[Plugin] auth_ldap: Implemented find_user

* Search for user inside of auth backend
This commit is contained in:
Ferdinand Thiessen 2021-01-19 03:29:26 +01:00
parent d0db878a5c
commit 68512a9851
2 changed files with 44 additions and 16 deletions

View File

@ -72,6 +72,16 @@ class AuthPlugin(Plugin):
"""
pass
def find_user(self, userid, mail=None):
"""Find an user by userid or mail
Args:
userid: Userid to search
mail: If set, mail to search
Returns:
None or User
"""
return None
def modify_user(self, user, password, new_password=None):
"""If backend is using (writeable) external data, then update the external database with the user provided.
User might have roles not existing on the external database, so you might have to create those.

View File

@ -52,23 +52,16 @@ class AuthLDAP(AuthPlugin):
return False
return self.ldap.authenticate(user.userid, password, "uid", self.dn)
def find_user(self, userid, mail=None):
attr = self.__find(userid, mail)
if attr:
user = User(userid=attr["uid"][0])
self.__update(user, attr)
return user
def update_user(self, user):
self.ldap.connection.search(
"ou=user,{}".format(self.dn),
"(uid={})".format(user.userid),
SUBTREE,
attributes=["uid", "givenName", "sn", "mail"],
)
r = self.ldap.connection.response[0]["attributes"]
if r["uid"][0] == user.userid:
user.set_attribute("DN", self.ldap.connection.response[0]["dn"])
user.firstname = r["givenName"][0]
user.lastname = r["sn"][0]
if r["mail"]:
user.mail = r["mail"][0]
if "displayName" in r:
user.display_name = r["displayName"][0]
userController.set_roles(user, self._get_groups(user.userid), create=True)
attr = self.__find(user.userid)
self.__update(user, attr)
def create_user(self, user, password):
if self.admin_dn is None:
@ -182,6 +175,31 @@ class AuthLDAP(AuthPlugin):
ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
ldap_conn.modify(dn, {"jpegPhoto": [(MODIFY_REPLACE, [avatar.binary])]})
def __find(self, userid, mail=None):
"""Find attributes of an user by uid or mail in LDAP"""
con = self.ldap.connection
if not con:
con = self.ldap.connect(self.admin_dn, self.admin_secret)
con.search(
f"ou=user,{self.dn}",
f"(| (uid={userid})(mail={mail}))" if mail else f"(uid={userid})",
SUBTREE,
attributes=["uid", "givenName", "sn", "mail"],
)
return con.response[0]["attributes"]
def __update(self, user, attr):
"""Update an User object with LDAP attributes"""
if attr["uid"][0] == user.userid:
user.set_attribute("DN", self.ldap.connection.response[0]["dn"])
user.firstname = attr["givenName"][0]
user.lastname = attr["sn"][0]
if attr["mail"]:
user.mail = attr["mail"][0]
if "displayName" in attr:
user.display_name = attr["displayName"][0]
userController.set_roles(user, self._get_groups(user.userid), create=True)
def __modify_role(
self,
role: Role,