oss/Radicale
oss/Radicale
1
0
Fork 0
mirror of https://github.com/Kozea/Radicale.git synced 2025-08-25 19:30:54 +00:00
Code Wiki Activity
2952 commits 5 branches 82 tags 7.9 MiB
Commit graph

2952 commits

This branch
This branch
All branches
Author SHA1 Message Date
Peter Marschall
6c1445d8db LDAP auth: introduce config option 'ldap_groups_attribute' 
This attribute is supposed to hold the group membership information
if the config option 'ldap_load_groups' is True.
If not given, it defaults to 'memberOf' for Active Directory.

Introducing this options allows one to use radicale's LDAP auth with groups
even on LDAP servers that keep their group memberships in a different attribute
than 'memberOf', e.g. Novell eDirectory which uses 'groupMembership'.
 2025-01-03 20:27:21 +01:00
Peter Marschall
1ca41e2128 LDAP auth: only ask for memberOf if ldap_load_groups = True 
Ask for the 'memberOf' attribute to be returned in the user query only
if 'ldap_load_groups' is set to True.

This fixes the issue that currently LDAP authentication can only be used on
LDAP servers that know this non-standard (it's an Active Directory extension)
attribute.
Other LDAP servers either do not necessarily have the group memberships
stored in the user object (e.g. OpenLDAP), or use different attributes for
this purpose (e.g. Novell eDirectory uses 'groupMembership')
 2025-01-03 14:34:51 +01:00
Peter Marschall
607b3af67b LDAP auth: calculate attributes to query in __init__() 
Remove code duplication by factoring out the calculation of the
LDAP query attributes out of _login2() resp. _login3() into __init__().
 2025-01-03 13:09:59 +01:00
Peter Bieringer
841df09312 changelog for https://github.com/Kozea/Radicale/pull/1666 2025-01-03 09:16:22 +01:00
Peter Bieringer
c81e19616c bump dev version 2025-01-03 09:14:01 +01:00
Peter Bieringer
b0d56f898b
Merge pull request #1668 from pbiering/login-cache 
add optional cache for login result and htpasswd + fixes

final  version will be updated to 3.4.0 next
 2025-01-03 07:51:06 +00:00
Peter Bieringer
73f8f950d0 add content from https://github.com/Kozea/Radicale/pull/1073 2025-01-03 07:19:33 +01:00
Peter Bieringer
976dfe4a3f drop Python 3.8 changelog 2025-01-03 00:42:08 +01:00
Peter Bieringer
b122002077 drop support of python 3.8, fixes https://github.com/Kozea/Radicale/issues/1628 2025-01-03 00:41:26 +01:00
Peter Bieringer
ad94acddf1 update changelog 2025-01-02 23:19:58 +01:00
Peter Bieringer
2442a794ae tox fixes 2025-01-02 23:17:34 +01:00
Peter Bieringer
a9f2e6fe7b improve code/adjustments 2025-01-03 07:14:32 +01:00
Peter Bieringer
5a00baab3f cosmetics 2025-01-03 07:11:51 +01:00
Peter Bieringer
cf914450ee remove obsolete code and comment as constant execution time is now done by __init__.py 2025-01-03 07:02:29 +01:00
Peter Bieringer
0d43a49ffb add variable sleep to have a constant execution time on failed login 2025-01-02 22:33:54 +01:00
Peter Bieringer
234be74b87
Merge pull request #1666 from marschap/LDAPauth-patches 
LDAP auth patches - thank you!
 2025-01-02 21:11:32 +00:00
Peter Bieringer
45f2a4cc0e
Merge pull request #1667 from jackwilsdon/fix-ipv6-test 
Fix test failing on systems without IPv6 support - thank you very much!
 2025-01-02 21:05:45 +00:00
Jack Wilsdon
532fad9ba6 Fix test failing on systems without IPv6 support 2025-01-02 12:18:53 +00:00
Peter Marschall
99f5ec389d LDAP auth: indroduce config option 'ldap_user_attribute' 
This option gives us
- flexible authentication options where the name used for logging on
  does not have to be the account name
  e.g. use ldap_filter = (&(obhjectclass=inetOrgperson)(|(cn={0]})(mail={0})))
  to allow loginng on using the cn or the mail address
- automatically consistent / canonicalized username values
  (i.e. exactly the way the LDAP server returns them)
 2025-01-02 12:05:39 +01:00
Peter Marschall
0253682c00 LDAP auth: do not blindly assume groups have a 2-letter naming attribute 
Instead, strip away everything before (and including) the '=' sign of ther RDN.
 2025-01-02 12:05:39 +01:00
Peter Marschall
8c2feb4726 LDAP auth: escape values used in LDAP filters to avoid possible injection of malicious code. 2025-01-02 12:05:39 +01:00
Peter Marschall
c243ae4ebf LDAP auth: require exactly one result when searching for the LDAP user DN 
This makes sure not fail securely when the query returns multiple entries

