LDAP authentication of build requests

[ipv6guru]

Here's a patch against buildbot 0.7.2 that allows you to specify a build authenticator when creating a waterfall display. 2wire uses this because our production builds are expensive - it takes lots of time to run the performance regression suite and lots of storage to keep build products around indefinitely.

The build authenticator I've included is an LDAP one that requires the ldaptor 0.0.43 module from  http://www.inoi.fi/open/trac/ldaptor/.

In hindsight, I probably should have done it as an attribute to each builder rather than to the waterfall display. Our unittest builds aren't that expensive, but for now people will just have to wait for the p4poller to notice changes.

It's lightly tested by hand. Not sure how to unit test this.

Example usage for an ActiveDirectory? server:

from ldaptor import pureldap
from buildbot import ldapauth

build_authenticator=ldapauth.LDAPAuthenticationSource(
base_dn='cn=Users,dc=corp,dc=2wire,dc=com',
attr='sAMAccountName',
bind_dn='cn=ldap_queries,cn=Users,dc=corp,dc=2wire,dc=com',
bind_pw='<censored>',
filter=pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription('memberOf'),
assertionValue=pureldap.LDAPAssertionValue(
'CN=Build 
Engineering,CN=Users,DC=corp,DC=2wire,DC=com')
)
)

c['status'].append(html.Waterfall(http_port=8010,
build_authenticator=build_authenticator))

[ipv6guru]

Moved from sourceforge

[dustin]

It would be interesting to see this merged into the new IAuth stuff..

[dustin]

Doug, what do you think?

[tom.prince]

This is probably best done by fixing #2429, and then using ldaptor's cred plugin.