auth.py----------------------
class AUTH:
"""Provide authentication and authorization callbacks to nnrpd."""
def __init__(self):
"""This is a good place to initialize variables or open a
database connection.
"""
# Create a list of NNTP codes to respond on connect
self.connectcodes = { 'READPOST':200,
'READ':201,
'AUTHNEEDED':480,
'PERMDENIED':502
}
# Create a list of NNTP codes to respond on authentication
self.authcodes = { 'ALLOWED':281,
'DENIED':502
}
#LDAP search definitions
self.server = 'ldap://dev01.net.hlacik.eu'
self.user_dn = 'cn=pdg,ou=Operators,o=Polarion'
self.user_pw = 'Pdg1'
self.base_dn_users = 'ou=Users,o=Polarion'
self.base_dn_groups = 'ou=Groups,o=Polarion'
syslog('notice', 'nnrpd authentication class instance created')
def __newsauth(self,match_username,match_password):
filter = "(uid=" + match_username + ")"
attrs = ['userPassword']
try :
l = ldap.initialize(self.server)
l.bind_s(self.user_dn, self.user_pw)
search = l.search_s( self.base_dn_users, ldap.SCOPE_SUBTREE,
filter, attrs
)[0][1]
l.unbind()
except ldap.SERVER_DOWN:
syslog('notice', 'Error, server down')
return 2
except ldap.INVALID_CREDENTIALS:
syslog('Notice','Error, invalid credentials"')
return 2
except ldap.LDAPError, e:
syslog('Notice', "Error, %s" % e)
for password in search["userPassword"]:
if password == match_password: return 1
return 0
def newsaccess(self,match_username,match_password):
filter = "(uid=" + match_username + ")"
attrs = ['cn']
try :
l = ldap.initialize(self.server)
l.bind_s(self.user_dn, self.user_pw)
cn = l.search_s( self.base_dn_users, ldap.SCOPE_SUBTREE,
filter, attrs )[0]
[0]
raw_res = l.search_s( self.base_dn_groups,
ldap.SCOPE_SUBTREE, "(member=" +
cn + ")",attrs)
l.unbind()
except ldap.SERVER_DOWN:
syslog('notice', 'Error, LDAP server down')
return 2
except ldap.INVALID_CREDENTIALS:
syslog('Notice','Error, invalid LDAP credentials"')
return 2
except ldap.LDAPError, e:
syslog('Notice', "LDAP error, %s" % e)
return raw_res
def authenticate(self, attributes):
"""Called when python_auth is encountered in readers.conf"""
# just for debugging purposes
syslog('notice', 'n_a authenticate() invoked: hostname %s, ipaddress
%s, interface
%s, user %s' % (\
attributes['hostname'], \
attributes['ipaddress'], \
attributes['interface'], \
attributes['user']))
# username & password auth using LDAP
try:
if
self.__newsauth(str(attributes['user']),str(attributes['pass'])):
syslog('notice', 'authentication by username
succeeded')
return ( self.authcodes['ALLOWED'], 'No error',
'default_user')
else:
syslog('notice', 'authentication by username
failed')
return ( self.authcodes['DENIED'], 'Access
Denied!')
except Exception, e:
syslog('notice', "Error: %s" % e)
def access(self, attributes):
"""Called when python_access is encountered in readers.conf"""
# just for debugging purposes
syslog('notice', 'n_a access() invoked: hostname %s, ipaddress %s,
interface %s, us
er %s' % (\
attributes['hostname'], \
attributes['ipaddress'], \
attributes['interface'], \
attributes['user']))
# allow newsreading from specific host only
if '127.0.0.1' == str(attributes['ipaddress']):
syslog('notice', 'authentication by IP address succeeded')
return {'read':'*','post':'*'}
else:
syslog('notice', 'authentication by IP address failed')
return {'read':'!*','post':'!*'}
def dynamic(self, attributes):
"""Called when python_dynamic was reached in the processing of
readers.conf and a reader requests either read or post
permission for particular newsgroup.
"""
# just for debugging purposes
syslog('notice', 'n_a dyanmic() invoked against type %s, hostname
%s, ipaddress %s,
interface %s, user %s' % (\
attributes['type'], \
attributes['hostname'], \
attributes['ipaddress'], \
attributes['interface'], \
attributes['user']))
# Allow reading of any newsgroup but not posting
if 'post' == str(attributes['type']):
syslog('notice', 'authorization for post access denied')
return "no posting for you"
elif 'read' == str(attributes['type']):
syslog('notice', 'authorization for read access granted')
return None
else:
syslog('notice', 'authorization type is not known: %s' %
attributes['type'])
return "Internal error";
#
# The rest is used to hook up the auth module on nnrpd. It is unlikely
# you will ever need to modify this.
#
# Import functions exposed by nnrpd. This import must succeed, or nothing
# will work!
from nnrpd import *
#from ldap import *
import ldap
# Create a class instance
myauth = AUTH()
# ...and try to hook up on nnrpd. This would make auth object methods
visible
# to nnrpd.
try:
set_auth_hook(myauth)
syslog('notice', "authentication module successfully hooked into nnrpd")
except Exception, errmsg:
syslog('error', "Cannot obtain nnrpd hook for authentication method: %s"
% errmsg[0])
----test.py----------
from nnrpd_auth import *
myauth = AUTH()
#print dir(myauth)
print
myauth.authenticate({'user':'boss','pass':'xxx','interface':None,'ipaddress':
None,'hostname':None})
#print myauth.newsauth('boss','22')
#print myauth.newsaccess('boss','xxx')
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20080605/8e97395b/attachment.html>
More information about the python-ldap
mailing list