LDAP authentication patch

[makub]

Here is my implementation of LDAP based authentication for Indico.

It supports authentication and reading users and groups data from a LDAP server.

It assumes that the LDAP layout is the standard, i.e. users and groups located in

ou=people,dc=example,dc=com
ou=groups,dc=example,dc=com

branches. It can be customized by setting parameters in the indico.conf file.

The patch is against the 0.97RC2 release. It was developed originally for the 0.96.2 release, and works for 0.97 as well.

However in 0.97, there is one new problem - there is no checkbox on the groups management page for searching external groups anymore. It was present in Indico 0.96.2. So my code for loading groups from LDAP is never called in 0.97.

[makub]

A patch made by diff against the 0.97_rc2 release of Indico

[Pedro Ferreira <jose.pedro.ferreira@…>]

In [f395ef209a946498414ccec518c86e803809de68/indico]:

[IMP] LDAP Authentication

• Integrated Martin Kuba's patch (thanks Martin!);
• Added escaping of LDAP special chars, in order to avoid injection attacks;
• Added some extra customization options, so that the mechanism can interact with services that follow different conventions;
• Renamed some structures, including 'Ldap' -> 'LDAP';
• Changed operations to synchronous;
• Added preliminary login step that can be needed in servers that do not provide anonymous read access;
• Changed group membership strategy - faster and easier;
• Adapted code to inetOrgPerson fields;
• Improved the overall formatting and code quality (pylint and PEP8);
• closes #600 and makes many server admins happier ;)
• TODO: pluginize the whole thing (implies refactoring of auth mechanism);
• TODO: Caching - right now server calls are performed every time;

[pferreir]

Concerning the checkbox problem, this has already been fixed in 0.98.xx.