Add config options for client certificate authentication
This commit is contained in:
parent
ba1c1c87c4
commit
9bd51c650b
|
@ -572,7 +572,9 @@ def _configuration_ldap_helper(to_save, gdriveError):
|
||||||
reboot_required |= _config_string(to_save, "config_ldap_group_members_field")
|
reboot_required |= _config_string(to_save, "config_ldap_group_members_field")
|
||||||
reboot_required |= _config_checkbox(to_save, "config_ldap_openldap")
|
reboot_required |= _config_checkbox(to_save, "config_ldap_openldap")
|
||||||
reboot_required |= _config_int(to_save, "config_ldap_encryption")
|
reboot_required |= _config_int(to_save, "config_ldap_encryption")
|
||||||
|
reboot_required |= _config_string(to_save, "config_ldap_cacert_path")
|
||||||
reboot_required |= _config_string(to_save, "config_ldap_cert_path")
|
reboot_required |= _config_string(to_save, "config_ldap_cert_path")
|
||||||
|
reboot_required |= _config_string(to_save, "config_ldap_key_path")
|
||||||
_config_string(to_save, "config_ldap_group_name")
|
_config_string(to_save, "config_ldap_group_name")
|
||||||
if "config_ldap_serv_password" in to_save and to_save["config_ldap_serv_password"] != "":
|
if "config_ldap_serv_password" in to_save and to_save["config_ldap_serv_password"] != "":
|
||||||
reboot_required |= 1
|
reboot_required |= 1
|
||||||
|
@ -612,9 +614,11 @@ def _configuration_ldap_helper(to_save, gdriveError):
|
||||||
return reboot_required, _configuration_result(_('LDAP User Object Filter Has Unmatched Parenthesis'),
|
return reboot_required, _configuration_result(_('LDAP User Object Filter Has Unmatched Parenthesis'),
|
||||||
gdriveError)
|
gdriveError)
|
||||||
|
|
||||||
if config.config_ldap_cert_path and not os.path.isfile(config.config_ldap_cert_path):
|
if config.config_ldap_cacert_path and not (os.path.isfile(config.config_ldap_cacert_path)
|
||||||
|
or os.path.isfile(config.config_ldap_cacert_path)
|
||||||
|
or os.path.isfile(config.config_ldap_key_path)):
|
||||||
return reboot_required, \
|
return reboot_required, \
|
||||||
_configuration_result(_('LDAP Certificate Location is not Valid, Please Enter Correct Path'),
|
_configuration_result(_('LDAP CACertificate, Certificate or Key Location is not Valid, Please Enter Correct Path'),
|
||||||
gdriveError)
|
gdriveError)
|
||||||
return reboot_required, None
|
return reboot_required, None
|
||||||
|
|
||||||
|
|
|
@ -108,7 +108,9 @@ class _Settings(_Base):
|
||||||
config_ldap_serv_username = Column(String, default='cn=admin,dc=example,dc=org')
|
config_ldap_serv_username = Column(String, default='cn=admin,dc=example,dc=org')
|
||||||
config_ldap_serv_password = Column(String, default="")
|
config_ldap_serv_password = Column(String, default="")
|
||||||
config_ldap_encryption = Column(SmallInteger, default=0)
|
config_ldap_encryption = Column(SmallInteger, default=0)
|
||||||
|
config_ldap_cacert_path = Column(String, default="")
|
||||||
config_ldap_cert_path = Column(String, default="")
|
config_ldap_cert_path = Column(String, default="")
|
||||||
|
config_ldap_key_path = Column(String, default="")
|
||||||
config_ldap_dn = Column(String, default='dc=example,dc=org')
|
config_ldap_dn = Column(String, default='dc=example,dc=org')
|
||||||
config_ldap_user_object = Column(String, default='uid=%s')
|
config_ldap_user_object = Column(String, default='uid=%s')
|
||||||
config_ldap_openldap = Column(Boolean, default=True)
|
config_ldap_openldap = Column(Boolean, default=True)
|
||||||
|
|
|
@ -20,7 +20,7 @@ from __future__ import division, print_function, unicode_literals
