90 commits

Author	SHA1	Message	Date
Peter Marschall	99f5ec389d	LDAP auth: indroduce config option 'ldap_user_attribute' ... This option gives us - flexible authentication options where the name used for logging on does not have to be the account name e.g. use ldap_filter = (&(obhjectclass=inetOrgperson)(|(cn={0]})(mail={0}))) to allow loginng on using the cn or the mail address - automatically consistent / canonicalized username values (i.e. exactly the way the LDAP server returns them)	2025-01-02 12:05:39 +01:00
Peter Marschall	0253682c00	LDAP auth: do not blindly assume groups have a 2-letter naming attribute ... Instead, strip away everything before (and including) the '=' sign of ther RDN.	2025-01-02 12:05:39 +01:00
Peter Marschall	8c2feb4726	LDAP auth: escape values used in LDAP filters to avoid possible injection of malicious code.	2025-01-02 12:05:39 +01:00
Peter Marschall	c243ae4ebf	LDAP auth: require exactly one result when searching for the LDAP user DN ... This makes sure not fail securely when the query returns multiple entries - correct grammar in some cases - we're doing _authentication here, not authorization - uppercase LDAP in messages & comments - rename variable _ldap_version to _ldap_module_version to avoid misunderstanding it as LDAP's protocol version - align formatting & messages better between _login2() and _login3()	2025-01-02 12:05:39 +01:00
Peter Marschall	6f82333ff7	LDAP auth: harmonize _login2() and _login3() methods	2025-01-02 12:05:32 +01:00
Peter Marschall	b22038c746	LDAP auth: a little bit of cleanup ... - correct grammar in some cases - we're doing authentication here, not authorization - uppercase LDAP in messages & comments - rename variable _ldap_version to _ldap_module_version to avoid misunderstanding it as LDAP's protocol version	2024-12-29 17:36:01 +01:00
IM	94898ef6c1	flake8 E302	2024-12-25 22:28:01 +03:00
IM	7df2fb35a7	Disable overloading BaseAuth login method	2024-12-25 21:56:04 +03:00
Peter Bieringer	3ebe51a4cb	Add: option [auth] uc_username for uppercase conversion (similar to existing lc_username)	2024-12-14 09:25:36 +01:00
Peter Bieringer	886f4ee8d0	make tox happy	2024-12-14 09:09:36 +01:00
Peter Bieringer	46acbfd987	Improve: auth.ldap config shown on startup, terminate in case no password is supplied for bind user	2024-12-14 09:04:15 +01:00
Peter Bieringer	0e0592e3b8	extend copyright	2024-12-14 09:02:36 +01:00
Bishtawi	ee2af306d7	Support loading ldap secret from file	2024-11-05 00:35:36 -08:00
Peter Bieringer	687624a403	fix spelling	2024-11-02 13:23:41 +01:00
Jean-Denis Girard	f25a5fbc79	Rebase galaxy4public patch on top of bf4f5834	2024-10-30 10:33:10 -10:00
Dipl. Ing. Péter Varkoly	e887b06d21	Fix syntax	2024-09-23 15:49:58 +02:00
Dipl. Ing. Péter Varkoly	b1c682de57	Enhance docomentation. ... Fix imports	2024-09-23 15:46:08 +02:00
Dipl. Ing. Péter Varkoly	0feca04086	Implementing ssl connection for ldap auth	2024-09-23 10:19:50 +02:00
Dipl. Ing. Péter Varkoly	645619bac8	Fix format string	2024-09-17 09:33:31 +02:00
Dipl. Ing. Péter Varkoly	b081b3ea06	Fix issue #197 [ERROR] An exception occurred during GET request on '/.web/': string indices must be integers, not 'str' when using LDAP ... Enhance logging	2024-09-17 09:25:38 +02:00
Dipl. Ing. Péter Varkoly	a7f33c8795	Reorder imports.	2024-09-12 12:17:34 +02:00
Dipl. Ing. Péter Varkoly	da04d95b75	Fixing type definition error.	2024-09-11 14:13:06 +02:00
Dipl. Ing. Péter Varkoly	e05fbeb950	Apply suggestions of mypy	2024-09-11 09:13:26 +02:00
Dipl. Ing. Péter Varkoly	d75b071fec	Fix the problems found by flake8.	2024-09-11 08:12:08 +02:00
Dipl. Ing. Péter Varkoly	5cb16a3a2d	Fix syntax	2024-09-09 09:42:30 +02:00
Dipl. Ing. Péter Varkoly	8b8d7729a2	Now ldap auth can use ldap and ldap3 also.	2024-08-26 14:16:40 +02:00
Dipl. Ing. Péter Varkoly	19e5972b4f	Fix merge conflicts.	2024-08-25 14:11:48 +02:00
Mathieu Dupuy	47bc966a13	fix misspellings	2024-07-24 12:29:13 +02:00
Peter Bieringer	13b1aaed39	add auth/strip_domain option	2024-07-18 06:50:29 +02:00
Peter Bieringer	e8c092bd2d	DeprecationWarning: The 'warn' method is deprecated, use 'warning' instead	2024-06-09 08:46:29 +02:00
Peter Bieringer	bf112d6b5f	log also in case of "denyall" is selected, cosmetics	2024-06-07 12:35:21 +02:00
Peter Bieringer	27dfaa8663	warn in case no user authentication is active	2024-06-07 08:35:46 +02:00
Peter Bieringer	d8cbe0e206	extend copyright	2024-06-07 06:46:16 +02:00
Peter Bieringer	5dd27d3c80	add support for auth.type=denyall	2024-06-07 06:45:39 +02:00
IM	239e17d735	added compatibility with a case-insensitive authentication provider	2024-04-17 18:31:51 +03:00
Peter Bieringer	f0f4213760	fix log message related to bcrypt+autodetect	2024-03-18 06:51:14 +01:00
Peter Bieringer	9a2d42afab	align log text	2024-03-16 08:56:04 +01:00
Peter Bieringer	36285143ce	fix for incomplete https://github.com/Kozea/Radicale/pull/1425 and test	2024-03-12 07:38:40 +01:00
Peter Bieringer	29a2a80bfd	extend htpasswd_encryption options with sha256/512/autodetect	2024-03-12 06:09:02 +01:00
Peter Bieringer	f407915227	next forgotten leftover related to passlib[bcrypt] replacement	2024-03-07 07:28:43 +01:00
Peter Bieringer	1593742ce2	make flake8 happy	2024-03-06 22:46:07 +01:00
Peter Bieringer	438d5f1735	fix for https://github.com/Kozea/Radicale/issues/1350 replacing passlib[bcrypt] with direct call to bcrypt	2024-03-06 22:42:37 +01:00
Peter Varkoly	8d19fd7a64	Now rights can be add to user groups too.	2022-02-21 17:15:21 +01:00
Dipl. Ing. Péter Varkoly	eda8309a04	Implementing group based collection matching. ... Optimize rights evaluation.	2022-02-21 08:36:10 +01:00
Peter Varkoly	2dc0fd29dc	Initial version of ldap authentication backend.	2022-02-19 11:57:58 +01:00
Unrud	8fa4345b6f	Change "user name" to "username"	2022-01-07 23:54:34 +01:00
Unrud	bbaf0ebd8c	Change name in file header	2021-12-09 16:55:46 +01:00
Unrud	cecb17df03	More type hints	2021-09-26 22:24:45 +02:00
Unrud	562d3aacec	Add unicode support to htpasswd	2020-01-19 21:07:54 +01:00
Unrud	6108d8d759	Remove unsecure methods from htpasswd and make md5 default	2020-01-19 21:07:54 +01:00