--- ldapauth.py.old 2008-10-24 08:30:35.796897000 -0700 +++ ldapauth.py.new 2008-10-24 08:28:02.966773400 -0700 @@ -109,15 +109,17 @@ if self.settings['LDAP_OPTIONS']: for k in self.settings['LDAP_OPTIONS']: - self.ldap.set_option(k, self.settings.LDAP_OPTIONS[k]) + self.ldap.set_option(k, self.settings["LDAP_OPTIONS"][k]) + l = self.ldap.initialize(self.settings['LDAP_SERVER_URI']) - bind_string = self._pre_bind(l, username) + ldap_username = username.replace('_', '.') + bind_string = self._pre_bind(l, ldap_username) if not bind_string: if self.settings['LDAP_DEBUG']: logging.info('LDAPBackend.authenticate failed: _pre_bind return no bind_string (%s, %s)' % ( - l, username)) + l, ldap_username)) return None try: @@ -136,7 +138,7 @@ try: user = self._get_user_by_name(username) except User.DoesNotExist: - user = self._get_ldap_user(l, username) + user = self._get_ldap_user(l, ldap_username) if user is not None: if self.settings['LDAP_UPDATE_FIELDS']: @@ -151,10 +153,10 @@ return user # Functions provided to override to customize to your LDAP configuration. - def _pre_bind(self, l, username): + def _pre_bind(self, l, ldap_username): """ Function that returns the dn to bind against ldap with. - called as: self._pre_bind(ldapobject, username) + called as: self._pre_bind(ldapobject, ldap_username) """ if not self.settings['LDAP_BINDDN']: # When the LDAP_BINDDN setting is blank we try to find the @@ -170,7 +172,7 @@ return None # Now do the actual search - filter = self.settings['LDAP_SEARCH_FILTER'] % username + filter = self.settings['LDAP_SEARCH_FILTER'] % ldap_username result = l.search_s(self.settings['LDAP_SEARCHDN'], self.settings['LDAP_SCOPE'], filter, attrsonly=1) @@ -182,7 +184,7 @@ return result[0][0] else: # LDAP_BINDDN is set so we use it as a template. - return "%s=%s,%s" % (self.settings['LDAP_BIND_ATTRIBUTE'], username, + return "%s=%s,%s" % (self.settings['LDAP_BIND_ATTRIBUTE'], ldap_username, self.settings['LDAP_BINDDN']) def _get_user_by_name(self, username): @@ -191,6 +193,7 @@ username. called as: self._get_user_by_name(username) """ + return User.objects.get(username=username) def _create_user_object(self, username, password): @@ -198,6 +201,7 @@ Creates and returns an object of contrib.auth.models.User. called as: self._create_user_object(username, password) """ + return User(username=username, password=password) # Required for an authentication backend @@ -208,13 +212,14 @@ return None # End of functions to override - def _get_ldap_user(self, l, username): + def _get_ldap_user(self, l, ldap_username): """ Helper method, makes a user object and call update_user to populate """ # Generate a random password string. - password = User.objects.make_random_password(10) + password = User.objects.make_random_password(12) + username = ldap_username.replace(".","_") user = self._create_user_object(username, password) return user @@ -223,9 +228,9 @@ Helper method, populates a user object with various attributes from LDAP. """ - - username = user.username - filter = self.settings['LDAP_SEARCH_FILTER'] % username + + ldap_username = user.username.replace("_",".") + filter = self.settings['LDAP_SEARCH_FILTER'] % ldap_username # Get results of search and make sure something was found. # At this point this shouldn't fail. @@ -265,7 +270,7 @@ if emailf and emailf in attrs: user.email = attrs[emailf][0] elif self.settings['LDAP_DEFAULT_EMAIL_SUFFIX']: - user.email = username + self.settings['LDAP_DEFAULT_EMAIL_SUFFIX'] + user.email = ldap_username + self.settings['LDAP_DEFAULT_EMAIL_SUFFIX'] # Check if we are mapping an ldap id to check if the user is staff or super