Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Get users from LDAP #690

Open
nis65 opened this issue Aug 29, 2017 · 3 comments
Open

Get users from LDAP #690

nis65 opened this issue Aug 29, 2017 · 3 comments
Assignees
@tilboerner

Comments

@nis65
Copy link

nis65 commented Aug 29, 2017

I would like cherrymusic to be able to get users from (and authenticate against) an LDAP server. Is there any way to achieve this? There is probably a way to ask apache to do the authentication and trust this authentication. Apache can be easily configured to perform an LDAP authentication (e.g. with an AuthzProviderAlias)

My goal is that every user of my household has one single password to login to a Ubuntu PC (works), the samba shares (works) and now for cherrymusic.
@nis65
Copy link
Author

nis65 commented Apr 11, 2018
edited
Loading

I have implemented this now by myself:

  • Apache web server is configured as reverse proxy, doing the authorization via LDAP and handing over the authenticated user in X-Forwarded-User.
  • I have modified cherrymusicserver/httphandler.py to trust this user (except for admin, who needs an unproxied login and works as before). If the ldap authorized user does not exist in the cherrypy database, it is created and logged in automatically. I also added a lot of debug logs that could be removed now as it is working.

Unfortunately, I am a complete python newbie and I am sure that there are more elegant ways to implement this (e.g. by hooks?). Is there anyone willing to have a look at my changes and give some hints how to do this "the right way"? Currently the new behaviour is hard coded, I guess this should be configurable in order not to break existing installations.

httphandler.py.txt

@tilboerner tilboerner self-assigned this Apr 11, 2018
@tilboerner
Copy link
Collaborator

@nis65 Without having had a proper look (it's late...): Very interesting. Good job figuring out how to work with our funny code!

Which brings me to my first comment: If you're starting out with Python, don't use CherryMusic code as an example how things should be done! It works, but we also had a lot to learn back then, and a lot of things are quite... quirky and unconventional as a result.

That being said, thanks for putting in the effort to make this work. I won't have time this week, but I'll gladly take a closer look after that.

@nis65
Copy link
Author

nis65 commented Apr 12, 2018

@tilboerner Thanks for your interest, I'm looking forward to your comments. I am not about to become a developer, so there is no need to be afraid of spoiling me ;-) My main interest is a decent self hosted music streaming web application and I am very happy with the UI and the (indexing) speed of CherryMusic. To make it my perfect music web app, I just want LDAP integration. But it looked like I am the only one with this itch, so I had to scratch myself...

With a little help from a python dev I found the "entry point" and fought my way through the jungle from there ;-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tilboerner tilboerner

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tilboerner @nis65