Simple python ldap lib

-

Simple lib for ldap authentication

A python-based helper capable of authentication using ldap.

Introduction

Simple python lib that will perform authentication by connectiong to ldap endpoint. If login is succesful it wil return a token that can be used in different REST/API apps.

Prerequisites

  1. python/pip
  2. memcached server
  3. ldap server

Installation

Cloning

git clone https://github.com/danbordeanu/simple_ldap_token.git

Installing pip packages

pip install -r requirements.txt

Configuration

Edit the config.ini file based on your server settings.
[ldap]
# ldap address
server: ldaps://ldapserver:636
# my super secret key
secret_key: supersecretthing
# expire interval
expire_interval: 3600
ldap_search: OU=eCore Office,OU=People Accounts,DC=domain,DC=com
[memcache]
port: 11211
host: localhost
Also env vars for ldap and memcache host are supported.
export LDAP_HOST='ldaps://ldapserver:636
export MEMCACHED_HOST='localhost'
export MEMCACHED_PORT='11211'

Usage

Login with real user/passwd

from ldap_auth import LdapUserAuth
login_management = LdapUserAuth()
login_management.check_ldap_password('user@domain.com', 'base64encodedpassswd')
If successful, it will return a token
2019-XX-XX 11:33:12,139 - root - INFO - User:bordeanu@merck.com got authenticated
2019-XX-XX 11:33:12,140 - root - INFO - Token generated for user:user@domain.com
2019-XX-XX 11:33:12,142 - root - DEBUG - Token for user:user@domain.com added to memcached
eyJhfffXXXXXXX
This will check if the token is valid and return the username
user@domain.com

Login with fake user/passwd


 login_management = LdapUserAuth()
            login_management.insert_token_memcache('fake@domain.com',login_management.generate_auth_token('fake@domain.com'))

Get the token for the fake user

login_management.get_token_memcache('fake@domain.com')
This will return
2019-XX-XX 11:41:54,069 - root - INFO - Got token:eyJhb for user:fake@domain.com
'eyJhbGci'

Verify token

login_management.verify_auth_token('eyJhbGcXXX')

Location: Prague, Czechia

Popular posts from this blog

Why sometimes oracle 10g XE sucks big time

-
A few days ago, one of my web application that use as backend oracle (i'm running oracle-xe-10.2.0.1-0.1) hangs and refuse to work. I was very surprised of this, because i was more than sure that i did not made any modifications on my web server. First thing i look into it was the apache web server.I try to restart the web server, check the php lib file to see if it is corrupted or missing, check the ORA_HOME enviroment, check it the DMZ server where the oracle 10XE is running respond to my pings and telnets in 1521.Every thing was working as espected, except my web application.I was very frustrated and disappointed. After a while, it hit me, why not check the sqlplus client from ORA_HOME path. Tannnnaaaa...this was the problem.The sqlclient refuse to work or connect to the oracle server. This is the output of the strace that i did on sqlplus \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 256) = 256 13100 lseek(6, 512, SEEK_SET) = 512 13100 read(6, "\337y \0\0\0\0\0\0\0\0\0\0\
Read more

Review of Yashica ML 50mm F2

-
Image
Yashica ML 50mm/2 lens at F/2, full manual focus   * The purchase - I got this lens from ebay, it is cheap :)  - It's working on my Canon camera with   this   adapter.   * What I like:  - Metal case, built to last forever, quality of the lens seems good . - Aperture ring feels smooth, I like the "click click" sound . - It's very sharp at F/2, this was a big surprise for me, because I was using the Canon EF 50mm F1.8, which is sharp maybe at F8, and is feels(and sounds) like broken mcdonald's toy. - The bokeh is very nice, interesting "spinning" effect. - Colors are saturated.   * What I don't like:  - At F/11->F/16, pictures are strange, colors shades, details are missing. - Aperture ring is too close to the body, this is a a little bit annoying, but this is by design, I have to get used to it.   Sample images - The ground level point of view Sample images - Miracle
Read more

NAT in opensolaris

-
Firt, you must enable ip forwarding in your opensolaris box. Let's suppose thet we have two network adapters, one is elxl0(80.xxx.xxx.xxx), this is connect to the internet, and the second one is e1000g0 connected to the intranet (172.16.16.1) ipnat.conf file can be located anyware on the system, in /etc/ipnat.rules, /usr/local/etc/ipnat.rules, or /etc/opt/ipf/ipnat.rules In opensolaris, /network/ipv4-forwarding service is using /etc/ipf/ipnat.conf file cd /etc/ipf echo >> ipnat.conf (if it's missing) Insert in ipnat.conf file this line map elxl0 172.16.16.0/24 -> 0/32 The easiest way to load a NAT rule set is: ipnat -CF -f /etc/ipnat.conf To test if the rules from ipnat.rules are loaded, type from root account: ipnat -l The output look like this root@freya:/etc/ipf# ipnat -l List of active MAP/Redirect filters: map elxl0 172.16.16.0/24 -> 0.0.0.0/32 [...] List of active sessions: MAP 172.16.16.2 12769 <- -> 80.xxx.xxx.xxx 12769 [86.xxx.21.xxx 53
Read more