[Twisted-Python] ldaptor and bind

Ottavio Campana ottavio at campana.vi.it
Mon Jan 7 17:52:52 EST 2008

Tommi Virtanen ha scritto:
> On Mon, Jan 07, 2008 at 11:05:10PM +0100, Ottavio Campana wrote:
>> 1) does it support bind? I think so, even though I'm not able to make it 
>> work by now.
> The unit test in ldaptor.test.test_server.LDAPServerTest.test_bind_success
> says it does.

I'll give a look at it

>> 2) it doesn't support access control, but for what I've seen class 
>> LDAPServer has a handle_LDAPSearchRequest method. I think I have to modify 
>> its behavior, especially when it calls root.lookup(dn). Do think that 
>> subclassing LDAPServer might be a good way of doing it?
> Yup, but don't think that's the only thing you'd need to change.
> Really, if you don't know LDAP already you probably will not be
> able to make it secure.

Yes, I agree with you, it's everything but easy. I'm thinking about 
other solutions because I don't need full acl as in openldap.

Since each inetOrgPerson class has the userPassword field, I could add 
it to each element of the address book and I can check it in 
LDAPServer._cbSearchGotBase by modifying the filter object and adding a 
check to match the password in the inetOrgPerson classes with the 
password that the user gave to bind to the server.

In this case I just need to know

1) how do I get the username and password used to bind in function
def _cbSearchGotBase(self, base, dn, request, reply):
? with request.dn and request.auth?

2) how do I modify request.filter? can I just append text?

In this case, after having biding working I would be done. It's not full 
acl support, but it would be enough.

What do you think about it?

Non c'e' piu' forza nella normalita', c'e' solo monotonia.

More information about the Twisted-Python mailing list