marcoh00 / radicale-auth-ldap Goto Github PK
View Code? Open in Web Editor NEWLDAP authentication plugin for radicale DAV server
LDAP authentication plugin for radicale DAV server
Todo:
Is there any specific reason why versions of LDAP3 >= 2.4 are not supported or is this just because they are untested?
I'd assume that newer 2.X versions would stay backwards-compatible. Supporting them would allow me to more easily package this module for my distribution.
This is used while generating the to-be-searched-for DN out of arbitrary user input. This seems pretty important and has to be resolved before anyone should use this in production again. The temporary fix is to import the function from older ldap3 versions and just use it.
Since utils.dn.escape_attribute_value was re-imported into this project from ldap3, basic query string escaping is present again.
However, I don't feel too safe with this. I'm pretty sure there was a reason why ldap3 deprecated this and as I don't have a very deep understanding of ldap query strings, I just need to document that I can't guarantee this code will not kill your kittens or burn your house...
Seriously, this module parses more or less unfiltered queries from the web against an authentication backend and it would be very nice if someone with some LDAP skills could look after this again and make sure we do some proper query string escaping here!
Hi,
we at Cloudron are in the process of updating our app package to Radicale v3 and thus were hoping to use this plugin for user integration, however it appears the Radicale auth plugin interface has slightly changed. I have created a custom plugin within our app package repo at https://git.cloudron.io/cloudron/radicale-app/-/tree/master/radicale_cloudron_ldap_auth
It would be great if we could somehow merge ours into this plugin to join forces.
Is there any interest within this project to support Radicale 3 and thus would a pull request with the fixes have any chances?
Thanks!
Hi,
i have done some work on this plugin and add some smaller features:
I need to do some work on test coverage and maybe add missing ssl options (like ciphers) but for now i think it is good to go. If you like to merge it back i will create a pull request.
I tried to add the plugin radicale_auth_ldap extending the Dockerfile of Kozea.
my Dockerfile
FROM alpine:latest
# Version of Radicale (e.g. 2.0.0)
ARG VERSION_RADICALE=2.1.11
ARG VERSION_RADICALE_AUTH_LDAP=c399db0c2990ca79f1113f7a6834502e90201149
# Install dependencies
RUN apk add --no-cache \
python3 \
python3-dev \
build-base \
libffi-dev \
ca-certificates \
openssl \
git
# Install Radicale
RUN wget --quiet https://github.com/Kozea/Radicale/archive/${VERSION_RADICALE}.tar.gz --output-document=radicale.tar.gz && \
tar xzf radicale.tar.gz && \
pip3 install ./Radicale-${VERSION_RADICALE}[md5,bcrypt]
# Install LDAP
RUN git clone -v git://github.com/marcoh00/radicale-auth-ldap.git Radicale-${VERSION_RADICALE}/radicale-auth-ldap && \
cd Radicale-${VERSION_RADICALE}/radicale-auth-ldap && \
git checkout $VERSION_RADICALE_AUTH_LDAP && \
pip3 install --upgrade .
# Remove artifacts
RUN rm -r radicale.tar.gz Radicale-${VERSION_RADICALE}
# Remove build dependencies
RUN apk del \
python3-dev \
build-base \
libffi-dev \
git
# Persistent storage for data (Mount it somewhere on the host!)
VOLUME /var/lib/radicale
# Configuration data (Put the "config" file here!)
VOLUME /etc/radicale
# TCP port of Radicale (Publish it on a host interface!)
EXPOSE 5232
# Run Radicale (Configure it here or provide a "config" file!)
CMD ["radicale", "--hosts", "0.0.0.0:5232"]
docker-compose.yml
version: "3.5"
services:
radicale:
build: .
container_name: radicale
ports:
- "5232:5232"
volumes:
- ./volumes:/var/lib/radicale/collections
- ./configs:/etc/radicale
config
[auth]
type = radicale_auth_ldap
# LDAP server URL, with protocol and port
ldap_url = ldap://ldap:389
# LDAP base path
ldap_base = ou=Users,dc=TESTDOMAIN
# LDAP login attribute
ldap_attribute = uid
# LDAP filter string
# placed as X in a query of the form (&(...)X)
# example: (objectCategory=Person)(objectClass=User)(memberOf=cn=calenderusers,ou=users,dc=example,dc=org)
ldap_filter = (objectClass=person)
# LDAP dn for initial login, used if LDAP server does not allow anonymous searches
# Leave empty if searches are anonymous
ldap_binddn = cn=admin,dc=TESTDOMAIN
# LDAP password for initial login, used with ldap_binddn
ldap_password = verysecurepassword
# LDAP scope of the search
ldap_scope = LEVEL
I get this error
radicale | [7fe1390b3d48] INFO: Starting Radicale
radicale | [7fe1390b3d48] ERROR: An exception occurred during server startup: Failed to load authentication module 'radicale_auth_ldap': invalid syntax (connection.py, line 55)
radicale | Traceback (most recent call last):
radicale | File "/usr/lib/python3.8/site-packages/radicale/auth.py", line 80, in load
radicale | class_ = import_module(auth_type).Auth
radicale | File "/usr/lib/python3.8/importlib/__init__.py", line 127, in import_module
radicale | return _bootstrap._gcd_import(name[level:], package, level)
radicale | File "<frozen importlib._bootstrap>", line 1014, in _gcd_import
radicale | File "<frozen importlib._bootstrap>", line 991, in _find_and_load
radicale | File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
radicale | File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
radicale | File "<frozen importlib._bootstrap_external>", line 783, in exec_module
radicale | File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
radicale | File "/usr/lib/python3.8/site-packages/radicale_auth_ldap/__init__.py", line 29, in <module>
radicale | import ldap3
radicale | File "/usr/lib/python3.8/site-packages/ldap3/__init__.py", line 132, in <module>
radicale | from .core.connection import Connection
radicale | File "/usr/lib/python3.8/site-packages/ldap3/core/connection.py", line 55
radicale | from ..strategy.async import AsyncStrategy
radicale | ^
radicale | SyntaxError: invalid syntax
radicale |
radicale | The above exception was the direct cause of the following exception:
radicale |
radicale | Traceback (most recent call last):
radicale | File "/usr/lib/python3.8/site-packages/radicale/__main__.py", line 138, in run
radicale | serve(configuration, logger)
radicale | File "/usr/lib/python3.8/site-packages/radicale/__main__.py", line 229, in serve
radicale | application = Application(configuration, logger)
radicale | File "/usr/lib/python3.8/site-packages/radicale/__init__.py", line 251, in __init__
radicale | self.Auth = auth.load(configuration, logger)
radicale | File "/usr/lib/python3.8/site-packages/radicale/auth.py", line 82, in load
radicale | raise RuntimeError("Failed to load authentication module %r: %s" %
radicale | RuntimeError: Failed to load authentication module 'radicale_auth_ldap': invalid syntax (connection.py, line 55)
radicale exited with code 1
I tried with Python 3.6 and 3.7 too.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.