[LDAP] Rollen updaten

* LDAP-Rollen werden geupdatet, wenn User geändert wird * LDAP-Rollen werden geupdatet, wenn eine neue Person hinzugefügt wird.
2020-11-12 22:47:10 +01:00 · 2020-11-12 22:47:10 +01:00 · 65af9ab367
parent 95c9a5d7ee
commit 65af9ab367
1 changed files with 21 additions and 4 deletions
--- a/flaschengeist/plugins/auth_ldap/init.py
+++ b/flaschengeist/plugins/auth_ldap/init.py
@ -2,7 +2,7 @@

 import ssl
 from ldap3.utils.hashed import hashed
-from ldap3 import SUBTREE, MODIFY_REPLACE, HASHED_SALTED_MD5
+from ldap3 import SUBTREE, MODIFY_REPLACE, MODIFY_ADD, MODIFY_DELETE, HASHED_SALTED_MD5
 from ldap3.core.exceptions import LDAPPasswordIsMandatoryError, LDAPBindError
 from flask import current_app as app
 from flask_ldapconn import LDAPConn
@ -83,8 +83,8 @@ class AuthLDAP(AuthPlugin):
                'uidNumber': uidNumber

            }
-            test = ldap_conn.add(dn, object_class, attributes)
-            print(test)
+            ldap_conn.add(dn, object_class, attributes)
+            self.set_roles(user)
        except (LDAPPasswordIsMandatoryError, LDAPBindError):
            raise BadRequest
        except Exception as e:
@ -116,7 +116,23 @@ class AuthLDAP(AuthPlugin):
            groups.append(data["attributes"]["cn"][0])
        return groups

-    def modify_user(self, user: User, password, new_password=None):
+    def set_roles(self, user: User):
+        try:
+            ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
+            self.ldap.connection.search(f"ou=group,{self.dn}", "(cn=*)", SUBTREE, attributes=["cn", "gidNumber"])
+            ldap_roles = self.ldap.response()
+            for ldap_role in ldap_roles:
+                if ldap_role["attributes"]["cn"][0] in user.roles:
+                    modify = {'memberUid': [(MODIFY_ADD, [user.userid])]}
+                else:
+                    modify = {'memberUid': [(MODIFY_DELETE, [user.userid])]}
+                test = ldap_conn.modify(ldap_role["dn"], modify)
+
+        except (LDAPPasswordIsMandatoryError, LDAPBindError):
+            raise BadRequest
+
+
+    def modify_user(self, user: User, password=None, new_password=None):
        try:
            dn = user.get_attribute("DN")
            if password:
@ -137,5 +153,6 @@ class AuthLDAP(AuthPlugin):
                salted_password = hashed(HASHED_SALTED_MD5, new_password)
                modifier["userPassword"] = [(MODIFY_REPLACE, [salted_password])]
            ldap_conn.modify(dn, modifier)
+            self.set_roles(user)
        except (LDAPPasswordIsMandatoryError, LDAPBindError):
            raise BadRequest