我们从Python开源项目中,提取了以下19个代码示例,用于说明如何使用ldap.INVALID_CREDENTIALS。
def add_sshpubkey(self, username, sshpubkey): """ Add an sshPublicKey attribute to the user's dn """ dn = 'uid={0},{1}'.format(username, self.base_dn) try: with self._ldap_connection() as ldap_cxn: ldap_cxn.simple_bind_s(self.bind_dn, self.bind_pw) mod_list = [(ldap.MOD_ADD, 'sshPublicKey', str(sshpubkey))] ldap_cxn.modify_s(dn, mod_list) except (ldap.INVALID_CREDENTIALS, ldap.INSUFFICIENT_ACCESS, ldap.LDAPError) as e: self.bus.log('LDAP Error: {0}'.format(e.message['desc'] if 'desc' in e.message else str(e)), level=40, traceback=True) raise
def auth(self, username, password): """ Authenticate a user against the ldap server """ dn = 'uid={0},{1}'.format(username, self.base_dn) try: with self._ldap_connection() as ldap_cxn: ldap_cxn.simple_bind_s(dn, password) return True except ldap.INVALID_CREDENTIALS: raise except ldap.INVALID_DN_SYNTAX: self.bus.log('Invalid DN syntax in configuration: {0}'.format(self.base_dn), 40) raise except ldap.LDAPError as e: self.bus.log('LDAP Error: {0}'.format(e.message['desc'] if 'desc' in e.message else str(e)), level=40, traceback=True) raise
def delete_sshpubkey(self, username, sshpubkey): """ Add an sshPublicKey attribute to the user's dn """ dn = 'uid={0},{1}'.format(username, self.base_dn) try: with self._ldap_connection() as ldap_cxn: ldap_cxn.simple_bind_s(self.bind_dn, self.bind_pw) mod_list = [(ldap.MOD_DELETE, 'sshPublicKey', str(sshpubkey))] ldap_cxn.modify_s(dn, mod_list) except (ldap.INVALID_CREDENTIALS, ldap.INSUFFICIENT_ACCESS, ldap.LDAPError) as e: self.bus.log('LDAP Error: {0}'.format(e.message['desc'] if 'desc' in e.message else str(e)), level=40, traceback=True) raise
def ldapAuthenticate(username, password): if settings.AUTH_LDAP_SERVER_URI is None: return False if settings.AUTH_LDAP_USER_DN_TEMPLATE is None: return False try: connection = ldap.initialize(settings.AUTH_LDAP_SERVER_URI) connection.protocol_version = ldap.VERSION3 user_dn = settings.AUTH_LDAP_USER_DN_TEMPLATE % {"user": username} connection.simple_bind_s(user_dn, password) return True except ldap.INVALID_CREDENTIALS: return False except ldap.SERVER_DOWN: return False
def ldapAuthenticate(username, password): if settings.AUTH_LDAP_SERVER_URI is None: return False if settings.AUTH_LDAP_USER_DN_TEMPLATE is None: return False try: connection = ldap.initialize(settings.AUTH_LDAP_SERVER_URI) connection.protocol_version = ldap.VERSION3 user_dn = settings.AUTH_LDAP_USER_DN_TEMPLATE % {"user": username} connection.simple_bind_s(user_dn, password) return True except ldap.INVALID_CREDENTIALS: return False except ldap.SERVER_DOWN: # TODO: Return error instead of none return False
def check_credentials(self, username, password): try: ldap_client = ldap.initialize(self.config["server"]) ldap_client.set_option(ldap.OPT_REFERRALS,0) ldap_client.simple_bind_s("uid=%s,%s" % (username, self.config["memberdn"]), password) except ldap.INVALID_DN_SYNTAX: ldap_client.unbind() return False except ldap.INVALID_CREDENTIALS: ldap_client.unbind() return False except ldap.UNWILLING_TO_PERFORM: ldap_client.unbind() return False except ldap.SERVER_DOWN: ldap_client.unbind() raise ServerDownException() return False ldap_client.unbind() return True
def ldap_bind_with_user(module, conn, username, password): result = False try: conn.simple_bind_s(username, password) result = True except ldap.INVALID_CREDENTIALS: fail_msg = "Invalid Credentials for user {}".format(username) module.fail_json(msg=fail_msg) except ldap.LDAPError as e: fail_msg = "LDAP Error Binding user: {}: ERROR: {}".format(username, ldap_errors(e)) module.fail_json(msg=fail_msg) return result
