This is a pre-production deployment of Warehouse, however changes made here WILL affect the production instance of PyPI.
Latest Version Dependencies status unknown Test status unknown Test coverage unknown
Project Description

devpi-ldap: LDAP authentication for devpi-server

For use with devpi-server >= 2.1.0.

Installation

devpi-ldap needs to be installed alongside devpi-server.

You can install it with:

pip install devpi-ldap

For devpi-server there is no configuration needed to activate the plugin, as it will automatically discover the plugin through calling hooks using the setuptools entry points mechanism. However, you need to pass a path with a YAML config file to devpi-server, via the --ldap-config command-line option.

Details about LDAP configuration below.

Configuration

A script named devpi-ldap can be used to test your LDAP configuration.

To configure LDAP, create a yaml file with a dictionary containing another dictionary under the devpi-ldap key with the following options:

url
The url of the LDAP server. Using ldaps:// enables SSL. No certificate validation is performed at the moment.
user_template
The template to generate the distinguished name for the user. If the structure is fixed, this is faster than specifying a user_search, but devpi-server can’t know whether a user exists or not.
user_search
If you can’t or don’t want to use user_template, then these are the search settings for the users distinguished name. You can use username in the search filter. See specifics below.
group_search
The search settings for the group objects of the user. You can use username and userdn (the distinguished name) in the search filter. See specifics below.
referrals
Whether to follow referrals. This needs to be set to false in many cases when using LDAP via Active Directory on Windows. The default is true.
reject_as_unknown
Report all failed authentication attempts as unknown instead of reject. This is useful e.g. if using the provided credentials to bind to ldap, in which case we cannot distinguish authentication failures from unknown users. unknown is required to let other auth hooks attempt to authenticate the user.
tls
Parameters to the ldap3.Tls object for Transport Layer Security, used with LDAPS connections.

The user_search and group_search settings are dictionaries with the following options:

base
The base location from which to search.
filter
The search filter. To use replacements, put them in curly braces. Example: (&(objectClass=group)(member={userdn}))
scope
The scope for the search. Valid values are base-object, single-level and whole-subtree. The default is whole-subtree.
attribute_name
The name of the attribute which should be extracted from the search result.
userdn
The distinguished name of the user which should be used for the search operation. For user_search, if you don’t have anonymous user search or for group_search if the users can’t search their own groups, then you need to set this to a user which has the necessary rights.
password
The password for the user in userdn.

The YAML file should then look similar to this:

---
devpi-ldap:
  url: ldap://example.com
  user_template: CN={username},CN=Partition1,DC=Example,DC=COM
  group_search:
    base: CN=Partition1,DC=Example,DC=COM
    filter: (&(objectClass=group)(member={userdn}))
    attribute_name: CN

An example with user search and Active Directory might look like this:

---
devpi-ldap:
  url: ldap://example.com
  user_search:
    base: CN=Partition1,DC=Example,DC=COM
    filter: (&(objectClass=user)(sAMAccountName={username}))
    attribute_name: distinguishedName
  group_search:
    base: CN=Partition1,DC=Example,DC=COM
    filter: (&(objectClass=group)(member={userdn}))
    attribute_name: CN

Changelog

1.2.0 - 2016-03-25

  • Add support for TLS parameters in the config. [jaraco (Jason R. Coombs)]
  • Allow invocation via python -m devpi-ldap and fix cli for Python 3. [jaraco]
  • Add exit codes to testing script when authentication fails. [jaraco]

1.1.1 - 2016-01-28

  • set minimum version of ldap3 library, which adds hiding of password in debug logging. [cannatag (Giovanni Cannata), rodcloutier (Rodrigue Cloutier), fschulze]
  • change dependency for the ldap library, which was renamed. [kumy]
  • fix issue #5: dn and distinguishedName may appear as a top level response attribute instead of the attributes list. [kainz (Bryon Roché)]
  • fix issue #24: Ignore additional search result data. [bonzani (Patrizio Bonzani), fschulze]

1.1.0 - 2014-11-10

  • add reject_as_unknown option [davidszotten (David Szotten)]

1.0.1 - 2014-10-10

  • fix the plugin hook [fschulze]

1.0.0 - 2014-09-22

  • initial release [fschulze (Florian Schulze)]
Release History

Release History

1.2.0

This version

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

1.1.1

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

1.1.0

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

1.0.2.dev1

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

1.0.1

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

1.0.1.dev1

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

1.0.0

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

Download Files

Download Files

TODO: Brief introduction on what you do with files - including link to relevant help section.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
devpi-ldap-1.2.0.tar.gz (11.6 kB) Copy SHA256 Checksum SHA256 Source Mar 25, 2016
devpi-ldap-1.2.0.zip (18.9 kB) Copy SHA256 Checksum SHA256 Source Mar 25, 2016

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS HPE HPE Development Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting