[Buildbot-devel] 回复: Could anybody give me a configuration exampleabout LDAP authentication for WebStatus?

Vasily vasslitvinov at pisem.net
Thu Jul 17 12:30:58 UTC 2014 

Of course you'd need to know some AD details...

Okay, more code snippets follow:

LDAP_SERVER = 'ldap://<your-ad-server-address>:3268'

class LdapAccessor:
    def __init__(self, login, password):
        self.ldapConnection = ldap.initialize(LDAP_SERVER)
        self.ldapConnection.set_option(ldap.OPT_REFERRALS, 0)
        self.login, self.password = login, password

    def __enter__(self):
        self.ldapConnection.simple_bind_s(self.login, self.password)
        return self

    def __exit__(self, exc_type, exc_val, exc_tb):
        self.ldapConnection.unbind_s()
        return False # do not suppress any exceptions raised within "with"
statement

    def search(self, *args, **kw):
        return self.ldapConnection.search_s(base = "<some-DN-qualifier>",
scope = ldap.SCOPE_SUBTREE,
                               *args, **kw)

def getUserInfo(login, password, targetUser = None):
    with LdapAccessor(login, password) as ad:
        # search returns a list of tuples
        # each tuple is a pair of DN and fields associated with that DN
        fields = ad.search(filterstr = "(sAMAccountName=%s)" % login,
                           attrlist = ["mail", "displayName"])[0][1]
        displayName, userEmail = fields['displayName'][0], fields['mail'][0]
    return login, displayName, userEmail


This code is taken from our BB setup, I've slightly modified it to get rid
of our details (and didn't test it for correctness after that), but that
should give you some general idea of how things work.

P.S. <some-DN-qualifier> can usually be something like DC=companyName,DC=com

Thanks,
Vasily


2014-07-17 7:48 GMT+04:00 你是我的眼 <hbingbing at foxmail.com>:

> Hi,
>
> If I finish installing the module of python-ldap for python, doesn't it
> need to config BaseDN and other domain properties?
> Is it just OK to have these fields:"userName, userDisplayName, userEmail‍
> "?
>
> thanks very much!
>
>
> ------------------ 原始邮件 ------------------
> *发件人:* "Vasily";<vasslitvinov at pisem.net>;
> *发送时间:* 2014年7月16日(星期三) 下午5:53
> *收件人:* "你是我的眼"<hbingbing at foxmail.com>;
> *抄送:* "buildbot-devel"<buildbot-devel at lists.sourceforge.net>;
> *主题:* Re: [Buildbot-devel] Could anybody give me a configuration
> exampleabout LDAP authentication for WebStatus?
>
> Hi,
>
> This is how we do it:
>
> class BasicHTTPAuthRequest(Request):
>     '''
>     Class allowing us to put some more info into request before it is
> processed by Buildbot.
>     We use activedirectory package to get e-mail and display name and we
> add our own request
>     arguments for ForceScheduler instance to get them from the request.
>     '''
>     def process(self):
>         userName, userPass = self.getUser(), self.getPassword()
>         if userName:
>             try:
>                 userName, userDisplayName, userEmail =
> getUserInfo(userName, userPass, \
>                     getActiveDirectoryCachePath())
>             except:
>                 twistedLog.msg('BasicHTTPAuthRequest: exception: %s' %
> traceback.format_exc())
>                 userDisplayName = ''
>                 userEmail = current_site.NOTIFY
>             # Overriding user_name here would help those sites where nginx
> accepts logins both
>             # with and without domain specified (like in INNL) -
> previously that broke further
>             # P1 builds because IDSID wasn't extracted, now it is properly
> extracted no matter
>             # which form of username was specified by user.
>             self.args['user_name'] = [userName]
>             self.args['user_email'] = [userEmail]
>             self.args['display_name'] = [userDisplayName]
>         return Request.process(self)
>
> class BasicHTTPAuthWebStatus(html.WebStatus):
>     '''
>     Subclass for usual Buildbot WebStatus that allows overriding
> requestFactory at the moment
>     of initializing itself. Basic WebStatus sets its requestFactory to
> twisted Request class.
>     '''
>     def setupSite(self):
>         self.site.requestFactory = BasicHTTPAuthRequest
>         return html.WebStatus.setupSite(self)
>
>
> getUserInfo() is a function implemented via python-ldap which goes to
> ActiveDirectoy.
>
> Thanks,
> Vasily
>
>
> 2014-07-16 6:11 GMT+04:00 你是我的眼 <hbingbing at foxmail.com>:
>
>> Hi,
>>
>> I want to config buildbot by ldap authentication, but I can't find
>> anything useful in buildbot manual.
>> Could someone give me a configuration ‍example about LDAP authentication
>> for WebStatus?‍
>>
>> Maybe it can be completed with Apache HTTPD as reverse proxy according
>> to the offical manual, but I don't know to how to config it used by ldap.
>>>>
>>
>> Thanks a lot!
>>
>>
>> ------------------------------------------------------------------------------
>> Want fast and easy access to all the code in your enterprise? Index and
>> search up to 200,000 lines of code with a free copy of Black Duck
>> Code Sight - the same software that powers the world's largest code
>> search on Ohloh, the Black Duck Open Hub! Try it now.
>> http://p.sf.net/sfu/bds
>> _______________________________________________
>> Buildbot-devel mailing list
>> Buildbot-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/buildbot-devel
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://buildbot.net/pipermail/devel/attachments/20140717/2e54ebbe/attachment.html>

More information about the devel mailing list