|
||||||
import base64
|
import base64
|
||||||
|
|
||||||
from flask_simpleldap import LDAP, LDAPException
|
from flask_simpleldap import LDAP, LDAPException
|
||||||
|
from flask_simpleldap import ldap as pyLDAP
|
||||||
from .. import constants, logger
|
from .. import constants, logger
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
@ -54,8 +54,16 @@ def init_app(app, config):
|
||||||
app.config['LDAP_USERNAME'] = ""
|
app.config['LDAP_USERNAME'] = ""
|
||||||
app.config['LDAP_PASSWORD'] = base64.b64decode("")
|
app.config['LDAP_PASSWORD'] = base64.b64decode("")
|
||||||
if bool(config.config_ldap_cert_path):
|
if bool(config.config_ldap_cert_path):
|
||||||
app.config['LDAP_REQUIRE_CERT'] = True
|
# app.config['LDAP_REQUIRE_CERT'] = True
|
||||||
app.config['LDAP_CERT_PATH'] = config.config_ldap_cert_path
|
# app.config['LDAP_CERT_PATH'] = config.config_ldap_cert_path
|
||||||
|
app.config['LDAP_CUSTOM_OPTIONS'] = {
|
||||||
|
pyLDAP.OPT_X_TLS_REQUIRE_CERT: pyLDAP.OPT_X_TLS_DEMAND,
|
||||||
|
pyLDAP.OPT_X_TLS_CACERTFILE: config.config_ldap_cacert_path,
|
||||||
|
pyLDAP.OPT_X_TLS_CERTFILE: config.config_ldap_cert_path,
|
||||||
|
pyLDAP.OPT_X_TLS_KEYFILE: config.config_ldap_key_path,
|
||||||
|
pyLDAP.OPT_X_TLS_NEWCTX: 0
|
||||||
|
}
|
||||||
|
|
||||||
app.config['LDAP_BASE_DN'] = config.config_ldap_dn
|
app.config['LDAP_BASE_DN'] = config.config_ldap_dn
|
||||||
app.config['LDAP_USER_OBJECT_FILTER'] = config.config_ldap_user_object
|
app.config['LDAP_USER_OBJECT_FILTER'] = config.config_ldap_user_object
|
||||||
|
|
||||||
|
@ -65,8 +73,21 @@ def init_app(app, config):
|
||||||
app.config['LDAP_GROUP_OBJECT_FILTER'] = config.config_ldap_group_object_filter
|
app.config['LDAP_GROUP_OBJECT_FILTER'] = config.config_ldap_group_object_filter
|
||||||
app.config['LDAP_GROUP_MEMBERS_FIELD'] = config.config_ldap_group_members_field
|
app.config['LDAP_GROUP_MEMBERS_FIELD'] = config.config_ldap_group_members_field
|
||||||
|
|
||||||
|
|
||||||
try:
|
try:
|
||||||
_ldap.init_app(app)
|
_ldap.init_app(app)
|
||||||
|
except ValueError:
|
||||||
|
if bool(config.config_ldap_cert_path):
|
||||||
|
app.config['LDAP_CUSTOM_OPTIONS'] = {
|
||||||
|
pyLDAP.OPT_X_TLS_REQUIRE_CERT: pyLDAP.OPT_X_TLS_DEMAND,
|
||||||
|
pyLDAP.OPT_X_TLS_CACERTFILE: config.config_ldap_cacert_path,
|
||||||
|
pyLDAP.OPT_X_TLS_CERTFILE: config.config_ldap_cert_path,
|
||||||
|
pyLDAP.OPT_X_TLS_KEYFILE: config.config_ldap_key_path,
|
||||||
|
}
|
||||||
|
try:
|
||||||
|
_ldap.init_app(app)
|
||||||
|
except RuntimeError as e:
|
||||||
|
log.error(e)
|
||||||
except RuntimeError as e:
|
except RuntimeError as e:
|
||||||
log.error(e)
|
log.error(e)
|
||||||
|
|
||||||
|
|
|
@ -44,7 +44,6 @@
|
||||||
<div class="btn btn-default" id="admin_new_user"><a href="{{url_for('admin.new_user')}}">{{_('Add New User')}}</a></div>
|
<div class="btn btn-default" id="admin_new_user"><a href="{{url_for('admin.new_user')}}">{{_('Add New User')}}</a></div>
|
||||||
{% if (config.config_login_type == 1) %}
|
{% if (config.config_login_type == 1) %}
|
||||||
<div class="btn btn-default" id="import_ldap_users" data-toggle="modal" data-target="#StatusDialog">{{_('Import LDAP Users')}}</div>
|
<div class="btn btn-default" id="import_ldap_users" data-toggle="modal" data-target="#StatusDialog">{{_('Import LDAP Users')}}</div>
|
||||||
<!--a href="#" id="import_ldap_users" name="import_ldap_users"><button type="submit" class="btn btn-default">{{_('Import LDAP Users')}}</button></a-->
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -15,8 +15,8 @@
|
