[Buildbot-devel] 回复: 回复: Could anybody give me a configuration exampleabout LDAP authentication for WebStatus?
Vasily
vasslitvinov at pisem.net
Fri Jul 18 11:05:24 UTC 2014
You're welcome :)
2014-07-17 16:56 GMT+04:00 你是我的眼 <hbingbing at foxmail.com>:
> Fabulous! Thanks very very much!
> I really think that's what I want! I'll try it, and in the future return
> my feedback.
>
> In fact, I configured other systems(such as gerrit, svn) by ldap, so I
> learned about some details about AD,
> but for buildbot there's not any tips about configuring ldap, and can't
> expect any examples.and also I'm trying to learn to use the python script
> recently.
> So, It's hard for me to configure the buildbot by ldap successfully, your
> answer is very useful.
>
> Thanks again!
>
>
> ------------------ 原始邮件 ------------------
> *发件人:* "vasslitvinov";<vasslitvinov at pisem.net>;
> *发送时间:* 2014年7月17日(星期四) 晚上8:30
> *收件人:* "你是我的眼"<hbingbing at foxmail.com>;
> *抄送:* "buildbot-devel"<buildbot-devel at lists.sourceforge.net>;
> *主题:* Re: 回复: [Buildbot-devel] Could anybody give me a configuration
> exampleabout LDAP authentication for WebStatus?
>
> Of course you'd need to know some AD details...
>
> Okay, more code snippets follow:
>
> LDAP_SERVER = 'ldap://<your-ad-server-address>:3268'
>
> class LdapAccessor:
> def __init__(self, login, password):
> self.ldapConnection = ldap.initialize(LDAP_SERVER)
> self.ldapConnection.set_option(ldap.OPT_REFERRALS, 0)
> self.login, self.password = login, password
>
> def __enter__(self):
> self.ldapConnection.simple_bind_s(self.login, self.password)
> return self
>
> def __exit__(self, exc_type, exc_val, exc_tb):
> self.ldapConnection.unbind_s()
> return False # do not suppress any exceptions raised within "with"
> statement
>
> def search(self, *args, **kw):
> return self.ldapConnection.search_s(base = "<some-DN-qualifier>",
> scope = ldap.SCOPE_SUBTREE,
> *args, **kw)
>
> def getUserInfo(login, password, targetUser = None):
> with LdapAccessor(login, password) as ad:
> # search returns a list of tuples
> # each tuple is a pair of DN and fields associated with that DN
> fields = ad.search(filterstr = "(sAMAccountName=%s)" % login,
> attrlist = ["mail", "displayName"])[0][1]
> displayName, userEmail = fields['displayName'][0],
> fields['mail'][0]
> return login, displayName, userEmail
>
>
> This code is taken from our BB setup, I've slightly modified it to get rid
> of our details (and didn't test it for correctness after that), but that
> should give you some general idea of how things work.
>
> P.S. <some-DN-qualifier> can usually be something like
> DC=companyName,DC=com
>
> Thanks,
> Vasily
>
>
> 2014-07-17 7:48 GMT+04:00 你是我的眼 <hbingbing at foxmail.com>:
>
>> Hi,
>>
>> If I finish installing the module of python-ldap for python, doesn't it
>> need to config BaseDN and other domain properties?
>> Is it just OK to have these fields:"userName, userDisplayName, userEmail
>> "?
>>
>> thanks very much!
>>
>>
>> ------------------ 原始邮件 ------------------
>> *发件人:* "Vasily";<vasslitvinov at pisem.net>;
>> *发送时间:* 2014年7月16日(星期三) 下午5:53
>> *收件人:* "你是我的眼"<hbingbing at foxmail.com>;
>> *抄送:* "buildbot-devel"<buildbot-devel at lists.sourceforge.net>;
>> *主题:* Re: [Buildbot-devel] Could anybody give me a configuration
>> exampleabout LDAP authentication for WebStatus?
>>
>> Hi,
>>
>> This is how we do it:
>>
>> class BasicHTTPAuthRequest(Request):
>> '''
>> Class allowing us to put some more info into request before it is
>> processed by Buildbot.
>> We use activedirectory package to get e-mail and display name and we
>> add our own request
>> arguments for ForceScheduler instance to get them from the request.
>> '''
>> def process(self):
>> userName, userPass = self.getUser(), self.getPassword()
>> if userName:
>> try:
>> userName, userDisplayName, userEmail =
>> getUserInfo(userName, userPass, \
>> getActiveDirectoryCachePath())
>> except:
>> twistedLog.msg('BasicHTTPAuthRequest: exception: %s' %
>> traceback.format_exc())
>> userDisplayName = ''
>> userEmail = current_site.NOTIFY
>> # Overriding user_name here would help those sites where
>> nginx accepts logins both
>> # with and without domain specified (like in INNL) -
>> previously that broke further
>> # P1 builds because IDSID wasn't extracted, now it is
>> properly extracted no matter
>> # which form of username was specified by user.
>> self.args['user_name'] = [userName]
>> self.args['user_email'] = [userEmail]
>> self.args['display_name'] = [userDisplayName]
>> return Request.process(self)
>>
>> class BasicHTTPAuthWebStatus(html.WebStatus):
>> '''
>> Subclass for usual Buildbot WebStatus that allows overriding
>> requestFactory at the moment
>> of initializing itself. Basic WebStatus sets its requestFactory to
>> twisted Request class.
>> '''
>> def setupSite(self):
>> self.site.requestFactory = BasicHTTPAuthRequest
>> return html.WebStatus.setupSite(self)
>>
>>
>> getUserInfo() is a function implemented via python-ldap which goes to
>> ActiveDirectoy.
>>
>> Thanks,
>> Vasily
>>
>>
>> 2014-07-16 6:11 GMT+04:00 你是我的眼 <hbingbing at foxmail.com>:
>>
>>> Hi,
>>>
>>> I want to config buildbot by ldap authentication, but I can't find
>>> anything useful in buildbot manual.
>>> Could someone give me a configuration example about LDAP
>>> authentication for WebStatus?
>>>
>>> Maybe it can be completed with Apache HTTPD as reverse proxy according
>>> to the offical manual, but I don't know to how to config it used by ldap.
>>>
>>>
>>>
>>> Thanks a lot!
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Want fast and easy access to all the code in your enterprise? Index and
>>> search up to 200,000 lines of code with a free copy of Black Duck
>>> Code Sight - the same software that powers the world's largest code
>>> search on Ohloh, the Black Duck Open Hub! Try it now.
>>> http://p.sf.net/sfu/bds
>>> _______________________________________________
>>> Buildbot-devel mailing list
>>> Buildbot-devel at lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/buildbot-devel
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://buildbot.net/pipermail/devel/attachments/20140718/efd22323/attachment.html>
More information about the devel
mailing list