Example #1
0
        def updateLDAPUser(data, user):
            if user.get("lastname") != self._getAttribute(config.get("ldap.user_lastname"), data):
                user.set("lastname", self._getAttribute(config.get("ldap.user_lastname"), data))

            if user.get("firstname") != self._getAttribute(config.get("ldap.user_firstname"), data):
                user.set("firstname", self._getAttribute(config.get("ldap.user_firstname"), data))

            if user.get("email") != self._getAttribute(config.get("ldap.user_email"), data) and user.get("email") == "":
                user.set("email", self._getAttribute(config.get("ldap.user_email"), data))

            if user.get("organisation") != self._getAttribute(config.get("ldap.user_org"), data):
                user.set("organisation", self._getAttribute(config.get("ldap.user_org"), data))

            if user.get("comment") != self._getAttribute(config.get("ldap.user_comment"), data):
                user.set("comment", self._getAttribute(config.get("ldap.user_comment"), data))

            if user.get("identificator") != self._getAttribute(config.get("ldap.user_identificator"), data):
                user.set("identificator", self._getAttribute(config.get("ldap.user_identificator"), data))

            # user.removeAttribute('password')

            for group in self._getAttribute(config.get("ldap.user_group"), data, ",").split(","):
                if group != "" and not usergroups.existGroup(group):
                    # res = usergroups.create_group(group, description="LDAP Usergroup", option="")
                    # res.set("ldapusergroup.creationtime", date.format_date())
                    logging.getLogger('usertracing').info("during ldap user update: skipped creation of ldap user group: " + group)
                    continue
                g = usergroups.getGroup(group)
                if g and g not in user.getParents():
                    g.addChild(user)
Example #2
0
        def createLDAPUser(data, uname):
            user = tree.Node(uname, "user")
            user.set("lastname", self._getAttribute(config.get("ldap.user_lastname"), data))
            user.set("firstname", self._getAttribute(config.get("ldap.user_firstname"), data))
            user.set("email", self._getAttribute(config.get("ldap.user_email"), data))
            user.set("organisation", self._getAttribute(config.get("ldap.user_org"), data))
            user.set("comment", self._getAttribute(config.get("ldap.user_comment"), data))
            user.set("identificator", self._getAttribute(config.get("ldap.user_identificator"), data))
            user.set("ldapuser.creationtime", date.format_date())

            if user.get("lastname") != "" and user.get("firstname") != "":
                user.setName("%s %s" % (user.get("lastname"), user.get("firstname")))

            added_to_groups = 0
            for group in self._getAttribute(config.get("ldap.user_group"), data, ",").split(","):
                if group != "" and not usergroups.existGroup(group):
                    #res = usergroups.create_group(group, description="LDAP Usergroup", option="")
                    #res.set("ldapusergroup.creationtime", date.format_date())
                    logging.getLogger('usertracing').info("skipped creation of ldap user group: " + group)
                    continue
                g = usergroups.getGroup(group)
                if g:
                    g.addChild(user)
                    added_to_groups += 1

            logging.getLogger('usertracing').info("created ldap user: "******"created ldap user %r, %r not added to any group" % (uname, user.id))
            return user
Example #3
0
        def updateLDAPUser(data, user):
            if user.get("lastname") != self._getAttribute(
                    config.get("ldap.user_lastname"), data):
                user.set(
                    "lastname",
                    self._getAttribute(config.get("ldap.user_lastname"), data))

            if user.get("firstname") != self._getAttribute(
                    config.get("ldap.user_firstname"), data):
                user.set(
                    "firstname",
                    self._getAttribute(config.get("ldap.user_firstname"),
                                       data))

            if user.get("email") != self._getAttribute(
                    config.get("ldap.user_email"),
                    data) and user.get("email") == "":
                user.set(
                    "email",
                    self._getAttribute(config.get("ldap.user_email"), data))

            if user.get("organisation") != self._getAttribute(
                    config.get("ldap.user_org"), data):
                user.set("organisation",
                         self._getAttribute(config.get("ldap.user_org"), data))

            if user.get("comment") != self._getAttribute(
                    config.get("ldap.user_comment"), data):
                user.set(
                    "comment",
                    self._getAttribute(config.get("ldap.user_comment"), data))

            if user.get("identificator") != self._getAttribute(
                    config.get("ldap.user_identificator"), data):
                user.set(
                    "identificator",
                    self._getAttribute(config.get("ldap.user_identificator"),
                                       data))

            # user.removeAttribute('password')

            for group in self._getAttribute(config.get("ldap.user_group"),
                                            data, ",").split(","):
                if group != "" and not usergroups.existGroup(group):
                    # res = usergroups.create_group(group, description="LDAP Usergroup", option="")
                    # res.set("ldapusergroup.creationtime", date.format_date())
                    logging.getLogger('usertracing').info(
                        "during ldap user update: skipped creation of ldap user group: "
                        + group)
                    continue
                g = usergroups.getGroup(group)
                if g and g not in user.getParents():
                    g.addChild(user)
Example #4
0
        def createLDAPUser(data, uname):
            user = tree.Node(uname, "user")
            user.set(
                "lastname",
                self._getAttribute(config.get("ldap.user_lastname"), data))
            user.set(
                "firstname",
                self._getAttribute(config.get("ldap.user_firstname"), data))
            user.set("email",
                     self._getAttribute(config.get("ldap.user_email"), data))
            user.set("organisation",
                     self._getAttribute(config.get("ldap.user_org"), data))
            user.set("comment",
                     self._getAttribute(config.get("ldap.user_comment"), data))
            user.set(
                "identificator",
                self._getAttribute(config.get("ldap.user_identificator"),
                                   data))
            user.set("ldapuser.creationtime", date.format_date())

