Models

class nginx_ldap_auth.app.models.UserManager[source]

model

The model class for users

alias of User

settings: The application settings

pool: TimeLimitedAIOConnectionPool | None: The LDAP connection pool

client() → LDAPClient[source]

Return a new LDAP client instance.

If nginx_ldap_auth.settings.Settings.ldap_starttls is True, the client will be configured to use TLS.

async create_pool() → None[source]: Create the LDAP connection pool and save it as pool.

async authenticate(username: str, password: str) → bool[source]

Authenticate a user against the LDAP server.

Parameters:

username – the username to authenticate
password – the password to authenticate with

Raises:

LDAPError – if an error occurs while communicating with the LDAP server

Returns:

True if the user is authenticated, False otherwise

async exists(username: str) → bool[source]

Return True if the user exists in the LDAP directory, False otherwise.

Parameters:

username – the username to check

Raises:

LDAPError – if an error occurred while communicating with the LDAP server
AuthenticationError – if the LDAP server rejects the credentials of nginx_ldap_auth.settings.Settings.ldap_binddn and nginx_ldap_auth.settings.Settings.ldap_password

Returns:

True if the user exists in the LDAP directory, False otherwise

async is_authorized(username: str) → bool[source]

Test whether the user is authorized to log in. This is done by performing an LDAP search using the filter specified in nginx_ldap_auth.settings.Settings.ldap_authorization_filter. If that setting is None, the user is considered authorized.

Parameters:

username – the username to check

Raises:

LDAPError – if an error occurred while communicating with the LDAP server
AuthenticationError – if the LDAP server rejects the credentials of nginx_ldap_auth.settings.Settings.ldap_binddn and nginx_ldap_auth.settings.Settings.ldap_password

Returns:

True if the user is authorized to log in, False otherwise.

async get(username: str) → User | None[source]

Get a user from the LDAP directory, and return it as a User. When getting the user, we will use the LDAP search filter specified in nginx_ldap_auth.settings.Settings.ldap_get_user_filter.

Parameters:

username – the username for which to get user information

Raises:

LDAPError – if an error occurred while communicating with the LDAP server
AuthenticationError – if the LDAP server rejects the credentials of nginx_ldap_auth.settings.Settings.ldap_binddn and nginx_ldap_auth.settings.Settings.ldap_password

Returns:

The user information as a User instance, or None if the user is not returned by the LDAP search filter

async cleanup() → None[source]: Close the LDAP connection pool.

class nginx_ldap_auth.app.models.User(*, uid: str, full_name: str)[source]

uid: str: The username of the user.

full_name: str: The full name of the user. We really only use this for logging.

async authenticate(password: str) → bool[source]

Authenticate this user against the LDAP server.

Parameters:: password – the password to authenticate with
Returns:: True if the user is authenticated, False otherwise