Menu
▾
▴
Re: module ldap : no module named .py
|
From: D. H. <da...@hl...> - 2008-06-05 13:53:02
|
FYI,
this is the result of test.py :
-- syslog level: notice message: nnrpd authentication class instance created
** set_auth_hook for <nnrpd_auth.AUTH instance at 0xb7f1f5ec>
-- syslog level: notice message: authentication module successfully hooked
into nnrpd
-- syslog level: notice message: nnrpd authentication class instance created
-- syslog level: notice message: n_a authenticate() invoked: hostname None,
ipaddress None, interface None, user boss
-- syslog level: notice message: authentication by username succeeded
(281, 'No error', 'default_user')
And this is the result (from news.notice) when used as auth hook in INN :
(inn will load nnrpd_auth.py and instantiate as in nnrpd_auth.py on the end
written and call method authenticate(attributes) ) :
Jun 5 13:33:12 dev01 nnrpd[9550]: david-nb.net.hlacik.eu (10.10.10.199)
connect
Jun 5 13:33:12 dev01 nnrpd[9550]: python interpreter initialized OK
Jun 5 13:33:12 dev01 nnrpd[9550]: python: nnrpd authentication class
instance created
Jun 5 13:33:12 dev01 nnrpd[9550]: python: authentication module
successfully hooked into nnrpd
Jun 5 13:33:12 dev01 nnrpd[9550]: python method authen_init not found
Jun 5 13:33:12 dev01 nnrpd[9550]: python method authen_close not found
Jun 5 13:33:12 dev01 nnrpd[9550]: python method access_init not found
Jun 5 13:33:12 dev01 nnrpd[9550]: python method access_close not found
Jun 5 13:33:12 dev01 nnrpd[9550]: python method dynamic_init not found
Jun 5 13:33:12 dev01 nnrpd[9550]: python method dynamic_close not found
Jun 5 13:33:12 dev01 nnrpd[9550]: python: n_a authenticate() invoked:
hostname david-nb.net.hlacik.eu, ipaddress 10.10.10.199, interface
10.10.10.183, user boss
Jun 5 13:33:12 dev01 nnrpd[9550]: python: Error: No module named py
Jun 5 13:33:12 dev01 nnrpd[9550]: python authenticate method returned wrong
result
Jun 5 13:33:12 dev01 nnrpd[9550]: david-nb.net.hlacik.eu times user 0.016
system 0.016 idle 0.000 elapsed 0.073
On Thu, Jun 5, 2008 at 3:50 PM, David Hláčik <da...@hl...> wrote:
> Hello, i am trying to write python authentification hook for
> InternetNewsService (INN) using *python-ldap module*
>
> I have created nnrpd_auth.py ,which is working for me, when i am calling it
>
> from my test.py script.
>
> Alltought when i pass it to INN, when INN calls nnrpd_auth.py and comes to
> line *when ldap module is used first time* it will return error
> "no module named.py"
>
> I will post you my test.py and nnrpd_auth.py.
> test.py i am using to debug my
> nnrpd_auth.py. Trought test.py as i mentioned nnrpd_auth.py is working
> (ldap module will load fine and post results)
> Is there some bug, or am i blind and forgetting about somethin?
> I am using it on CentOs5.1 with python-2.4.3-19.el5 and
> python-ldap-2.2.0-2.1
>
>
> ----------------nnrpd_auth.py----------------------
> class AUTH:
> """Provide authentication and authorization callbacks to nnrpd."""
> def __init__(self):
> """This is a good place to initialize variables or open a
> database connection.