def set_password(self, username, hashes): """ Administratively set the user's password using the given hashes. """ dn = 'uid={0},{1}'.format(username, self.base_dn) try: with self._ldap_connection() as ldap_cxn: ldap_cxn.simple_bind_s(self.bind_dn, self.bind_pw) mod_nt = (ldap.MOD_REPLACE, 'sambaNTPassword', hashes['sambaNTPassword']) mod_ssha = (ldap.MOD_REPLACE, 'userPassword', hashes['userPassword']) mod_list = [mod_nt, mod_ssha] ldap_cxn.modify_s(dn, mod_list) except ldap.INVALID_CREDENTIALS: self.bus.log('Invalid credentials for admin user: {0}'.format(self.bind_dn), 40) raise except ldap.INSUFFICIENT_ACCESS: self.bus.log('Insufficient access for admin user: {0}'.format(self.bind_dn), 40) raise except ldap.INVALID_DN_SYNTAX: self.bus.log('Invalid DN syntax in configuration: {0}'.format(self.base_dn), 40) raise except ldap.LDAPError as e: self.bus.log('LDAP Error: {0}'.format(e.message['desc'] if 'desc' in e.message else str(e)), level=40, traceback=True) raise
def change_password(self, username, oldpassword, hashes): """ Change the user's password using their own credentials. """ dn = 'uid={0},{1}'.format(username, self.base_dn) try: with self._ldap_connection() as ldap_cxn: ldap_cxn.simple_bind_s(dn, oldpassword) # don't use LDAPObject.passwd_s() here to make use of # ldap's atomic operations. IOW, don't change one password # but not the other. mod_nt = (ldap.MOD_REPLACE, 'sambaNTPassword', hashes['sambaNTPassword']) mod_ssha = (ldap.MOD_REPLACE, 'userPassword', hashes['userPassword']) mod_list = [mod_nt, mod_ssha] ldap_cxn.modify_s(dn, mod_list) except ldap.INVALID_CREDENTIALS: raise except ldap.INVALID_DN_SYNTAX: self.bus.log('Invalid DN syntax in configuration: {0}'.format(self.base_dn), 40) raise except ldap.LDAPError as e: self.bus.log('LDAP Error: {0}'.format(e.message['desc'] if 'desc' in e.message else str(e)), level=40, traceback=True) raise
def __init__(self, uri, cn, dc, secret): self.conn = None self.uri = uri self.dc = dc self.secret = secret try: self.conn = ldap.initialize(self.uri) self.conn.protocol_version = ldap.VERSION3 self.conn.simple_bind_s(cn+","+self.dc,self.secret) print("Connection established.") except ldap.INVALID_CREDENTIALS: print("Your username or password is incorrect.") sys.exit() except ldap.LDAPError as e: if type(e.message) == dict and e.message.has_key('desc'): print(e.message['desc']) else: print(e) sys.exit()
def test_returns_none_if_user_password_mismatch(self): self.request.registry.ldap_cm.connection \ .return_value.__enter__.side_effect = [self.conn, ldap.INVALID_CREDENTIALS()] self.assertIsNone(self.policy.authenticated_userid(self.request))
def ldap_auth(self, username, password): ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, self.cert_path) connection = ldap.initialize(self.ldap_url) connection.set_option(ldap.OPT_REFERRALS, 0) try: if password: connection.simple_bind_s(username + self.user_suffix, password) else: return False except ldap.INVALID_CREDENTIALS: return False except ldap.SERVER_DOWN: return None return True
def test_failure_authentication(self): session = pyldap_orm.LDAPSession(backend='ldap://localhost:9389') with pytest.raises(ldap.INVALID_CREDENTIALS): session.authenticate('cn=ldapmanager,ou=Services,ou=People,dc=example,dc=com', 'invalid')
def __init__(self, username, password): ldap_host = "192.168.78.8" ldap_port = "389" ldaps_port = "636" ldap_enable_ldaps = False self.ldap_base_dn = "DC=example,DC=com,DC=cn" # example.com.cn self.ldap_user = username self.ldap_password = password if ldap_enable_ldaps is True: self.uri = "ldaps://" + ldap_host + ":" + ldaps_port else: self.uri = "ldap://" + ldap_host + ":" + ldap_port self.is_active = False self.user_data = None self.conn = ldap.initialize(self.uri) try: self.conn.set_option(ldap.OPT_REFERRALS, 0) # this option is required in Windows Server 2012 self.conn.simple_bind_s(who=self.ldap_user, cred=self.ldap_password) except ldap.INVALID_CREDENTIALS: raise Exception("Invalid credentials") except ldap.SERVER_DOWN: raise Exception("Can't contact LDAP server") self.is_active = True self.user_data = self.conn.search_s(self.ldap_base_dn, ldap.SCOPE_SUBTREE, 'userPrincipalName=' + self.ldap_user) # self.user_data = self.conn.search_s(self.ldap_base_dn, ldap.SCOPE_SUBTREE) self.conn.unbind()
