diff --git a/flaschengeist/plugins/auth_ldap/__init__.py b/flaschengeist/plugins/auth_ldap/__init__.py index 1cfd5aa..a872ce8 100644 --- a/flaschengeist/plugins/auth_ldap/__init__.py +++ b/flaschengeist/plugins/auth_ldap/__init__.py @@ -41,6 +41,7 @@ class AuthLDAP(AuthPlugin): self.password_hash = config.get("password_hash", "SSHA").upper() self.object_classes = config.get("object_classes", ["inetOrgPerson"]) self.user_attributes: dict = config.get("user_attributes", {}) + self.dn_template = config.get("dn_template") # TODO: might not be set if modify is called self.root_dn = config.get("root_dn", None) @@ -87,25 +88,34 @@ class AuthLDAP(AuthPlugin): key=lambda i: i["attributes"]["uidNumber"], reverse=True, ) - attributes = resp[0]["attributes"]["uidNumber"] + 1 if resp else attributes["uidNumber"] + attributes["uidNumber"] = resp[0]["attributes"]["uidNumber"] + 1 if resp else attributes["uidNumber"] dn = self.dn_template.format( - firstname=user.firstname, - lastname=user.lastname, - userid=user.userid, - mail=user.mail, - display_name=user.display_name, + user=user, base_dn=self.base_dn, ) + if "default_gid" in attributes: + default_gid = attributes.pop("default_gid") + attributes["gidNumber"] = default_gid + if "homeDirectory" in attributes: + attributes["homeDirectory"] = attributes.get("homeDirectory").format( + firstname=user.firstname, + lastname=user.lastname, + userid=user.userid, + mail=user.mail, + display_name=user.display_name, + ) attributes.update( { "sn": user.lastname, "givenName": user.firstname, "uid": user.userid, "userPassword": self.__hash(password), + "mail": user.mail, } ) ldap_conn.add(dn, self.object_classes, attributes) self._set_roles(user) + self.update_user(user) except (LDAPPasswordIsMandatoryError, LDAPBindError): raise BadRequest