diff options
| author | B. Stack <bgstack15@gmail.com> | 2021-06-24 11:35:00 -0400 |
|---|---|---|
| committer | B. Stack <bgstack15@gmail.com> | 2021-06-24 11:35:00 -0400 |
| commit | 23837ea33e62d279a039931f9cee781112b2f3ea (patch) | |
| tree | cb06b3a91f61a008e746a33422e33012ad78de81 /session_ldap.py | |
| parent | add www-negotiate basic header to /login/basic (diff) | |
| download | session_app-23837ea33e62d279a039931f9cee781112b2f3ea.tar.gz session_app-23837ea33e62d279a039931f9cee781112b2f3ea.tar.bz2 session_app-23837ea33e62d279a039931f9cee781112b2f3ea.zip | |
add dns-based ldap domain controller lookup
and rotate through the returned list of servers, per request!
Diffstat (limited to 'session_ldap.py')
| -rw-r--r-- | session_ldap.py | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/session_ldap.py b/session_ldap.py index b478ef5..d12f008 100644 --- a/session_ldap.py +++ b/session_ldap.py @@ -28,3 +28,23 @@ def authenticated_user(server_uri, user_format, username, password): # print("Either an ldap password is required, or we had another bind error.") # return False return False + +def list_ldap_servers_for_domain(domain): + # return list of hostnames from the _ldap._tcp.{domain} SRV lookup + try: + import dns + import dns.resolver + except: + print("Need python3-dns installed for dns lookups.") + return [domain] + namelist = [] + try: + query = dns.resolver.query(f"_ldap._tcp.{domain}","SRV") + except dns.resolver.NXDOMAIN: + # no records exist that match the request, so we were probably given a specific hostname, and an empty query will trigger the logic below that will add the original domain to the list. + query = [] + for i in query: + namelist.append(i.target.to_text().rstrip(".")) + if not len(namelist): + namelist.append(domain) + return namelist |