||||||
</div>
|
</div>
|
||||||
<div id="collapseOne" class="panel-collapse collapse in">
|
<div id="collapseOne" class="panel-collapse collapse in">
|
||||||
<div class="panel-body">
|
<div class="panel-body">
|
||||||
|
<label for="config_calibre_dir">{{_('Location of Calibre Database')}}</label>
|
||||||
<div class="form-group required input-group">
|
<div class="form-group required input-group">
|
||||||
<label for="config_calibre_dir" class="sr-only">{{_('Location of Calibre Database')}}</label>
|
|
||||||
<input type="text" class="form-control" id="config_calibre_dir" name="config_calibre_dir" value="{% if config.config_calibre_dir != None %}{{ config.config_calibre_dir }}{% endif %}" autocomplete="off">
|
<input type="text" class="form-control" id="config_calibre_dir" name="config_calibre_dir" value="{% if config.config_calibre_dir != None %}{{ config.config_calibre_dir }}{% endif %}" autocomplete="off">
|
||||||
<span class="input-group-btn">
|
<span class="input-group-btn">
|
||||||
<button type="button" id="library_path" class="btn btn-default"><span class="glyphicon glyphicon-folder-open"></span></button>
|
<button type="button" id="library_path" class="btn btn-default"><span class="glyphicon glyphicon-folder-open"></span></button>
|
||||||
|
@ -264,9 +264,26 @@
|
||||||
</select>
|
</select>
|
||||||
</div>
|
</div>
|
||||||
<div data-related="ldap-cert-settings">
|
<div data-related="ldap-cert-settings">
|
||||||
<div class="form-group">
|
<label for="config_ldap_cacert_path" >{{_('LDAP CACertificate Path')}}</label>
|
||||||
|
<div class="form-group input-group">
|
||||||
|
<input type="text" class="form-control" id="config_ldap_cacert_path" name="config_ldap_cacert_path" value="{% if config.config_ldap_cacert_path != None %}{{ config.config_ldap_cacert_path }}{% endif %}" autocomplete="off">
|
||||||
|
<span class="input-group-btn">
|
||||||
|
<button type="button" id="library_path" class="btn btn-default"><span class="glyphicon glyphicon-folder-open"></span></button>
|
||||||
|
</span>
|
||||||
|
</div>
|
||||||
<label for="config_ldap_cert_path">{{_('LDAP Certificate Path')}}</label>
|
<label for="config_ldap_cert_path">{{_('LDAP Certificate Path')}}</label>
|
||||||
|
<div class="form-group input-group">
|
||||||
<input type="text" class="form-control" id="config_ldap_cert_path" name="config_ldap_cert_path" value="{% if config.config_ldap_cert_path != None %}{{ config.config_ldap_cert_path }}{% endif %}" autocomplete="off">
|
<input type="text" class="form-control" id="config_ldap_cert_path" name="config_ldap_cert_path" value="{% if config.config_ldap_cert_path != None %}{{ config.config_ldap_cert_path }}{% endif %}" autocomplete="off">
|
||||||
|
<span class="input-group-btn">
|
||||||
|
<button type="button" id="library_path" class="btn btn-default"><span class="glyphicon glyphicon-folder-open"></span></button>
|
||||||
|
</span>
|
||||||
|
</div>
|
||||||
|
<label for="config_ldap_key_path">{{_('LDAP Keyfile Path')}}</label>
|
||||||
|
<div class="form-group input-group">
|
||||||
|
<input type="text" class="form-control" id="config_ldap_key_path" name="config_ldap_key_path" value="{% if config.config_ldap_key_path != None %}{{ config.config_ldap_key_path }}{% endif %}" autocomplete="off">
|
||||||
|
<span class="input-group-btn">
|
||||||
|
<button type="button" id="library_path" class="btn btn-default"><span class="glyphicon glyphicon-folder-open"></span></button>
|
||||||
|
</span>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
|
|
Loading…
Reference in New Issue
Block a user