diff --git a/src/phi/ldap/__init__.py b/src/phi/ldap/__init__.py deleted file mode 100644 index e69de29..0000000 diff --git a/src/phi/ldap/client.py b/src/phi/ldap/client.py deleted file mode 100644 index 17cd169..0000000 --- a/src/phi/ldap/client.py +++ /dev/null @@ -1,59 +0,0 @@ -from threading import Lock -from ldap3.utils.log import set_library_log_detail_level, PROTOCOL - -from phi.logging import get_logger -from phi.ldap.connection import make_connection -from phi.ldap.connection import open_connection, close_connection - -log = get_logger(__name__) -set_library_log_detail_level(PROTOCOL) - - -class Client: - def __init__(self, - host=None, port=389, - encryption=None, ciphers=None, validate=False, ca_certs=None, - username=None, password=None, - base_dn=None, - attribute_id='uid', attribute_mail='mail'): - log.info("Initializing LDAP Client.") - - self.host = host - self.port = port - - self.encryption = encryption - self.ciphers = ciphers - self.validate = validate - self.ca_certs = ca_certs - - self.username = username - self.password = password - - self.base_dn = base_dn - - self.attribute_id = attribute_id - self.attribute_mail = attribute_mail - - self.connection_lock = Lock() - self.connection = make_connection(host=self.host, port=self.port, - encryption=self.encryption, - ciphers=self.ciphers, - validate=self.validate, - ca_certs=self.ca_certs, - username=self.username, - password=self.password) - - def open(self): - self.connection_lock.acquire() - if self.connection.closed is True: - open_connection(self.connection) - self.connection_lock.release() - else: - self.connection_lock.release() - raise Exception("Trying to open a connection, " - "but it is already open.") - - def close(self): - self.connection_lock.acquire() - close_connection(self.connection) - self.connection_lock.release() diff --git a/src/phi/ldap/connection.py b/src/phi/ldap/connection.py deleted file mode 100644 index 79af89b..0000000 --- a/src/phi/ldap/connection.py +++ /dev/null @@ -1,59 +0,0 @@ -from ssl import CERT_REQUIRED, PROTOCOL_TLSv1_2 -from ldap3 import Tls, Server, Connection, ASYNC - -from phi.logging import get_logger - -log = get_logger(__name__) - - -def make_connection(host=None, port=389, - encryption=None, ciphers=None, validate=False, - ca_certs=None, username=None, password=None): - # TLSv1.2 is supported since Python 3.4 - if encryption is None: - log.warning("The connection to the LDAP server will not be encrypted.") - tls = None - elif encryption == "TLSv1.2": - log.info("The connection to the LDAP server will use TLSv1.2.") - tls = Tls(version=PROTOCOL_TLSv1_2) - else: - raise NotImplementedError("Sorry, use TLSv1.2.") - - if encryption is not None and ciphers is not None: - log.info("The connection to the LDAP server will use the " - "following ciphers: {}".format(ciphers)) - tls.ciphers = ciphers - - if encryption is not None and validate is True: - log.info("The certificate hostname will be checked to match the " - "remote hostname.") - tls.validate = CERT_REQUIRED - - if encryption is not None and validate is True and ca_certs is not None: - log.info("Using the following CA certificates: {}" - .format(ca_certs)) - tls.ca_certs_file = ca_certs - - server = Server(host=host, port=port, tls=tls) - connection = Connection(server, user=username, password=password, - client_strategy=ASYNC) - - return connection - - -def open_connection(connection): - log.info("Opening connection to LDAP server.") - connection.open() - - if connection.server.tls is not None and connection.server.ssl is False: - log.info("Issuing StartTLS command.") - connection.start_tls() - - log.info("Issuing BIND command.") - connection.bind() - - -def close_connection(connection): - log.info("Closing connection to LDAP server.") - log.info("Issuing UNBIND command.") - connection.unbind() diff --git a/src/phi/ldap/entry.py b/src/phi/ldap/entry.py deleted file mode 100644 index 60069a4..0000000 --- a/src/phi/ldap/entry.py +++ /dev/null @@ -1,36 +0,0 @@ -from ldap3 import ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES - -from phi.logging import get_logger - -log = get_logger(__name__) - - -def get_entry_by_uid(client, uid): - log.info("Searching entry with identifier: {}".format(uid)) - - filter_ = "({}={})".format(client.attribute_id, uid) - log.debug("Search filter: {}".format(filter_)) - - response_id = client.connection.search( - client.base_dn, filter_, - search_scope='SUBTREE', - attributes=[ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES] - ) - - response, result, request = client.connection.get_response( - response_id, get_request=True - ) - - log.debug("Request: {}".format(request)) - log.debug("Response: {}".format(response)) - log.debug("Result: {}".format(result)) - - if not response: - return None - - if response[1:]: - log.error("Looking for exactly one result but server gave {}. " - "Taking the first and ignoring the rest." - .format(len(response))) - - return response[0] diff --git a/src/phi/ldap/user.py b/src/phi/ldap/user.py deleted file mode 100644 index 247a1bf..0000000 --- a/src/phi/ldap/user.py +++ /dev/null @@ -1,26 +0,0 @@ -from phi.ldap.entry import get_entry_by_uid -from phi.ldap.utils import flatten_attributes - - -def user_attributes_mapping(client): - return { - client.attribute_id: "uid", - client.attribute_mail: "mail", - "createTimestamp": "created_at", - "modifyTimestamp": "modified_at", - } - - -def get_user_by_uid(client, uid): - entry = get_entry_by_uid(client, uid) - - if not entry: - return None - - mapping = user_attributes_mapping(client) - - user = { - mapping[k]: v for k, v in entry["attributes"].items() if k in mapping.keys() - } - - return flatten_attributes(user) diff --git a/src/phi/ldap/utils.py b/src/phi/ldap/utils.py deleted file mode 100644 index a44ab92..0000000 --- a/src/phi/ldap/utils.py +++ /dev/null @@ -1,3 +0,0 @@ -def flatten_attributes(d): - return {k: (v[0] if isinstance(v, list) else v) - for k, v in d.items()}