def get_user(self, *args, **kwargs):
"""
Returns the user with the given identifier.
The user identifier should either be keyword arguments,
or positional arguments that match the fields in
settings.LDAP_AUTH_USER_LOOKUP_FIELDS.
For the default User model, this can therefor be in
the form `get_user(username)` or `get_user(username=username)`.
"""
# Parse the user lookup.
user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS, True, args, kwargs)
# Search the LDAP database.
search_filter = "(&(objectClass={object_class}){user_identifier})".format(
object_class = clean_ldap_name(settings.LDAP_AUTH_OBJECT_CLASS),
user_identifier = "".join(
"({attribute_name}={field_value})".format(
attribute_name = clean_ldap_name(settings.LDAP_AUTH_USER_FIELDS[field_name]),
field_value = clean_ldap_name(field_value),
)
for field_name, field_value
in user_identifier.items()
),
)
if self._connection.search(
search_base = settings.LDAP_AUTH_SEARCH_BASE,
search_filter = search_filter,
search_scope = ldap3.SEARCH_SCOPE_WHOLE_SUBTREE,
attributes = list(settings.LDAP_AUTH_USER_FIELDS.values()),
size_limit = 1,
):
return self._get_or_create_user(self._connection.response[0])
return None
def get_user(self, *args, **kwargs):
"""
Returns the user with the given identifier.
The user identifier should either be keyword arguments,
or positional arguments that match the fields in
settings.LDAP_AUTH_USER_LOOKUP_FIELDS.
For the default User model, this can therefor be in
the form `get_user(username)` or `get_user(username=username)`.
"""
# Parse the user lookup.
user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS, True, args, kwargs)
# Search the LDAP database.
search_filter = "(&(objectClass={object_class}){user_identifier})".format(
object_class = clean_ldap_name(settings.LDAP_AUTH_OBJECT_CLASS),
user_identifier = "".join(
"({attribute_name}={field_value})".format(
attribute_name = clean_ldap_name(settings.LDAP_AUTH_USER_FIELDS[field_name]),
field_value = clean_ldap_name(field_value),
)
for field_name, field_value
in user_identifier.items()
),
)
if self._connection.search(
search_base = settings.LDAP_AUTH_SEARCH_BASE,
search_filter = search_filter,
search_scope = ldap3.SEARCH_SCOPE_WHOLE_SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES,
size_limit = 1,
):
return self._get_or_create_user(self._connection.response[0])
return None
def connection(*args, **kwargs):
"""
Creates and returns a connection to the LDAP server.
If a user identifier is given, it should either be
keyword arguments, or positional arguments that match the fields in
settings.LDAP_AUTH_USER_LOOKUP_FIELDS.
The final positional argument, or the keyword argument `password`, will
be taken as the user's password.
"""
# Parse the user lookup.
user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS + ("password",), False, args, kwargs)
# Format the DN for the username.
if user_identifier:
password = user_identifier.pop("password")
username_dn = "{user_identifier},{search_base}".format(
user_identifier = ",".join(
"{attribute_name}={field_value}".format(
attribute_name = clean_ldap_name(settings.LDAP_AUTH_USER_FIELDS[field_name]),
field_value = clean_ldap_name(field_value),
)
for field_name, field_value
in user_identifier.items()
),
search_base = settings.LDAP_AUTH_SEARCH_BASE,
)
else:
password = None
username_dn = None
# Make the connection.
if user_identifier:
if settings.LDAP_AUTH_USE_TLS:
auto_bind = ldap3.AUTO_BIND_TLS_BEFORE_BIND
else:
auto_bind = ldap3.AUTO_BIND_NO_TLS
else:
auto_bind = ldap3.AUTO_BIND_NONE
try:
c = ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=username_dn, password=password, auto_bind=auto_bind)
with ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=username_dn, password=password, auto_bind=auto_bind) as c:
yield Connection(c)
except ldap3.LDAPBindError:
# Alternative search LDAP_AUTH_SEARCH_BASE
alt_con = ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=settings.LDAP_SEARCH_DN,
password=settings.LDAP_SEARCH_PASSWORD, auto_bind=auto_bind)
if alt_con.search(settings.LDAP_AUTH_SEARCH_BASE,'(&(objectClass=person)(uid=%s))' % (kwargs['username'],), ldap3.SUBTREE):
try:
if len(alt_con.response) == 1:
username_dn = alt_con.response[0]['dn']
c2 = ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=username_dn, password=password, auto_bind=auto_bind)
yield Connection(c2)
except:
yield
else:
yield
def connection(*args, **kwargs):
"""
Creates and returns a connection to the LDAP server.
If a user identifier is given, it should either be
keyword arguments, or positional arguments that match the fields in
settings.LDAP_AUTH_USER_LOOKUP_FIELDS.
The final positional argument, or the keyword argument `password`, will
be taken as the user's password.
