pypicloud.access.ldap_ module¶

LDAP authentication plugin for pypicloud.

class pypicloud.access.ldap_.LDAP(admin_field, admin_group_dn, admin_value, base_dn, cache_time, service_dn, service_password, service_username, url, user_search_filter, user_dn_format, ignore_cert, ignore_referrals, ignore_multiple_results)[source]¶

Bases: object

Handles interactions with the remote LDAP server

admin_member_type[source]¶

connect()[source]¶: Initializes the python-ldap module and does the initial bind

get_user(username)[source]¶: Get the User object or None

test_connection()[source]¶: Binds to service. Will throw if bad connection

verify_user(username, password)[source]¶: Attempts to bind as the user, then rebinds as service user again

class pypicloud.access.ldap_.LDAPAccessBackend(request=None, conn=None, fallback_factory=None, **kwargs)[source]¶

Bases: pypicloud.access.base.IAccessBackend

This backend allows you to authenticate against a remote LDAP server.

check_health()[source]¶

Check the health of the access backend

Returns:	(healthy, status) : (bool, str) Tuple that describes the health status and provides an optional status message

classmethod configure(settings)[source]¶: Configure the access backend with app settings

fallback[source]¶

group_members(group)[source]¶

Get a list of users that belong to a group

Parameters:	group : str
Returns:	users : list List of user names

group_package_permissions(group)[source]¶

Get a list of all packages that a group has permissions on

Parameters:	group : str
Returns:	packages : list List of dicts. Each dict contains ‘package’ (str) and ‘permissions’ (list)

group_permissions(package)[source]¶

Get a mapping of all groups to their permissions on a package

Parameters:	package : str The name of a python package
Returns:	permissions : dict mapping of group name to a list of permissions (which can contain ‘read’ and/or ‘write’)

groups(username=None)[source]¶

Get a list of all groups

If a username is specified, get all groups that the user belongs to

Parameters:	username : str, optional
Returns:	groups : list List of group names

is_admin(username)[source]¶

Check if the user is an admin

Parameters:	username : str
Returns:	is_admin : bool

user_data(username=None)[source]¶

Get a list of all users or data for a single user

For Mutable backends, this MUST exclude all pending users

Returns:	users : list Each user is a dict with a ‘username’ str, and ‘admin’ bool user : dict If a username is passed in, instead return one user with the fields above plus a ‘groups’ list.

user_package_permissions(username)[source]¶

Get a list of all packages that a user has permissions on

Parameters:	username : str
Returns:	packages : list List of dicts. Each dict contains ‘package’ (str) and ‘permissions’ (list)

user_permissions(package)[source]¶

Get a mapping of all users to their permissions for a package

Parameters:	package : str The name of a python package
Returns:	permissions : dict Mapping of username to a list of permissions (which can contain ‘read’ and/or ‘write’)

verify_user(username, password)[source]¶

Check the login credentials of a user

For Mutable backends, pending users should fail to verify

Parameters:	username : str password : str
Returns:	valid : bool True if user credentials are valid, false otherwise

class pypicloud.access.ldap_.User(username, dn, is_admin)[source]¶

Bases: tuple

dn[source]¶: Alias for field number 1

is_admin[source]¶: Alias for field number 2

username[source]¶: Alias for field number 0

pypicloud.access.ldap_.reconnect(func)[source]¶: If the LDAP connection dies underneath us, recreate it