[LDAP] Neue Rollen werden hinzugefügt

This commit is contained in:
Tim Gröger 2020-11-12 23:42:03 +01:00
parent 65af9ab367
commit 96765ee932
2 changed files with 19 additions and 4 deletions

View File

@ -27,10 +27,12 @@ enabled = true
# URL =
# PORT =
# BINDDN =
# BASEDN =
# SECRET =
# USE_SSL =
## ADMIN_DN:
## ADMIN_SECRET:
# ADMIN_DN =
# ADMIN_SECRET =
# gidNumber =
#[users]
# allways enabled

View File

@ -34,6 +34,7 @@ class AuthLDAP(AuthPlugin):
app.config["LDAP_SECRET"] = (config["SECRET"],)
self.ldap = LDAPConn(app)
self.dn = config["BASEDN"]
self.gidNumber = config['gidNumber']
# TODO: might not be set if modify is called
if "ADMIN_DN" in config:
self.admin_dn = config["ADMIN_DN"]
@ -75,7 +76,7 @@ class AuthLDAP(AuthPlugin):
attributes = {
'sn': user.firstname,
'givenName': user.lastname,
'gidNumber': 15000,
'gidNumber': self.gidNumber,
'homeDirectory': f'/home/{user.userid}',
'loginShell': '/bin/bash',
'uid': user.userid,
@ -121,12 +122,24 @@ class AuthLDAP(AuthPlugin):
ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
self.ldap.connection.search(f"ou=group,{self.dn}", "(cn=*)", SUBTREE, attributes=["cn", "gidNumber"])
ldap_roles = self.ldap.response()
gidNumbers = sorted(ldap_roles, key=lambda i: i['attributes']['gidNumber'], reverse=True)
gidNumber = gidNumbers[0]['attributes']['gidNumber'] + 1
for user_role in user.roles:
if user_role not in [role["attributes"]["cn"][0] for role in ldap_roles]:
ldap_conn.add(f"cn={user_role},ou=group,{self.dn}", ["posixGroup"], attributes={"gidNumber": gidNumber})
ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
self.ldap.connection.search(f"ou=group,{self.dn}", "(cn=*)", SUBTREE, attributes=["cn", "gidNumber"])
ldap_roles = self.ldap.response()
for ldap_role in ldap_roles:
if ldap_role["attributes"]["cn"][0] in user.roles:
modify = {'memberUid': [(MODIFY_ADD, [user.userid])]}
else:
modify = {'memberUid': [(MODIFY_DELETE, [user.userid])]}
test = ldap_conn.modify(ldap_role["dn"], modify)
ldap_conn.modify(ldap_role["dn"], modify)
except (LDAPPasswordIsMandatoryError, LDAPBindError):
raise BadRequest