- correct grammar in some cases
- we're doing _authentication here, not authorization
- uppercase LDAP in messages & comments
- rename variable _ldap_version to _ldap_module_version
  to avoid misunderstanding it as LDAP's protocol version
- align formatting & messages better between _login2() and _login3()
 2025-01-02 12:05:39 +01:00
Peter Marschall
6f82333ff7 LDAP auth: harmonize _login2() and _login3() methods 2025-01-02 12:05:32 +01:00
Peter Bieringer
6f0ac545f0 code fix 2025-01-02 08:08:22 +01:00
Peter Bieringer
70c4a34eb8 fix/extend changelog 2025-01-01 17:36:33 +01:00
Peter Bieringer
3763f28ae4 tox fixes 2025-01-01 17:36:15 +01:00
Peter Bieringer
0a5ae5b0b4 extend startup logging for htpasswd 2025-01-01 17:31:16 +01:00
Peter Bieringer
5d48ba5d1e add test cases 2025-01-01 17:28:09 +01:00
Peter Bieringer
5a591b6471 use different token 2025-01-01 16:41:11 +01:00
Peter Bieringer
8604dacad0 fix typing 2025-01-01 16:40:55 +01:00
Peter Bieringer
ca665c4849 add a dummy delay action 2025-01-01 16:32:07 +01:00
Peter Bieringer
8fdbd0dbf6 log cosmetics 2025-01-01 16:31:47 +01:00
Peter Bieringer
46fe98f60b make htpasswd cache optional 2025-01-01 16:31:31 +01:00
Peter Bieringer
c10ce7ae46 add support for login info log 2025-01-01 16:30:34 +01:00
Peter Bieringer
6ebca08423 extend copyright 2025-01-01 15:47:22 +01:00
Peter Bieringer
c1be04abd1 fixes suggested by tox 2024-12-31 18:26:43 +01:00
Peter Bieringer
c00ab76c83 [auth] htpasswd: module 'bcrypt' is no longer mandatory in case digest method not used in file / changelog 2024-12-31 17:09:29 +01:00
Peter Bieringer
5357e692d9 [auth] htpasswd: module 'bcrypt' is no longer mandatory in case digest method not used in file 2024-12-31 17:09:21 +01:00
Peter Bieringer
9cac3008b7 extend changelog 2024-12-31 16:15:51 +01:00
Peter Bieringer
2489356dda implement htpasswd file caching 2024-12-31 16:14:38 +01:00
Peter Bieringer
5ce0cee8bf add chache cleanup and locking 2024-12-31 16:13:52 +01:00
Peter Bieringer
79ba07e16b change default cache times 2024-12-31 16:13:05 +01:00
Peter Bieringer
c0acbd4402 update changelog 2024-12-31 08:12:49 +01:00
Peter Bieringer
b75e303556 reorg code, disable caching on not required types 2024-12-31 08:11:19 +01:00
Peter Bieringer
a794a51885 fix failed_login cache, improve coding 2024-12-31 07:57:54 +01:00
Peter Bieringer
4f2990342d add additional debug line 2024-12-31 07:57:13 +01:00
Peter Bieringer
ac8abbd12c 3.3.4.dev 2024-12-30 08:15:55 +01:00
Peter Bieringer
9af15e6656 fixes triggered by tox 2024-12-30 05:25:10 +01:00
Peter Bieringer
30e2ab490e cache_logins+htpasswd 2024-12-30 08:19:20 +01:00
Peter Bieringer
ddd099accd debug log which password hash method was used 2024-12-30 08:17:59 +01:00