"""
# Parse the user lookup.
user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS + ("password",), False, args, kwargs)
# Format the DN for the username.
if user_identifier:
password = user_identifier.pop("password")
username_dn = "{user_identifier},{search_base}".format(
user_identifier = ",".join(
"{attribute_name}={field_value}".format(
attribute_name = clean_ldap_name(settings.LDAP_AUTH_USER_FIELDS[field_name]),
field_value = clean_ldap_name(field_value),
)
for field_name, field_value
in user_identifier.items()
),
search_base = settings.LDAP_AUTH_SEARCH_BASE,
)
else:
username_dn = settings.LDAP_AUTH_CONNECTION_USERNAME
password = settings.LDAP_AUTH_CONNECTION_PASSWORD
# Make the connection.
# --------------------------------------------------------------------------
# iJet changes here to support explicit auto bind override.
if settings.LDAP_AUTO_BIND is None:
if user_identifier:
if settings.LDAP_AUTH_USE_TLS:
auto_bind = ldap3.AUTO_BIND_TLS_BEFORE_BIND
else:
auto_bind = ldap3.AUTO_BIND_NO_TLS
else:
auto_bind = ldap3.AUTO_BIND_NONE
else:
auto_bind = settings.LDAP_AUTO_BIND
# --------------------------------------------------------------------------
try:
with ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=username_dn, password=password, auto_bind=auto_bind) as c:
yield Connection(c)
except (ldap3.LDAPBindError, ldap3.LDAPSASLPrepError):
yield None
def connection(*args, **kwargs):
"""
Creates and returns a connection to the LDAP server.
If a user identifier is given, it should either be
keyword arguments, or positional arguments that match the fields in
settings.LDAP_AUTH_USER_LOOKUP_FIELDS.
The final positional argument, or the keyword argument `password`, will
be taken as the user's password.
"""
# Parse the user lookup.
user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS + ("password",), False, args, kwargs)
# Format the DN for the username.
if user_identifier:
password = user_identifier.pop("password")
username_dn = "{user_identifier},{search_base}".format(
user_identifier = ",".join(
"{attribute_name}={field_value}".format(
attribute_name = clean_ldap_name(settings.LDAP_AUTH_USER_FIELDS[field_name]),
field_value = clean_ldap_name(field_value),
)
for field_name, field_value
in user_identifier.items()
),
search_base = settings.LDAP_AUTH_SEARCH_BASE,
)
else:
password = None
username_dn = None
# Make the connection.
with ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=username_dn, password=password, auto_bind=ldap3.AUTO_BIND_NONE) as c:
if settings.LDAP_AUTH_USE_TLS:
c.start_tls()
# Attempt authentication, if required.
if user_identifier and not c.bind():
yield None
else:
# We authenticated, so let's return the connection.
auth_connection = Connection(c)
yield auth_connection
def connection(*args, **kwargs):
"""
Creates and returns a connection to the LDAP server.
If a user identifier is given, it should either be
keyword arguments, or positional arguments that match the fields in
settings.LDAP_AUTH_USER_LOOKUP_FIELDS.
The final positional argument, or the keyword argument `password`, will
be taken as the user's password.
"""
# Parse the user lookup.
user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS + ("password",), False, args, kwargs)
# Format the DN for the username.
if user_identifier:
password = user_identifier.pop("password")
username_dn = "{user_identifier},{search_base}".format(
user_identifier = ",".join(
"{attribute_name}={field_value}".format(
attribute_name = clean_ldap_name(settings.LDAP_AUTH_USER_FIELDS[field_name]),
field_value = clean_ldap_name(field_value),
)
for field_name, field_value
in user_identifier.items()
),
search_base = settings.LDAP_AUTH_SEARCH_BASE,
)
else:
password = None
username_dn = None
# Make the connection.
if user_identifier:
if settings.LDAP_AUTH_USE_TLS:
auto_bind = ldap3.AUTO_BIND_TLS_BEFORE_BIND
else:
auto_bind = ldap3.AUTO_BIND_NO_TLS
else:
auto_bind = ldap3.AUTO_BIND_NONE
try:
with ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=username_dn, password=password, auto_bind=auto_bind) as c:
yield Connection(c)
except ldap3.LDAPBindError:
yield None
def iter_users(self):
"""
Returns an iterator of Django users that correspond to
users in the LDAP database.
"""
paged_entries = self._connection.extend.standard.paged_search(
search_base = settings.LDAP_AUTH_SEARCH_BASE,
search_filter = "(objectClass={object_class})".format(
object_class = clean_ldap_name(settings.LDAP_AUTH_OBJECT_CLASS),
),
search_scope = ldap3.SEARCH_SCOPE_WHOLE_SUBTREE,
attributes = list(settings.LDAP_AUTH_USER_FIELDS.values()),
paged_size = 30,
)
return (
self._get_or_create_user(entry)
for entry
in paged_entries
)
def iter_users(self):
"""
Returns an iterator of Django users that correspond to
users in the LDAP database.
"""
paged_entries = self._connection.extend.standard.paged_search(
search_base = settings.LDAP_AUTH_SEARCH_BASE,
search_filter = "(objectClass={object_class})".format(
object_class = clean_ldap_name(settings.LDAP_AUTH_OBJECT_CLASS),
),
search_scope = ldap3.SEARCH_SCOPE_WHOLE_SUBTREE,
attributes = list(settings.LDAP_AUTH_USER_FIELDS.values()),
paged_size = 30,
)
return (
self._get_or_create_user(entry)
for entry
in paged_entries
)
def testCleanLdapName(self):
self.assertEqual(clean_ldap_name("*****@*****.**"), r'*****@*****.**')
self.assertEqual(clean_ldap_name("café"), r'caf\E9')
def testCleanLdapName(self):
self.assertEqual(clean_ldap_name("*****@*****.**"), r"*****@*****.**")
self.assertEqual(clean_ldap_name("café"), r"caf\E9")
