diff --git a/app/models.py b/app/models.py
index e939343..41a4a13 100644
--- a/app/models.py
+++ b/app/models.py
@@ -23,19 +23,6 @@ from app.lib import utils
logging = logger.getLogger(__name__)
-if 'LDAP_TYPE' in app.config.keys():
- LDAP_URI = app.config['LDAP_URI']
- LDAP_SEARCH_BASE = app.config['LDAP_SEARCH_BASE']
- LDAP_TYPE = app.config['LDAP_TYPE']
- LDAP_FILTER = app.config['LDAP_FILTER']
- LDAP_USERNAMEFIELD = app.config['LDAP_USERNAMEFIELD']
-
- LDAP_GROUP_SECURITY = app.config.get('LDAP_GROUP_SECURITY')
- if LDAP_GROUP_SECURITY == True:
- LDAP_ADMIN_GROUP = app.config['LDAP_ADMIN_GROUP']
- LDAP_USER_GROUP = app.config['LDAP_USER_GROUP']
-else:
- LDAP_TYPE = False
if 'PRETTY_IPV6_PTR' in app.config.keys():
import dns.inet
@@ -147,7 +134,7 @@ class User(db.Model):
def ldap_init_conn(self):
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
- conn = ldap.initialize(LDAP_URI)
+ conn = ldap.initialize(Setting().get('ldap_uri'))
conn.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF)
conn.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
conn.set_option(ldap.OPT_X_TLS,ldap.OPT_X_TLS_DEMAND)
@@ -162,7 +149,7 @@ class User(db.Model):
try:
conn = self.ldap_init_conn()
- conn.simple_bind_s(app.config['LDAP_ADMIN_USERNAME'], app.config['LDAP_ADMIN_PASSWORD'])
+ conn.simple_bind_s(Setting().get('ldap_admin_username'), Setting().get('ldap_admin_password'))
ldap_result_id = conn.search(baseDN, searchScope, searchFilter, retrieveAttributes)
result_set = []
@@ -177,6 +164,8 @@ class User(db.Model):
except ldap.LDAPError as e:
logging.error(e)
+ logging.debug('baseDN: {0}'.format(baseDN))
+ logging.debug(traceback.format_exc())
raise
def ldap_auth(self, ldap_username, password):
@@ -207,34 +196,38 @@ class User(db.Model):
if method == 'LDAP':
isadmin = False
- if not LDAP_TYPE:
- logging.error('LDAP authentication is disabled')
- return False
+ LDAP_TYPE = Setting().get('ldap_type')
+ LDAP_BASE_DN = Setting().get('ldap_base_dn')
+ LDAP_FILTER_BASIC = Setting().get('ldap_filter_basic')
+ LDAP_FILTER_USERNAME = Setting().get('ldap_filter_username')
+ LDAP_ADMIN_GROUP = Setting().get('ldap_admin_group')
+ LDAP_USER_GROUP = Setting().get('ldap_user_group')
+ LDAP_GROUP_SECURITY_ENABLED = Setting().get('ldap_sg_enabled')
if LDAP_TYPE == 'ldap':
- searchFilter = "(&({0}={1}){2})".format(LDAP_USERNAMEFIELD, self.username, LDAP_FILTER)
+ searchFilter = "(&({0}={1}){2})".format(LDAP_FILTER_USERNAME, self.username, LDAP_FILTER_BASIC)
logging.debug('Ldap searchFilter "{0}"'.format(searchFilter))
elif LDAP_TYPE == 'ad':
- searchFilter = "(&(objectcategory=person)({0}={1}){2})".format(LDAP_USERNAMEFIELD, self.username, LDAP_FILTER)
+ searchFilter = "(&(objectcategory=person)({0}={1}){2})".format(LDAP_FILTER_USERNAME, self.username, LDAP_FILTER_BASIC)
- ldap_result = self.ldap_search(searchFilter, LDAP_SEARCH_BASE)
+ ldap_result = self.ldap_search(searchFilter, LDAP_BASE_DN)
if not ldap_result:
logging.warning('LDAP User "{0}" does not exist. Authentication request from {1}'.format(self.username, src_ip))
return False
else:
try:
ldap_username = ldap.filter.escape_filter_chars(ldap_result[0][0][0])
