[LDAP] Rollen updaten

* LDAP-Rollen werden geupdatet, wenn User geändert wird
* LDAP-Rollen werden geupdatet, wenn eine neue Person hinzugefügt wird.
This commit is contained in:
Tim Gröger 2020-11-12 22:47:10 +01:00
parent 95c9a5d7ee
commit 65af9ab367
1 changed files with 21 additions and 4 deletions

View File

@ -2,7 +2,7 @@
import ssl import ssl
from ldap3.utils.hashed import hashed from ldap3.utils.hashed import hashed
from ldap3 import SUBTREE, MODIFY_REPLACE, HASHED_SALTED_MD5 from ldap3 import SUBTREE, MODIFY_REPLACE, MODIFY_ADD, MODIFY_DELETE, HASHED_SALTED_MD5
from ldap3.core.exceptions import LDAPPasswordIsMandatoryError, LDAPBindError from ldap3.core.exceptions import LDAPPasswordIsMandatoryError, LDAPBindError
from flask import current_app as app from flask import current_app as app
from flask_ldapconn import LDAPConn from flask_ldapconn import LDAPConn
@ -83,8 +83,8 @@ class AuthLDAP(AuthPlugin):
'uidNumber': uidNumber 'uidNumber': uidNumber
} }
test = ldap_conn.add(dn, object_class, attributes) ldap_conn.add(dn, object_class, attributes)
print(test) self.set_roles(user)
except (LDAPPasswordIsMandatoryError, LDAPBindError): except (LDAPPasswordIsMandatoryError, LDAPBindError):
raise BadRequest raise BadRequest
except Exception as e: except Exception as e:
@ -116,7 +116,23 @@ class AuthLDAP(AuthPlugin):
groups.append(data["attributes"]["cn"][0]) groups.append(data["attributes"]["cn"][0])
return groups return groups
def modify_user(self, user: User, password, new_password=None): def set_roles(self, user: User):
try:
ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
self.ldap.connection.search(f"ou=group,{self.dn}", "(cn=*)", SUBTREE, attributes=["cn", "gidNumber"])
ldap_roles = self.ldap.response()
for ldap_role in ldap_roles:
if ldap_role["attributes"]["cn"][0] in user.roles:
modify = {'memberUid': [(MODIFY_ADD, [user.userid])]}
else:
modify = {'memberUid': [(MODIFY_DELETE, [user.userid])]}
test = ldap_conn.modify(ldap_role["dn"], modify)
except (LDAPPasswordIsMandatoryError, LDAPBindError):
raise BadRequest
def modify_user(self, user: User, password=None, new_password=None):
try: try:
dn = user.get_attribute("DN") dn = user.get_attribute("DN")
if password: if password:
@ -137,5 +153,6 @@ class AuthLDAP(AuthPlugin):
salted_password = hashed(HASHED_SALTED_MD5, new_password) salted_password = hashed(HASHED_SALTED_MD5, new_password)
modifier["userPassword"] = [(MODIFY_REPLACE, [salted_password])] modifier["userPassword"] = [(MODIFY_REPLACE, [salted_password])]
ldap_conn.modify(dn, modifier) ldap_conn.modify(dn, modifier)
self.set_roles(user)
except (LDAPPasswordIsMandatoryError, LDAPBindError): except (LDAPPasswordIsMandatoryError, LDAPBindError):
raise BadRequest raise BadRequest