Closed EliAndrewC closed 8 years ago
I can't find any good pure python ldap modules. There are a few but they're either abandoned, not on pypi, not on github, don't have a functioning website, or some combination of all of them.
It might be less work to think about making authentication pluggable than to foster an ldap library.
I mean, I was looking at this one: https://pypi.python.org/pypi/python3-ldap
but it may still be easier to be pluggable. In practice I'd only use OAuth or OpenID anyway
If that library is indeed python 3 compatible, then let's go with it.
My only question is whether it supported client certs and validation of server certs; it looks like it does (https://subversion.assembla.com/svn/python3-ldap/trunk/python3-ldap/ldap3/core/tls.py), so I say go for it.
taking ownership of this due to the discussion coming out of #62
I'll confess to not having any idea on how to actually test this in a repeatable, travis-type way. And for fun, we never wrote any tests for ldap auth before.
the "doing it right" steps:
The "welp, no less certain than it was before" steps:
I'm going to assume that the "doing it right" step is a requirement, but if @EliAndrewC can test it in his "spare time" that does make this a lot simpler.
http://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/ this seems pretty interesting? I'm out of town on my work laptop, so I'll try to connect to with an actual ldap browser at home and see. This would satisfy my first bullet assuming travis can reach out to this domain.
I'm okay with a "no less certain than it was before" approach here. We currently have ticket #31 for pluggable authentication, which should probably include some tests. For now there's literally one function which does anything with ldap, so I'm okay with a manual test to make sure it works. In particular, the only 2 things we really need to ensure are
Our openldap library is not Python 3 compatible, so we should migrate to an LDAP library that is.