Django

Code

Ticket #2507: ldapauth.patch

File ldapauth.patch, 4.5 kB (added by spkane, 1 year ago)

Example patch to handle converting periods in ldap usernames to underscrore for the django username

  • ldapauth.py.old

    old new  
    109109 
    110110        if self.settings['LDAP_OPTIONS']: 
    111111            for k in self.settings['LDAP_OPTIONS']: 
    112                 self.ldap.set_option(k, self.settings.LDAP_OPTIONS[k]) 
     112                self.ldap.set_option(k, self.settings["LDAP_OPTIONS"][k]) 
     113 
    113114 
    114115        l = self.ldap.initialize(self.settings['LDAP_SERVER_URI']) 
    115116 
    116         bind_string = self._pre_bind(l, username) 
     117        ldap_username = username.replace('_', '.') 
     118        bind_string = self._pre_bind(l, ldap_username) 
    117119        if not bind_string: 
    118120            if self.settings['LDAP_DEBUG']: 
    119121                logging.info('LDAPBackend.authenticate failed: _pre_bind return no bind_string (%s, %s)' % ( 
    120                     l, username)) 
     122                    l, ldap_username)) 
    121123            return None 
    122124 
    123125        try: 
     
    136138        try: 
    137139            user = self._get_user_by_name(username) 
    138140        except User.DoesNotExist: 
    139             user = self._get_ldap_user(l, username) 
     141            user = self._get_ldap_user(l, ldap_username) 
    140142 
    141143        if user is not None: 
    142144            if self.settings['LDAP_UPDATE_FIELDS']: 
     
    151153        return user 
    152154 
    153155    # Functions provided to override to customize to your LDAP configuration. 
    154     def _pre_bind(self, l, username): 
     156    def _pre_bind(self, l, ldap_username): 
    155157        """ 
    156158        Function that returns the dn to bind against ldap with. 
    157         called as: self._pre_bind(ldapobject, username) 
     159        called as: self._pre_bind(ldapobject, ldap_username) 
    158160        """ 
    159161        if not self.settings['LDAP_BINDDN']: 
    160162            # When the LDAP_BINDDN setting is blank we try to find the 
     
    170172                    return None 
    171173 
    172174            # Now do the actual search 
    173             filter = self.settings['LDAP_SEARCH_FILTER'] % username 
     175            filter = self.settings['LDAP_SEARCH_FILTER'] % ldap_username 
    174176            result = l.search_s(self.settings['LDAP_SEARCHDN'], 
    175177                        self.settings['LDAP_SCOPE'], filter, attrsonly=1) 
    176178 
     
    182184            return result[0][0] 
    183185        else: 
    184186            # LDAP_BINDDN is set so we use it as a template. 
    185             return "%s=%s,%s" % (self.settings['LDAP_BIND_ATTRIBUTE'], username, 
     187            return "%s=%s,%s" % (self.settings['LDAP_BIND_ATTRIBUTE'], ldap_username, 
    186188                    self.settings['LDAP_BINDDN']) 
    187189     
    188190    def _get_user_by_name(self, username): 
     
    191193        username. 
    192194        called as: self._get_user_by_name(username) 
    193195        """ 
     196         
    194197        return User.objects.get(username=username) 
    195198 
    196199    def _create_user_object(self, username, password): 
     
    198201        Creates and returns an object of contrib.auth.models.User. 
    199202        called as: self._create_user_object(username, password) 
    200203        """ 
     204         
    201205        return User(username=username, password=password) 
    202206 
    203207    # Required for an authentication backend 
     
    208212            return None 
    209213    # End of functions to override 
    210214 
    211     def _get_ldap_user(self, l, username): 
     215    def _get_ldap_user(self, l, ldap_username): 
    212216        """ 
    213217        Helper method, makes a user object and call update_user to populate 
    214218        """ 
    215219 
    216220        # Generate a random password string. 
    217         password = User.objects.make_random_password(10) 
     221        password = User.objects.make_random_password(12) 
     222        username = ldap_username.replace(".","_") 
    218223        user = self._create_user_object(username, password) 
    219224        return user 
    220225 
     
    223228        Helper method, populates a user object with various attributes from 
    224229        LDAP. 
    225230        """ 
    226  
    227         username = user.username 
    228         filter = self.settings['LDAP_SEARCH_FILTER'] % username 
     231         
     232        ldap_username = user.username.replace("_",".") 
     233        filter = self.settings['LDAP_SEARCH_FILTER'] % ldap_username 
    229234 
    230235        # Get results of search and make sure something was found. 
    231236        # At this point this shouldn't fail. 
     
    265270        if emailf and emailf in attrs: 
    266271            user.email = attrs[emailf][0] 
    267272        elif self.settings['LDAP_DEFAULT_EMAIL_SUFFIX']: 
    268             user.email = username + self.settings['LDAP_DEFAULT_EMAIL_SUFFIX']   
     273            user.email = ldap_username + self.settings['LDAP_DEFAULT_EMAIL_SUFFIX']   
    269274 
    270275 
    271276        # Check if we are mapping an ldap id to check if the user is staff or super