> """
> # Create a list of NNTP codes to respond on connect
> self.connectcodes = { 'READPOST':200,
> 'READ':201,
> 'AUTHNEEDED':480,
> 'PERMDENIED':502
> }
>
> # Create a list of NNTP codes to respond on authentication
> self.authcodes = { 'ALLOWED':281,
> 'DENIED':502
>
> }
>
> #LDAP search definitions
> self.server = 'ldap://dev01.net.hlacik.eu'
> self.user_dn = 'cn=pdg,ou=Operators,o=Polarion'
> self.user_pw = 'Pdg1'
> self.base_dn_users = 'ou=Users,o=Polarion'
> self.base_dn_groups = 'ou=Groups,o=Polarion'
>
> syslog('notice', 'nnrpd authentication class instance created')
>
> def __newsauth(self,match_username,match_password):
> filter = "(uid=" + match_username + ")"
> attrs = ['userPassword']
>
> try :
> l = ldap.initialize(self.server)
> l.bind_s(self.user_dn, self.user_pw)
> search = l.search_s( self.base_dn_users,
> ldap.SCOPE_SUBTREE, filter, attrs
> )[0][1]
> l.unbind()
> except ldap.SERVER_DOWN:
> syslog('notice', 'Error, server down')
> return 2
> except ldap.INVALID_CREDENTIALS:
> syslog('Notice','Error, invalid credentials"')
> return 2
> except ldap.LDAPError, e:
> syslog('Notice', "Error, %s" % e)
> for password in search["userPassword"]:
> if password == match_password: return 1
> return 0
>
> def newsaccess(self,match_username,match_password):
> filter = "(uid=" + match_username + ")"
> attrs = ['cn']
>
> try :
> l = ldap.initialize(self.server)
> l.bind_s(self.user_dn, self.user_pw)
> cn = l.search_s( self.base_dn_users, ldap.SCOPE_SUBTREE,
> filter, attrs )[0]
> [0]
> raw_res = l.search_s( self.base_dn_groups,
> ldap.SCOPE_SUBTREE, "(member=" +
> cn + ")",attrs)
> l.unbind()
> except ldap.SERVER_DOWN:
> syslog('notice', 'Error, LDAP server down')
> return 2
> except ldap.INVALID_CREDENTIALS:
> syslog('Notice','Error, invalid LDAP credentials"')
> return 2
> except ldap.LDAPError, e:
> syslog('Notice', "LDAP error, %s" % e)
>
> return raw_res
> def authenticate(self, attributes):
> """Called when python_auth is encountered in readers.conf"""
>
> # just for debugging purposes
> syslog('notice', 'n_a authenticate() invoked: hostname %s,
> ipaddress %s, interface
> %s, user %s' % (\
> attributes['hostname'], \
> attributes['ipaddress'], \
> attributes['interface'], \
> attributes['user']))
> # username & password auth using LDAP
> try:
> if
> self.__newsauth(str(attributes['user']),str(attributes['pass'])):
> syslog('notice', 'authentication by username
> succeeded')
> return ( self.authcodes['ALLOWED'], 'No error',
> 'default_user')
> else:
> syslog('notice', 'authentication by username
> failed')
> return ( self.authcodes['DENIED'], 'Access
> Denied!')
> except Exception, e:
> syslog('notice', "Error: %s" % e)
>
> def access(self, attributes):
> """Called when python_access is encountered in readers.conf"""
>
> # just for debugging purposes
> syslog('notice', 'n_a access() invoked: hostname %s, ipaddress %s,
> interface %s, us
> er %s' % (\
> attributes['hostname'], \
> attributes['ipaddress'], \
> attributes['interface'], \
> attributes['user']))
>
> # allow newsreading from specific host only
> if '127.0.0.1' == str(attributes['ipaddress']):
> syslog('notice', 'authentication by IP address succeeded')
> return {'read':'*','post':'*'}
> else:
> syslog('notice', 'authentication by IP address failed')
> return {'read':'!*','post':'!*'}
>
> def dynamic(self, attributes):
> """Called when python_dynamic was reached in the processing of
> readers.conf and a reader requests either read or post
> permission for particular newsgroup.
> """
> # just for debugging purposes
> syslog('notice', 'n_a dyanmic() invoked against type %s, hostname
> %s, ipaddress %s,
> interface %s, user %s' % (\
> attributes['type'], \
> attributes['hostname'], \
> attributes['ipaddress'], \
> attributes['interface'], \
> attributes['user']))
>
> # Allow reading of any newsgroup but not posting
> if 'post' == str(attributes['type']):
> syslog('notice', 'authorization for post access denied')
> return "no posting for you"
> elif 'read' == str(attributes['type']):
> syslog('notice', 'authorization for read access granted')
> return None
> else:
> syslog('notice', 'authorization type is not known: %s' %
> attributes['type'])
> return "Internal error";
>
>
> #
> # The rest is used to hook up the auth module on nnrpd. It is unlikely
> # you will ever need to modify this.
> #
>
> # Import functions exposed by nnrpd. This import must succeed, or nothing
> # will work!
> from nnrpd import *
> #from ldap import *
> import ldap
>
> # Create a class instance
> myauth = AUTH()
>
> # ...and try to hook up on nnrpd. This would make auth object methods
> visible
> # to nnrpd.
> try:
> set_auth_hook(myauth)
> syslog('notice', "authentication module successfully hooked into
> nnrpd")
> except Exception, errmsg:
> syslog('error', "Cannot obtain nnrpd hook for authentication method:
> %s" % errmsg[0])
>
> ----test.py----------
> from nnrpd_auth import *
>
> myauth = AUTH()
>
> #print dir(myauth)
> print
> myauth.authenticate({'user':'boss','pass':'xxx','interface':None,'ipaddress':
> None,'hostname':None})
> #print myauth.newsauth('boss','22')
> #print myauth.newsaccess('boss','xxx')
>
> |
