pypicloud.access.ldap_ module¶

LDAP authentication plugin for pypicloud.

class pypicloud.access.ldap_.LDAP(admin_field, admin_group_dn, admin_value, base_dn, cache_time, service_dn, service_password, service_username, url, user_search_filter, user_dn_format, ignore_cert, ignore_referrals, ignore_multiple_results)[source]¶

Bases: object

Handles interactions with the remote LDAP server

property admin_member_type[source]¶

connect()[source]¶: Initializes the python-ldap module and does the initial bind

get_user(username)[source]¶: Get the User object or None

test_connection()[source]¶: Binds to service. Will throw if bad connection

verify_user(username, password)[source]¶: Attempts to bind as the user, then rebinds as service user again

class pypicloud.access.ldap_.LDAPAccessBackend(request=None, conn=None, fallback_factory=None, **kwargs)[source]¶

Bases: IAccessBackend

This backend allows you to authenticate against a remote LDAP server.

check_health()[source]¶

Check the health of the access backend

Returns

(healthy, status)(bool, str): Tuple that describes the health status and provides an optional status message

classmethod configure(settings)[source]¶: Configure the access backend with app settings

property fallback[source]¶

group_members(group)[source]¶

Get a list of users that belong to a group

Parameters

groupstr

Returns

userslist: List of user names

group_package_permissions(group)[source]¶

Get a list of all packages that a group has permissions on

Parameters

groupstr

Returns

packageslist: List of dicts. Each dict contains ‘package’ (str) and ‘permissions’ (list)

group_permissions(package)[source]¶

Get a mapping of all groups to their permissions on a package

Parameters

packagestr: The name of a python package

Returns

permissionsdict: mapping of group name to a list of permissions (which can contain ‘read’ and/or ‘write’)

groups(username=None)[source]¶

Get a list of all groups

If a username is specified, get all groups that the user belongs to

Parameters

usernamestr, optional

Returns

groupslist: List of group names

is_admin(username)[source]¶

Check if the user is an admin

Parameters

usernamestr

Returns

is_adminbool

user_data(username=None)[source]¶

Get a list of all users or data for a single user

For Mutable backends, this MUST exclude all pending users

Returns

userslist: Each user is a dict with a ‘username’ str, and ‘admin’ bool
userdict: If a username is passed in, instead return one user with the fields above plus a ‘groups’ list.

user_package_permissions(username)[source]¶

Get a list of all packages that a user has permissions on

Parameters

usernamestr

Returns

packageslist: List of dicts. Each dict contains ‘package’ (str) and ‘permissions’ (list)

user_permissions(package)[source]¶

Get a mapping of all users to their permissions for a package

Parameters

packagestr: The name of a python package

Returns

permissionsdict: Mapping of username to a list of permissions (which can contain ‘read’ and/or ‘write’)

verify_user(username, password)[source]¶

Check the login credentials of a user

For Mutable backends, pending users should fail to verify

Parameters

usernamestr
passwordstr

Returns

validbool: True if user credentials are valid, false otherwise

class pypicloud.access.ldap_.User(username, dn, is_admin)[source]¶

Bases: tuple

property dn[source]¶: Alias for field number 1

property is_admin[source]¶: Alias for field number 2

property username[source]¶: Alias for field number 0

pypicloud.access.ldap_.reconnect(func)[source]¶: If the LDAP connection dies underneath us, recreate it