[auth_ldap] modify_role has to be called before the update to change it on the backend

* Allow configuring the password hash (SSHA, PBKDF2 or Argon2)
* Allow setting custom dn templates for users and groups to e.g. allow "ou=people" or "ou=user"
* Allow setting custom object class for entries
* Stop using deprecated openssl constants

flaschengeist/controller/roleController.py

@@ -2,7 +2,7 @@ from sqlalchemy.exc import IntegrityError
 from werkzeug.exceptions import BadRequest, NotFound
 
 from flaschengeist.models.user import Role, Permission
-from flaschengeist.database import db
+from flaschengeist.database import db, case_sensitive
 from flaschengeist import logger
 from flaschengeist.utils.hook import Hook
 
@@ -36,8 +36,8 @@ def update_role(role, new_name):
         except IntegrityError:
             logger.debug("IntegrityError: Role might still be in use", exc_info=True)
             raise BadRequest("Role still in use")
-    elif role.name != new_name:
-        if db.session.query(db.exists().where(Role.name == new_name)).scalar():
+    else:
+        if role.name == new_name or db.session.query(db.exists().where(Role.name == case_sensitive(new_name))).scalar():
             raise BadRequest("Name already used")
         role.name = new_name
         db.session.commit()

flaschengeist/database.py

@@ -1,3 +1,10 @@
 from flask_sqlalchemy import SQLAlchemy
 
 db = SQLAlchemy()
+
+
+def case_sensitive(s):
+    if db.session.bind.dialect.name == "mysql":
+        from sqlalchemy import func
+        return func.binary(s)
+    return s