40 lines
1.8 KiB
Python
40 lines
1.8 KiB
Python
#!/usr/bin/env python3
|
|
|
|
# avalon-bbs ldaputil.py
|
|
# Copyright (C) 2026 The Avalon Team <avalon@icolotl.com>
|
|
|
|
# This program is free software: you can redistribute it and/or modify it under
|
|
# the terms of the GNU Affero General Public License as published by the Free
|
|
# Software Foundation, either version 3 of the License, or (at your option) any
|
|
# later version.
|
|
|
|
# This program is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
|
# PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
|
|
|
|
# You should have received a copy of the GNU Affero General Public License along
|
|
# with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
from getpass import getpass
|
|
|
|
from ldap3 import Server, Connection
|
|
from ldap3.utils.conv import escape_filter_chars
|
|
from ldap3.core.exceptions import LDAPBindError, LDAPPasswordIsMandatoryError, LDAPInvalidCredentialsResult
|
|
|
|
SEARCH_DN = "cn=Search,dc=icolotl,dc=com"
|
|
with open("search.key", encoding="utf-8") as file:
|
|
SEARCH_KEY = file.read().strip()
|
|
|
|
def authenticate(username, password):
|
|
"""Attempt to authenticate against the Avalon LDAP Database."""
|
|
server = Server("127.0.0.1")
|
|
try:
|
|
with Connection(server, user=SEARCH_DN, password=SEARCH_KEY, raise_exceptions=True) as conn:
|
|
conn.search("ou=People,dc=icolotl,dc=com", f"(&(objectclass=person)(uid={escape_filter_chars(username)}))")
|
|
if len(conn.entries) != 1:
|
|
return False
|
|
USER_DN = conn.entries[0].entry_dn
|
|
with Connection(server, user=USER_DN, password=password, raise_exceptions=True):
|
|
return True
|
|
except (LDAPBindError, LDAPPasswordIsMandatoryError, LDAPInvalidCredentialsResult):
|
|
return False |