[LDAP] editieren von bestehenden rollen.

flaschengeist/plugins/auth_ldap/__init__.py

@@ -1,6 +1,8 @@
 """LDAP Authentication Provider Plugin"""
 
 import ssl
+from typing import Optional
+
 from ldap3.utils.hashed import hashed
 from ldap3 import SUBTREE, MODIFY_REPLACE, MODIFY_ADD, MODIFY_DELETE, HASHED_SALTED_MD5
 from ldap3.core.exceptions import LDAPPasswordIsMandatoryError, LDAPBindError
@@ -129,13 +131,6 @@ class AuthLDAP(AuthPlugin):
         )
         return self.ldap.response()
 
-    def _delete_unsed_roles(self):
-        ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
-        ldap_roles = self._get_all_roles(ldap_conn)
-        for role in ldap_roles:
-            if len(role["attributes"]["memberUid"]) == 0:
-                ldap_conn.delete(role["dn"])
-
     def _set_roles(self, user: User):
         try:
             ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
@@ -166,7 +161,25 @@ class AuthLDAP(AuthPlugin):
                     modify = {"memberUid": [(MODIFY_DELETE, [user.userid])]}
                 ldap_conn.modify(ldap_role["dn"], modify)
 
-            self._delete_unsed_roles()
+        except (LDAPPasswordIsMandatoryError, LDAPBindError):
+            raise BadRequest
+
+    def modify_role(self, old_name: str, new_name: Optional[str]):
+        if self.admin_dn is None:
+            logger.error("admin_dn missing in ldap config!")
+            raise InternalServerError
+        try:
+            ldap_conn = self.ldap.connect(self.admin_dn, self.admin_secret)
+            ldap_conn.search(
+                f"ou=group,{self.dn}", f"(cn={old_name})", SUBTREE, attributes=["cn"]
+            )
+            if len(ldap_conn.response) >= 0:
+                dn = ldap_conn.response[0]["dn"]
+                if new_name:
+                    ldap_conn.modify_dn(dn, f"cn={new_name}")
+                else:
+                    ldap_conn.delete(dn)
+
         except (LDAPPasswordIsMandatoryError, LDAPBindError):
             raise BadRequest