Initial version of ldap authentication plugin.

[petervarkoly]

I've enhanced Radicale with ldap authentication plugin.
I've tested it and works fine with openldap2 and samba-ad.
In a next step I would like to enhance the rights module:
The ldap plugin reads the group of the authenticated user. From this reason I would enhance the from_file.py to be able handle group based rights.

[pbiering]

@petervarkoly : can you please create an empty commit to trigger "actions"? See here for more information: https://stackoverflow.com/questions/52408592/how-to-relaunch-github-check-without-pushing-new-commits

Also reduce the patch to minimal required changes and please do not apply changes to config and rights in an active way.

[pbiering]

@petervarkoly : thank you for rebase, please honor also my comment in the code review

[pbiering]

@petervarkoly : thank you, please check my additional comments.

BTW: is ldaps supported out-of-the-box and which LDAP TLS truststore is in use? Potentially for TLS additional options for the TLS truststore can be helpful to be able to use a custom instead of a system one.

[petervarkoly]

Hello Peter, basicaly you have right. To be honest until now I've only used Radicale on our product CRANIX with the local samba-ad-server as LDAP-server. So TLS settings was not important for me. I'll implemnet additional tls settings but only for ldap3 part if you agree. Viele Grüße Dipl. Ing. Péter Varkoly EDV/IT Beratung +49-15257491205 i.A. Cranix-Solutions GmbH Steuernummer: 238/283/00067 Ust-ID: DE257896578

…

________________________________ Von: Peter Bieringer ***@***.***> Gesendet: Montag, 26. August 2024 21:11 An: Kozea/Radicale ***@***.***> Cc: Peter Varkoly ***@***.***>; Mention ***@***.***> Betreff: Re: [Kozea/Radicale] Initial version of ldap authentication plugin. (PR #1218) @petervarkoly<https://github.com/petervarkoly> : thank you, please check my additional comments. BTW: is ldaps supported out-of-the-box and which LDAP TLS truststore is in use? Potentially for TLS additional options for the TLS truststore can be helpful to be able to use a custom instead of a system one. — Reply to this email directly, view it on GitHub<#1218 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAVBKUN4QHZEOSWN3FELLGLZTN4UNAVCNFSM5O2LPPKKU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMZRGA4DQOBYGM2A>. You are receiving this because you were mentioned.Message ID: ***@***.***>

[pbiering]

@petervarkoly : Test / lint is not happy about your code, please improve

[pbiering]

ok

[pbiering]

@petervarkoly : lint found next issue, please try to run local tests before next commit, see https://github.com/Kozea/Radicale/wiki/Development-Testing-Release

[pbiering]

thank you

[pbiering]

@petervarkoly : flake8 is now happy, but mypy reports now issues

[pbiering]

thank you

[pbiering]

@petervarkoly : hmm, latest commit broke something

radicale/auth/__init__.py:55: in BaseAuth
    _ldap_groups: set[str] = set([])
E   TypeError: 'type' object is not subscriptable

please try to run the testsuite completly on your side before next commit

[petervarkoly]

This works only since python3.11 I've fiexed it for older versions. Dipl. Ing. Péter Varkoly EDV/IT Beratung +49-15257491205 i.A. Cranix-Solutions GmbH Steuernummer: 238/283/00067 Ust-ID: DE257896578

…

________________________________ Von: Peter Bieringer ***@***.***> Gesendet: Mittwoch, 11. September 2024 12:56 An: Kozea/Radicale ***@***.***> Cc: Peter Varkoly ***@***.***>; Mention ***@***.***> Betreff: Re: [Kozea/Radicale] Initial version of ldap authentication plugin. (PR #1218) @petervarkoly<https://github.com/petervarkoly> : hmm, latest commit broke something radicale/auth/__init__.py:55: in BaseAuth _ldap_groups: set[str] = set([]) E TypeError: 'type' object is not subscriptable please try to run the testsuite completly on your side before next commit — Reply to this email directly, view it on GitHub<#1218 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAVBKUPR42NUNYIBWXRXQZTZWAOWLAVCNFSM5O2LPPKKU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMZUGMZTCMRRGA3A>. You are receiving this because you were mentioned.Message ID: ***@***.***>

[pbiering]

ok

[pbiering]

@petervarkoly : no luck so far, lint plus test reporting now again issues

[pbiering]

ok

[pbiering]

@petervarkoly : now lint needs to make happy again.

[pbiering]

ok

[pbiering]

@petervarkoly : well done now, but coincidently via #1564 I found that there is already another LDAP plugin available https://github.com/malmeloo/radicale3-ldap-auth which was forked from older ones - were you aware about?

Would it make sense for any alignment before merge?

[petervarkoly]

Hi, I was not aware about it. I only have seen one PR #971. But that did not meet my needs. Once the user name handling is very static and handling of rights based on group membership is not implemented. The radicale3-ldap-auth project is basicaly that what I've implemented but also without handling of rights based on group membership. * Would it make sense for any alignment before merge? Unfortunately, this project is missing exactly what I have not yet implemented, the handling of all TLS parameters. Admittedly, it is very professionally programmed. It's your decision. I don't know if I could implement my solution as a plugin, as I have also made some changes to the action of the rights. Regards. Dipl. Ing. Péter Varkoly EDV/IT Beratung +49-15257491205 i.A. Cranix-Solutions GmbH Steuernummer: 238/283/00067 Ust-ID: DE257896578

…

________________________________ Von: Peter Bieringer ***@***.***> Gesendet: Freitag, 13. September 2024 07:29 An: Kozea/Radicale ***@***.***> Cc: Peter Varkoly ***@***.***>; Mention ***@***.***> Betreff: Re: [Kozea/Radicale] Initial version of ldap authentication plugin. (PR #1218) @petervarkoly<https://github.com/petervarkoly> : well done now, but coincidently via #1564<#1564> I found that there is already another LDAP plugin available https://github.com/malmeloo/radicale3-ldap-auth which was forked from older ones - were you aware about? Would it make sense for any alignment before merge? — Reply to this email directly, view it on GitHub<#1218 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AAVBKULZGOCG74JZ3BLNU3LZWJZ2DAVCNFSM5O2LPPKKU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMZUHAYDMMRQGYZQ>. You are receiving this because you were mentioned.

[pbiering]

@petervarkoly : I will merge your code and will also notify the other project that it would be better to extend the merged code instead of having an external plugin in parallel.

[pbiering]

@malmeloo : would it make sense that this merged PR can replace your plugin from https://github.com/malmeloo/radicale3-ldap-auth?

[malmeloo]

Probably! I'll be honest, I already switched away from Radicale due to performance issues on my NAS, but it's great to see native LDAP support. 'My' plugin is just a slightly modified version in a fork chain of 4 or 5 other repositories ;)

I'll add a note to the readme to indicate native LDAP support, to prevent confusion.