- # check if LDAP_SECURITY_GROUP is enabled
+ # check if LDAP_GROUP_SECURITY_ENABLED is True
# user can be assigned to ADMIN or USER role.
- if LDAP_GROUP_SECURITY:
+ if LDAP_GROUP_SECURITY_ENABLED:
try:
if (self.ldap_search(searchFilter, LDAP_ADMIN_GROUP)):
isadmin = True
- logging.info('User {0} is part of the "{1}" group that allows admin access to PowerDNS-Admin'.format(self.username,LDAP_ADMIN_GROUP))
+ logging.info('User {0} is part of the "{1}" group that allows admin access to PowerDNS-Admin'.format(self.username, LDAP_ADMIN_GROUP))
elif (self.ldap_search(searchFilter, LDAP_USER_GROUP)):
- logging.info('User {0} is part of the "{1}" group that allows user access to PowerDNS-Admin'.format(self.username,LDAP_USER_GROUP))
+ logging.info('User {0} is part of the "{1}" group that allows user access to PowerDNS-Admin'.format(self.username, LDAP_USER_GROUP))
else:
- logging.error('User {0} is not part of the "{1}" or "{2}" groups that allow access to PowerDNS-Admin'.format(self.username,LDAP_ADMIN_GROUP,LDAP_USER_GROUP))
+ logging.error('User {0} is not part of the "{1}" or "{2}" groups that allow access to PowerDNS-Admin'.format(self.username, LDAP_ADMIN_GROUP, LDAP_USER_GROUP))
return False
except Exception as e:
logging.error('LDAP group lookup for user "{0}" has failed. Authentication request from {1}'.format(self.username, src_ip))
@@ -256,13 +249,12 @@ class User(db.Model):
self.firstname = self.username
self.lastname = ''
try:
- # try to get user's firstname & lastname from LDAP
- # this might be changed in the future
+ # try to get user's firstname, lastname and email address from LDAP attributes
self.firstname = ldap_result[0][0][1]['givenName'][0].decode("utf-8")
self.lastname = ldap_result[0][0][1]['sn'][0].decode("utf-8")
self.email = ldap_result[0][0][1]['mail'][0].decode("utf-8")
except Exception as e:
- logging.info("Reading ldap data threw an exception {0}".format(e))
+ logging.warning("Reading ldap data threw an exception {0}".format(e))
logging.debug(traceback.format_exc())
# first register user will be in Administrator role
@@ -271,7 +263,7 @@ class User(db.Model):
self.role_id = Role.query.filter_by(name='Administrator').first().id
# user will be in Administrator role if part of LDAP Admin group
- if LDAP_GROUP_SECURITY:
+ if LDAP_GROUP_SECURITY_ENABLED:
if isadmin == True:
self.role_id = Role.query.filter_by(name='Administrator').first().id
@@ -279,7 +271,7 @@ class User(db.Model):
logging.info('Created user "{0}" in the DB'.format(self.username))
# user already exists in database, set their admin status based on group membership (if enabled)
- if LDAP_GROUP_SECURITY:
+ if LDAP_GROUP_SECURITY_ENABLED:
self.set_admin(isadmin)
self.update_profile()
return True
@@ -951,7 +943,7 @@ class Domain(db.Model):
domain_obj = Domain.query.filter(Domain.name == domain_name).first()
domain_auto_ptr = DomainSetting.query.filter(DomainSetting.domain == domain_obj).filter(DomainSetting.setting == 'auto_ptr').first()
domain_auto_ptr = strtobool(domain_auto_ptr.value) if domain_auto_ptr else False
- system_auto_ptr = strtobool(Setting().get('auto_ptr'))
+ system_auto_ptr = Setting().get('auto_ptr')
self.name = domain_name
domain_id = self.get_id_by_name(domain_reverse_name)
if None == domain_id and \
@@ -1504,8 +1496,8 @@ class Record(object):
})
postdata_for_new = {"rrsets": final_records}
- logging.info(postdata_for_new)
- logging.info(postdata_for_delete)
+ logging.debug(postdata_for_new)
+ logging.debug(postdata_for_delete)
logging.info(urljoin(PDNS_STATS_URL, API_EXTENDED_URL + '/servers/localhost/zones/{0}'.format(domain)))
try:
headers = {}
@@ -1523,7 +1515,8 @@ class Record(object):
logging.info('Record was applied successfully.')
