From 65af9ab367a9416365f788f32812bd1dafa98def Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20Gr=C3=B6ger?= Date: Thu, 12 Nov 2020 22:47:10 +0100 Subject: [PATCH] [LDAP] Rollen updaten MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * LDAP-Rollen werden geupdatet, wenn User geändert wird * LDAP-Rollen werden geupdatet, wenn eine neue Person hinzugefügt wird. --- flaschengeist/plugins/auth_ldap/__init__.py | 25 +++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/flaschengeist/plugins/auth_ldap/__init__.py b/flaschengeist/plugins/auth_ldap/__init__.py index 201ed7b..b9412b1 100644 --- a/flaschengeist/plugins/auth_ldap/__init__.py +++ b/flaschengeist/plugins/auth_ldap/__init__.py @@ -2,7 +2,7 @@ import ssl from ldap3.utils.hashed import hashed -from ldap3 import SUBTREE, MODIFY_REPLACE, HASHED_SALTED_MD5 +from ldap3 import SUBTREE, MODIFY_REPLACE, MODIFY_ADD, MODIFY_DELETE, HASHED_SALTED_MD5 from ldap3.core.exceptions import LDAPPasswordIsMandatoryError, LDAPBindError from flask import current_app as app from flask_ldapconn import LDAPConn @@ -83,8 +83,8 @@ class AuthLDAP(AuthPlugin): 'uidNumber': uidNumber } - test = ldap_conn.add(dn, object_class, attributes) - print(test) + ldap_conn.add(dn, object_class, attributes) + self.set_roles(user) except (LDAPPasswordIsMandatoryError, LDAPBindError): raise BadRequest except Exception as e: @@ -116,7 +116,23 @@ class AuthLDAP(AuthPlugin): groups.append(data["attributes"]["cn"][0]) return groups - def modify_user(self, user: User, password, new_password=None): + def set_roles(self, user: User): + try: + ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret) + self.ldap.connection.search(f"ou=group,{self.dn}", "(cn=*)", SUBTREE, attributes=["cn", "gidNumber"]) + ldap_roles = self.ldap.response() + for ldap_role in ldap_roles: + if ldap_role["attributes"]["cn"][0] in user.roles: + modify = {'memberUid': [(MODIFY_ADD, [user.userid])]} + else: + modify = {'memberUid': [(MODIFY_DELETE, [user.userid])]} + test = ldap_conn.modify(ldap_role["dn"], modify) + + except (LDAPPasswordIsMandatoryError, LDAPBindError): + raise BadRequest + + + def modify_user(self, user: User, password=None, new_password=None): try: dn = user.get_attribute("DN") if password: @@ -137,5 +153,6 @@ class AuthLDAP(AuthPlugin): salted_password = hashed(HASHED_SALTED_MD5, new_password) modifier["userPassword"] = [(MODIFY_REPLACE, [salted_password])] ldap_conn.modify(dn, modifier) + self.set_roles(user) except (LDAPPasswordIsMandatoryError, LDAPBindError): raise BadRequest