Models

class nginx_ldap_auth.app.models.UserManager[source]

Manage users in the LDAP directory.

model

The model class for users

alias of User

settings

The application settings

pool: TimeLimitedAIOConnectionPool | None

The LDAP connection pool

client() LDAPClient[source]

Return a new LDAP client instance.

If nginx_ldap_auth.settings.Settings.ldap_starttls is True, the client will be configured to use TLS.

async create_pool() None[source]

Create the LDAP connection pool and save it as pool.

async authenticate(username: str, password: str) bool[source]

Authenticate a user against the LDAP server.

If nginx_ldap_auth.settings.Settings.ldap_user_basedn is set, we will prepend the username with that value to create the DN to bind with like so: “{username}{ldap_user_base_dn}. Otherwise, we will use the value of nginx_ldap_auth.settings.Settings.ldap_username_attribute to create the DN as {username_attribute}={username},{ldap_basedn}.

Parameters:

  • username – the username to authenticate

  • password – the password to authenticate with

Raises:

LDAPError – if an error occurs while communicating with the LDAP server

Returns:

True if the user is authenticated, False otherwise

async exists(username: str) bool[source]

Return True if the user exists in the LDAP directory, False otherwise.

Parameters:

username – the username to check

Raises:
Returns:

True if the user exists in the LDAP directory, False otherwise

async is_authorized(username: str, ldap_authorization_filter: str | None) bool[source]

Test whether the user is authorized to log in. This is done by performing an LDAP search using the filter specified in a header or nginx_ldap_auth.settings.Settings.ldap_authorization_filter. If the value is None, the user is considered authorized.

Parameters:

  • username – the username to check

  • ldap_authorization_filter – LDAP authorization filter (optional)

Raises:
Returns:

True if the user is authorized to log in, False otherwise.

async get(username: str) User | None[source]

Get a user from the LDAP directory, and return it as a User. When getting the user, we will use the LDAP search filter specified in nginx_ldap_auth.settings.Settings.ldap_get_user_filter.

Parameters:

username – the username for which to get user information

Raises:
Returns:

The user information as a User instance, or None if the user is not returned by the LDAP search filter

async cleanup() None[source]

Close the LDAP connection pool.

class nginx_ldap_auth.app.models.User(*, uid: str, full_name: str)[source]

Used to represent a user in the LDAP directory. It is constructed from the LDAP response, and is used to authenticate the user against the LDAP server.

uid: str

The username of the user.

full_name: str

The full name of the user. We really only use this for logging.

async authenticate(password: str) bool[source]

Authenticate this user against the LDAP server.

Parameters:

password – the password to authenticate with

Returns:

True if the user is authenticated, False otherwise

classmethod parse_ldap(data: dict[str, list[str]]) User[source]

Parse the LDAP response, and extract the uid and full name from the LDAP server to use in constructing this class.

We use nginx_ldap_auth.settings.Settings.ldap_username_attribute to determine which LDAP attribute on data holds our uid value, and nginx_ldap_auth.settings.Settings.ldap_full_name_attribute to determine which LDAP attribute holds our full_name value.

Parameters:

data – the raw LDAP data

Returns:

A configured User object

model_config: ClassVar[ConfigDict] = {}

Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].