[auth_ldap] fix create Users

flaschengeist/plugins/auth_ldap/__init__.py

@@ -41,6 +41,7 @@ class AuthLDAP(AuthPlugin):
         self.password_hash = config.get("password_hash", "SSHA").upper()
         self.object_classes = config.get("object_classes", ["inetOrgPerson"])
         self.user_attributes: dict = config.get("user_attributes", {})
+        self.dn_template = config.get("dn_template")
 
         # TODO: might not be set if modify is called
         self.root_dn = config.get("root_dn", None)
@@ -87,25 +88,34 @@ class AuthLDAP(AuthPlugin):
                     key=lambda i: i["attributes"]["uidNumber"],
                     reverse=True,
                 )
-                attributes = resp[0]["attributes"]["uidNumber"] + 1 if resp else attributes["uidNumber"]
+                attributes["uidNumber"] = resp[0]["attributes"]["uidNumber"] + 1 if resp else attributes["uidNumber"]
             dn = self.dn_template.format(
-                firstname=user.firstname,
-                lastname=user.lastname,
-                userid=user.userid,
-                mail=user.mail,
-                display_name=user.display_name,
+                user=user,
                 base_dn=self.base_dn,
             )
+            if "default_gid" in attributes:
+                default_gid = attributes.pop("default_gid")
+                attributes["gidNumber"] = default_gid
+            if "homeDirectory" in attributes:
+                attributes["homeDirectory"] = attributes.get("homeDirectory").format(
+                    firstname=user.firstname,
+                    lastname=user.lastname,
+                    userid=user.userid,
+                    mail=user.mail,
+                    display_name=user.display_name,
+                )
             attributes.update(
                 {
                     "sn": user.lastname,
                     "givenName": user.firstname,
                     "uid": user.userid,
                     "userPassword": self.__hash(password),
+                    "mail": user.mail,
                 }
             )
             ldap_conn.add(dn, self.object_classes, attributes)
             self._set_roles(user)
+            self.update_user(user)
         except (LDAPPasswordIsMandatoryError, LDAPBindError):
             raise BadRequest
 

run_flaschengeist

@@ -167,6 +167,28 @@ def export(arguments):
         gen.write()
 
 
+def ldap_sync(arguments):
+    from flaschengeist.app import create_app
+    from flaschengeist.controller import userController
+    from flaschengeist.plugins.auth_ldap import AuthLDAP
+    from ldap3 import SUBTREE
+
+    app = create_app()
+    with app.app_context():
+        auth_ldap: AuthLDAP = app.config.get("FG_PLUGINS").get("auth_ldap")
+        if auth_ldap:
+            conn = auth_ldap.ldap.connection
+            if not conn:
+                conn = auth_ldap.ldap.connect(auth_ldap.root_dn, auth_ldap.root_secret)
+            conn.search(auth_ldap.search_dn, "(uid=*)", SUBTREE, attributes=["uid", "givenName", "sn", "mail"])
+            ldap_users_response = conn.response
+            for ldap_user in ldap_users_response:
+                uid = ldap_user["attributes"]["uid"][0]
+                userController.find_user(uid)
+            exit()
+        raise Exception("auth_ldap not found")
+
+
 if __name__ == "__main__":
     # create the top-level parser
     parser = argparse.ArgumentParser()
@@ -192,5 +214,8 @@ if __name__ == "__main__":
     )
     parser_export.add_argument("--plugins", help="Also export plugins (none means all)", nargs="*")
 
+    parser_ldap_sync = subparsers.add_parser("ldap_sync", help="synch ldap-users with database")
+    parser_ldap_sync.set_defaults(func=ldap_sync)
+
     args = parser.parse_args()
     args.func(args)