Merge remote-tracking branch 'upstream/master' into ldap_group_security

Conflicts:
	app/models.py
	config_template.py
This commit is contained in:
Ivan Filippov 2016-04-13 09:56:46 -06:00
commit 942ca47103
6 changed files with 33 additions and 8 deletions

View File

@ -5,7 +5,10 @@ import requests
import urlparse
from app import app
TIMEOUT = app.config['TIMEOUT']
if 'TIMEOUT' in app.config.keys():
TIMEOUT = app.config['TIMEOUT']
else:
TIMEOUT = 10
def auth_from_url(url):
auth = None

View File

@ -19,10 +19,18 @@ LDAP_USERNAME = app.config['LDAP_USERNAME']
LDAP_PASSWORD = app.config['LDAP_PASSWORD']
LDAP_SEARCH_BASE = app.config['LDAP_SEARCH_BASE']
LDAP_TYPE = app.config['LDAP_TYPE']
LDAP_GROUP_SECURITY = app.config['LDAP_GROUP_SECURITY']
if LDAP_GROUP_SECURITY == True:
LDAP_ADMIN_GROUP = app.config['LDAP_ADMIN_GROUP']
LDAP_USER_GROUP = app.config['LDAP_USER_GROUP']
if 'LDAP_TYPE' in app.config.keys():
LDAP_URI = app.config['LDAP_URI']
LDAP_USERNAME = app.config['LDAP_USERNAME']
LDAP_PASSWORD = app.config['LDAP_PASSWORD']
LDAP_SEARCH_BASE = app.config['LDAP_SEARCH_BASE']
LDAP_TYPE = app.config['LDAP_TYPE']
LDAP_GROUP_SECURITY = app.config['LDAP_GROUP_SECURITY']
if LDAP_GROUP_SECURITY == True:
LDAP_ADMIN_GROUP = app.config['LDAP_ADMIN_GROUP']
LDAP_USER_GROUP = app.config['LDAP_USER_GROUP']
else:
LDAP_TYPE = False
PDNS_STATS_URL = app.config['PDNS_STATS_URL']
PDNS_API_KEY = app.config['PDNS_API_KEY']
@ -151,6 +159,10 @@ class User(db.Model):
return False
elif method == 'LDAP':
if not LDAP_TYPE:
logging.error('LDAP authentication is disabled')
return False
if LDAP_TYPE == 'ldap':
searchFilter = "cn=%s" % self.username
else:

View File

@ -75,7 +75,9 @@
<div class="form-group">
<select class="form-control" name="auth_method">
<option value="LOCAL">Default Authentication</option>
{% if ldap_enabled %}
<option value="LDAP">LDAP Authentication</option>
{% endif %}
</select>
</div>
<div class="form-actions">

View File

@ -65,7 +65,8 @@ def login():
return redirect(url_for('dashboard'))
if request.method == 'GET':
return render_template('login.html')
LDAP_ENABLED = True if 'LDAP_TYPE' in app.config.keys() else False
return render_template('login.html', ldap_enabled=LDAP_ENABLED)
# process login
username = request.form['username']

View File

@ -4,6 +4,7 @@ basedir = os.path.abspath(os.path.dirname(__file__))
# BASIC APP CONFIG
WTF_CSRF_ENABLED = True
SECRET_KEY = 'We are the world'
BIND_ADDRESS = '127.0.0.1'
PORT = 9393
# TIMEOUT - for large zones
@ -22,14 +23,15 @@ SQLALCHEMY_MIGRATE_REPO = os.path.join(basedir, 'db_repository')
SQLALCHEMY_TRACK_MODIFICATIONS = True
# LDAP CONFIG
LDAP_TYPE = 'ldap' # use 'ad' for MS Active Directory
LDAP_URI = 'ldaps://your-ldap-server:636'
LDAP_USERNAME = 'cn=dnsuser,ou=users,ou=services,dc=duykhanh,dc=me'
LDAP_PASSWORD = 'dnsuser'
LDAP_SEARCH_BASE = 'ou=System Admins,ou=People,dc=duykhanh,dc=me'
LDAP_TYPE = 'ldap' // or 'ad'
LDAP_GROUP_SECURITY = False // or True
LDAP_ADMIN_GROUP = 'CN=PowerDNS-Admin Admin,OU=Custom,DC=ivan,DC=local'
LDAP_USER_GROUP = 'CN=PowerDNS-Admin User,OU=Custom,DC=ivan,DC=local'
=======
# POWERDNS CONFIG
PDNS_STATS_URL = 'http://172.16.214.131:8081/'

7
run.py
View File

@ -2,5 +2,10 @@
from app import app
from config import PORT
try:
from config import BIND_ADDRESS
except:
BIND_ADDRESS = '127.0.0.1'
if __name__ == '__main__':
app.run(debug = True, port=PORT)
app.run(debug = True, host=BIND_ADDRESS, port=PORT)