Allow loading bind secret from file

2021-12-09 13:18:55 +01:00 · 2021-12-09 13:18:55 +01:00 · 167533a65f
commit 167533a65f
parent 7dc733630b
2 changed files with 11 additions and 1 deletions
--- a/etebase_server/settings.py
+++ b/etebase_server/settings.py
@ -172,6 +172,7 @@ if any(os.path.isfile(x) for x in config_locations):
        LDAP_FILTER = ldap.get("filter", "")
        LDAP_BIND_DN = ldap.get("bind_dn", "")
        LDAP_BIND_PW = ldap.get("bind_pw", "")
+        LDAP_BIND_PW_FILE = ldap.get("bind_pw_file", "")

        # Configure EteBase to use LDAP
        ETEBASE_CREATE_USER_FUNC = "myauth.ldap.create_user"
--- a/myauth/ldap.py
+++ b/myauth/ldap.py
@ -36,9 +36,18 @@ class LDAPConnection:
        self.__LDAP_FILTER = ldap_setting("FILTER", "")
        self.__LDAP_SEARCH_BASE = ldap_setting("SEARCH_BASE", "")

+        password = ldap_setting("BIND_PW", "")
+        if not password:
+            pwfile = ldap_setting("BIND_PW_FILE", "")
+            if pw_file:
+                with open(pwfile, "r") as f:
+                    password = f.read().replace("\n", "")
+            else:
+                logging.error("No bind password specified")
+
        self.__ldap_connection = ldap.initialize(ldap_setting("SERVER", ""))
        try:
-            self.__ldap_connection.simple_bind_s(ldap_setting("BIND_DN", ""), ldap_setting("BIND_PW", ""))
+            self.__ldap_connection.simple_bind_s(ldap_setting("BIND_DN", ""), password)
        except ldap.LDAPError as err:
            logging.error(f"LDAP Error occuring during bind: {err.desc}")