return {'status': 'ok', 'msg': 'Record was applied successfully'}
except Exception as e:
- logging.error("Cannot apply record changes to domain {0}. DETAIL: {1}".format(e, domain))
+ logging.error("Cannot apply record changes to domain {0}. Error: {1}".format(domain, e))
+ logging.debug(traceback.format_exc())
return {'status': 'error', 'msg': 'There was something wrong, please contact administrator'}
def auto_ptr(self, domain, new_records, deleted_records):
@@ -1534,7 +1527,7 @@ class Record(object):
domain_auto_ptr = DomainSetting.query.filter(DomainSetting.domain == domain_obj).filter(DomainSetting.setting == 'auto_ptr').first()
domain_auto_ptr = strtobool(domain_auto_ptr.value) if domain_auto_ptr else False
- system_auto_ptr = strtobool(Setting().get('auto_ptr'))
+ system_auto_ptr = Setting().get('auto_ptr')
if system_auto_ptr or domain_auto_ptr:
try:
@@ -1785,6 +1778,7 @@ class Setting(db.Model):
'default_domain_table_size': 10,
'auto_ptr': False,
'allow_quick_edit': True,
+ 'site_name': 'PowerDNS-Admin',
'pdns_api_url': '',
'pdns_api_key': '',
'pdns_version': '4.1.1',
@@ -1793,6 +1787,7 @@ class Setting(db.Model):
'ldap_enabled': False,
'ldap_type': 'ldap',
'ldap_uri': '',
+ 'ldap_base_dn': '',
'ldap_admin_username': '',
'ldap_admin_password': '',
'ldap_filter_basic': '',
diff --git a/app/templates/admin.html b/app/templates/admin.html
index 8677b9d..3d7a917 100644
--- a/app/templates/admin.html
+++ b/app/templates/admin.html
@@ -1,6 +1,6 @@
{% extends "base.html" %}
{% set active_page = "admin_console" %}
-{% block title %}DNS Control Panel - Admin Console{% endblock %}
+{% block title %}Admin Console - {{ SITE_NAME }}{% endblock %}
{% block dashboard_stat %}
diff --git a/app/templates/admin_editaccount.html b/app/templates/admin_editaccount.html
index 68be658..7a46a89 100644
--- a/app/templates/admin_editaccount.html
+++ b/app/templates/admin_editaccount.html
@@ -1,6 +1,6 @@
{% extends "base.html" %}
{% set active_page = "admin_accounts" %}
-{% block title %}DNS Control Panel - Edit Account{% endblock %}
+{% block title %}Edit Account - {{ SITE_NAME }}{% endblock %}
{% block dashboard_stat %}
diff --git a/app/templates/admin_edituser.html b/app/templates/admin_edituser.html
index 7e10445..d374d22 100644
--- a/app/templates/admin_edituser.html
+++ b/app/templates/admin_edituser.html
@@ -1,6 +1,6 @@
{% extends "base.html" %}
{% set active_page = "admin_users" %}
-{% block title %}DNS Control Panel - Edit User{% endblock %}
+{% block title %}Edit Use - {{ SITE_NAME }}{% endblock %}
{% block dashboard_stat %}
diff --git a/app/templates/admin_history.html b/app/templates/admin_history.html
index a515d02..936cc7a 100644
--- a/app/templates/admin_history.html
+++ b/app/templates/admin_history.html
@@ -1,7 +1,7 @@
{% extends "base.html" %}
{% set active_page = "admin_history" %}
{% block title %}
-DNS Control Panel - History
+History - {{ SITE_NAME }}
{% endblock %} {% block dashboard_stat %}