def do_bind(self): try: self.con.simple_bind_s(self.username, self.password) self.is_binded = True return True except ldap.INVALID_CREDENTIALS: print "[!] Error: invalid credentials" sys.exit(1) except ldap.LDAPError, e: print "[!] {}".format(e) sys.exit(1)
def authenticate(login, password): """ Attempt to authenticate the login name with password against the configured LDAP server. If the user is authenticated, required group memberships are also verified. """ lconn = open_ldap() server = _config.get('ldap', 'server') user = LDAPUser(login, lconn) # Bind to user using the supplied password try: user.bind(password) except (ldap.SERVER_DOWN, ldap.CONNECT_ERROR): _logger.exception("LDAP server is down") raise NoAnswerError(server) except ldap.INVALID_CREDENTIALS: _logger.warning("Server %s reported invalid credentials for user %s", server, login) return False except ldap.TIMEOUT as error: _logger.error("Timed out waiting for LDAP bind operation") raise TimeoutError(error) except ldap.LDAPError: _logger.exception("An LDAP error occurred when authenticating user %s " "against server %s", login, server) return False except UserNotFound: _logger.exception("Username %s was not found in the LDAP catalog %s", login, server) return False _logger.debug("LDAP authenticated user %s", login) # If successful so far, verify required group memberships before # the final verdict is made group_dn = _config.get('ldap', 'require_group') if group_dn: if user.is_group_member(group_dn): _logger.info("%s is verified to be a member of %s", login, group_dn) return user else: _logger.warning("Could NOT verify %s as a member of %s", login, group_dn) return False # If no group matching was needed, we are already authenticated, # so return that. return user
def __init__(self, fqdn, binddn, bindpw): self._log = logging.getLogger() self._log.debug('Initialising FreeIPA server %s' % fqdn) self.fqdn = fqdn self.hostname_short = fqdn.partition('.')[0] self._domain = fqdn.partition('.')[2] self._binddn = binddn self._bindpw = bindpw self._url = 'ldaps://' + fqdn self._base_dn = 'dc=' + fqdn.partition('.')[2].replace('.', ',dc=') self._active_user_base = 'cn=users,cn=accounts,' + self._base_dn self._stage_user_base = 'cn=staged users,cn=accounts,cn=provisioning,' + self._base_dn self._preserved_user_base = 'cn=deleted users,cn=accounts,cn=provisioning,' + self._base_dn self._groups_base = 'cn=groups,cn=accounts,' + self._base_dn try: self._conn = ldap.initialize(self._url) self._conn.set_option(ldap.OPT_NETWORK_TIMEOUT, 3) self._conn.simple_bind_s(self._binddn, self._bindpw) except ( ldap.SERVER_DOWN, ldap.NO_SUCH_OBJECT, ldap.INVALID_CREDENTIALS ) as err: self._log.critical('Bind error: %s (%s)' % (err.message['desc'], self.fqdn)) exit(1) self.users = self._count_users(user_base='active') self.ustage = self._count_users(user_base='stage') self.upres = self._count_users(user_base='preserved') self.ugroups = self._count_groups() self.hosts = self._count_hosts() self.hgroups = self._count_hostgroups() self.hbac = self._count_hbac_rules() self.sudo = self._count_sudo_rules() self.zones = self._count_dns_zones() self.certs = self._count_certificates() self.ldap = self._ldap_conflicts() self.ghosts = self._ghost_replicas() self.bind = self._anon_bind() self.msdcs = self._ms_adtrust() self.replica, self.healthy_agreements = self._replication_agreements()
