Ticket #2507: ldapauth.patch

File ldapauth.patch, 4.5 KB (added by spkane, 16 years ago)

Example patch to handle converting periods in ldap usernames to underscrore for the django username

  • ldapauth.py.

    old new  
    109109
    110110        if self.settings['LDAP_OPTIONS']:
    111111            for k in self.settings['LDAP_OPTIONS']:
    112                 self.ldap.set_option(k, self.settings.LDAP_OPTIONS[k])
     112                self.ldap.set_option(k, self.settings["LDAP_OPTIONS"][k])
     113
    113114
    114115        l = self.ldap.initialize(self.settings['LDAP_SERVER_URI'])
    115116
    116         bind_string = self._pre_bind(l, username)
     117        ldap_username = username.replace('_', '.')
     118        bind_string = self._pre_bind(l, ldap_username)
    117119        if not bind_string:
    118120            if self.settings['LDAP_DEBUG']:
    119121                logging.info('LDAPBackend.authenticate failed: _pre_bind return no bind_string (%s, %s)' % (
    120                     l, username))
     122                    l, ldap_username))
    121123            return None
    122124
    123125        try:
     
    136138        try:
    137139            user = self._get_user_by_name(username)
    138140        except User.DoesNotExist:
    139             user = self._get_ldap_user(l, username)
     141            user = self._get_ldap_user(l, ldap_username)
    140142
    141143        if user is not None:
    142144            if self.settings['LDAP_UPDATE_FIELDS']:
     
    151153        return user
    152154
    153155    # Functions provided to override to customize to your LDAP configuration.
    154     def _pre_bind(self, l, username):
     156    def _pre_bind(self, l, ldap_username):
    155157        """
    156158        Function that returns the dn to bind against ldap with.
    157         called as: self._pre_bind(ldapobject, username)
     159        called as: self._pre_bind(ldapobject, ldap_username)
    158160        """
    159161        if not self.settings['LDAP_BINDDN']:
    160162            # When the LDAP_BINDDN setting is blank we try to find the
     
    170172                    return None
    171173
    172174            # Now do the actual search
    173             filter = self.settings['LDAP_SEARCH_FILTER'] % username
     175            filter = self.settings['LDAP_SEARCH_FILTER'] % ldap_username
    174176            result = l.search_s(self.settings['LDAP_SEARCHDN'],
    175177                        self.settings['LDAP_SCOPE'], filter, attrsonly=1)
    176178
     
    182184            return result[0][0]
    183185        else:
    184186            # LDAP_BINDDN is set so we use it as a template.
    185             return "%s=%s,%s" % (self.settings['LDAP_BIND_ATTRIBUTE'], username,
     187            return "%s=%s,%s" % (self.settings['LDAP_BIND_ATTRIBUTE'], ldap_username,
    186188                    self.settings['LDAP_BINDDN'])
    187189   
    188190    def _get_user_by_name(self, username):
     
    191193        username.
    192194        called as: self._get_user_by_name(username)
    193195        """
     196       
    194197        return User.objects.get(username=username)
    195198
    196199    def _create_user_object(self, username, password):
     
    198201        Creates and returns an object of contrib.auth.models.User.
    199202        called as: self._create_user_object(username, password)
    200203        """
     204       
    201205        return User(username=username, password=password)
    202206
    203207    # Required for an authentication backend
     
    208212            return None
    209213    # End of functions to override
    210214
    211     def _get_ldap_user(self, l, username):
     215    def _get_ldap_user(self, l, ldap_username):
    212216        """
    213217        Helper method, makes a user object and call update_user to populate
    214218        """
    215219
    216220        # Generate a random password string.
    217         password = User.objects.make_random_password(10)
     221        password = User.objects.make_random_password(12)
     222        username = ldap_username.replace(".","_")
    218223        user = self._create_user_object(username, password)
    219224        return user
    220225
     
    223228        Helper method, populates a user object with various attributes from
    224229        LDAP.
    225230        """
    226 
    227         username = user.username
    228         filter = self.settings['LDAP_SEARCH_FILTER'] % username
     231       
     232        ldap_username = user.username.replace("_",".")
     233        filter = self.settings['LDAP_SEARCH_FILTER'] % ldap_username
    229234
    230235        # Get results of search and make sure something was found.
    231236        # At this point this shouldn't fail.
     
    265270        if emailf and emailf in attrs:
    266271            user.email = attrs[emailf][0]
    267272        elif self.settings['LDAP_DEFAULT_EMAIL_SUFFIX']:
    268             user.email = username + self.settings['LDAP_DEFAULT_EMAIL_SUFFIX'] 
     273            user.email = ldap_username + self.settings['LDAP_DEFAULT_EMAIL_SUFFIX'] 
    269274
    270275
    271276        # Check if we are mapping an ldap id to check if the user is staff or super
Back to Top