[Plugin] auth_ldap: Implemented find_user
* Search for user inside of auth backend
This commit is contained in:
parent
d0db878a5c
commit
68512a9851
|
@ -72,6 +72,16 @@ class AuthPlugin(Plugin):
|
||||||
"""
|
"""
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
def find_user(self, userid, mail=None):
|
||||||
|
"""Find an user by userid or mail
|
||||||
|
Args:
|
||||||
|
userid: Userid to search
|
||||||
|
mail: If set, mail to search
|
||||||
|
Returns:
|
||||||
|
None or User
|
||||||
|
"""
|
||||||
|
return None
|
||||||
|
|
||||||
def modify_user(self, user, password, new_password=None):
|
def modify_user(self, user, password, new_password=None):
|
||||||
"""If backend is using (writeable) external data, then update the external database with the user provided.
|
"""If backend is using (writeable) external data, then update the external database with the user provided.
|
||||||
User might have roles not existing on the external database, so you might have to create those.
|
User might have roles not existing on the external database, so you might have to create those.
|
||||||
|
|
|
@ -52,23 +52,16 @@ class AuthLDAP(AuthPlugin):
|
||||||
return False
|
return False
|
||||||
return self.ldap.authenticate(user.userid, password, "uid", self.dn)
|
return self.ldap.authenticate(user.userid, password, "uid", self.dn)
|
||||||
|
|
||||||
|
def find_user(self, userid, mail=None):
|
||||||
|
attr = self.__find(userid, mail)
|
||||||
|
if attr:
|
||||||
|
user = User(userid=attr["uid"][0])
|
||||||
|
self.__update(user, attr)
|
||||||
|
return user
|
||||||
|
|
||||||
def update_user(self, user):
|
def update_user(self, user):
|
||||||
self.ldap.connection.search(
|
attr = self.__find(user.userid)
|
||||||
"ou=user,{}".format(self.dn),
|
self.__update(user, attr)
|
||||||
"(uid={})".format(user.userid),
|
|
||||||
SUBTREE,
|
|
||||||
attributes=["uid", "givenName", "sn", "mail"],
|
|
||||||
)
|
|
||||||
r = self.ldap.connection.response[0]["attributes"]
|
|
||||||
if r["uid"][0] == user.userid:
|
|
||||||
user.set_attribute("DN", self.ldap.connection.response[0]["dn"])
|
|
||||||
user.firstname = r["givenName"][0]
|
|
||||||
user.lastname = r["sn"][0]
|
|
||||||
if r["mail"]:
|
|
||||||
user.mail = r["mail"][0]
|
|
||||||
if "displayName" in r:
|
|
||||||
user.display_name = r["displayName"][0]
|
|
||||||
userController.set_roles(user, self._get_groups(user.userid), create=True)
|
|
||||||
|
|
||||||
def create_user(self, user, password):
|
def create_user(self, user, password):
|
||||||
if self.admin_dn is None:
|
if self.admin_dn is None:
|
||||||
|
@ -182,6 +175,31 @@ class AuthLDAP(AuthPlugin):
|
||||||
ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
|
ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
|
||||||
ldap_conn.modify(dn, {"jpegPhoto": [(MODIFY_REPLACE, [avatar.binary])]})
|
ldap_conn.modify(dn, {"jpegPhoto": [(MODIFY_REPLACE, [avatar.binary])]})
|
||||||
|
|
||||||
|
def __find(self, userid, mail=None):
|
||||||
|
"""Find attributes of an user by uid or mail in LDAP"""
|
||||||
|
con = self.ldap.connection
|
||||||
|
if not con:
|
||||||
|
con = self.ldap.connect(self.admin_dn, self.admin_secret)
|
||||||
|
con.search(
|
||||||
|
f"ou=user,{self.dn}",
|
||||||
|
f"(| (uid={userid})(mail={mail}))" if mail else f"(uid={userid})",
|
||||||
|
SUBTREE,
|
||||||
|
attributes=["uid", "givenName", "sn", "mail"],
|
||||||
|
)
|
||||||
|
return con.response[0]["attributes"]
|
||||||
|
|
||||||
|
def __update(self, user, attr):
|
||||||
|
"""Update an User object with LDAP attributes"""
|
||||||
|
if attr["uid"][0] == user.userid:
|
||||||
|
user.set_attribute("DN", self.ldap.connection.response[0]["dn"])
|
||||||
|
user.firstname = attr["givenName"][0]
|
||||||
|
user.lastname = attr["sn"][0]
|
||||||
|
if attr["mail"]:
|
||||||
|
user.mail = attr["mail"][0]
|
||||||
|
if "displayName" in attr:
|
||||||
|
user.display_name = attr["displayName"][0]
|
||||||
|
userController.set_roles(user, self._get_groups(user.userid), create=True)
|
||||||
|
|
||||||
def __modify_role(
|
def __modify_role(
|
||||||
self,
|
self,
|
||||||
role: Role,
|
role: Role,
|
||||||
|
|
Loading…
Reference in New Issue