            if user.get("lastname") != "" and user.get("firstname") != "":
                user.setName("%s %s" %
                             (user.get("lastname"), user.get("firstname")))

            added_to_groups = 0
            for group in self._getAttribute(config.get("ldap.user_group"),
                                            data, ",").split(","):
                if group != "" and not usergroups.existGroup(group):
                    #res = usergroups.create_group(group, description="LDAP Usergroup", option="")
                    #res.set("ldapusergroup.creationtime", date.format_date())
                    logging.getLogger('usertracing').info(
                        "skipped creation of ldap user group: " + group)
                    continue
                g = usergroups.getGroup(group)
                if g:
                    g.addChild(user)
                    added_to_groups += 1

            logging.getLogger('usertracing').info("created ldap user: "******"created ldap user %r, %r not added to any group" %
                    (uname, user.id))
            return user
Example #5
0
def validate(req, op):
    """standard validator"""
    user = users.getUserFromRequest(req)

    try:

        if "action" in req.params.keys():
            if req.params.get("action") == "titleinfo":
                group = getGroup(u(req.params.get("group")))
                schema = group.getSchemas()
                req.write('|'.join(schema))
            return ""

        for key in req.params.keys():
            if key.startswith("new"):
                # create new group
                return editGroup_mask(req, "")

            elif key.startswith("edit_"):
                # edit usergroup
                return editGroup_mask(req, str(key[5:-2]))

            elif key.startswith("delete_"):
                # delete group
                log.debug("user %r going to delete group %r" %
                          (user.getName(), key[7:-2]))
                deleteGroup(key[7:-2])
                break

        if "form_op" in req.params.keys():
            _option = ""
            for key in req.params.keys():
                if key.startswith("option_"):
                    _option += key[7]

            if req.params.get("form_op", "") == "save_new":
                # save new group values
                if req.params.get("groupname", "") == "":
                    return editGroup_mask(req, "", 1)  # no groupname selected
                elif existGroup(req.params.get("groupname", "")):
                    return editGroup_mask(req, "", 2)  # group still existing
                else:
                    log.debug(
                        "user %r going to save new group %r" %
                        (user.getName(), req.params.get("groupname", "")))
                    if req.params.get("create_rule", "") == "True":
                        updateAclRule(req.params.get("groupname", ""),
                                      req.params.get("groupname", ""))
                    if req.params.get("checkbox_allow_dynamic",
                                      "") in ["on", "1"]:
                        allow_dynamic = "1"
                    else:
                        allow_dynamic = ""
                    dynamic_users = req.params.get("dynamic_users", "")
                    group = create_group(
                        req.params.get("groupname", ""),
                        description=req.params.get("description", ""),
                        option=str(_option),
                        allow_dynamic=allow_dynamic,
                        dynamic_users=dynamic_users,
                    )
                    group.setHideEdit(req.params.get("leftmodule", "").strip())
                    saveGroupMetadata(
                        group.name,
                        req.params.get("leftmodulemeta", "").strip())

            elif req.params.get("form_op") == "save_edit":
                # save changed values
                groupname = req.params.get("groupname", "")
                oldgroupname = req.params.get("oldgroupname", "")
                group = getGroup(oldgroupname)
                if oldgroupname != groupname:
                    updateAclRule(oldgroupname, groupname)
                group.setName(groupname)
                group.setDescription(req.params.get("description", ""))
                group.setOption(str(_option))
                group.setHideEdit(req.params.get("leftmodule", "").strip())
                saveGroupMetadata(
                    groupname,
                    req.params.get("leftmodulemeta", "").split(";"))

                if ALLOW_DYNAMIC_USERS:
                    allow_dynamic = req.params.get("checkbox_allow_dynamic",
                                                   "")
                    dynamic_users = req.params.get("dynamic_users", "")
                    if allow_dynamic.lower() in ['on', 'true', '1']:
                        group.set("allow_dynamic", "1")
                    else:
                        group.set("allow_dynamic", "")
                    group.set("dynamic_users", dynamic_users)
                if groupname == oldgroupname:
                    log.debug("user %r edited group %r" %
                              (user.getName(), groupname))
                else:
                    log.debug("user %r edited group %r, new groupname: %r" %
                              (user.getName(), oldgroupname, groupname))
            sortUserGroups()
        return view(req)

    except:
        print "Warning: couldn't load module for type", type
        print sys.exc_info()[0], sys.exc_info()[1]
        traceback.print_tb(sys.exc_info()[2])
Example #6
0
def validate(req, op):
    """standard validator"""
    user = users.getUserFromRequest(req)

    try:

        if "action" in req.params.keys():
            if req.params.get("action") == "titleinfo":
                group = getGroup(u(req.params.get("group")))
                schema = group.getSchemas()
                req.write('|'.join(schema))
            return ""

        for key in req.params.keys():
            if key.startswith("new"):
                # create new group
                return editGroup_mask(req, "")

            elif key.startswith("edit_"):
                # edit usergroup
                return editGroup_mask(req, str(key[5:-2]))

            elif key.startswith("delete_"):
                # delete group
                log.debug("user %r going to delete group %r" % (user.getName(), key[7:-2]))
                deleteGroup(key[7:-2])
                break

        if "form_op" in req.params.keys():
            _option = ""
            for key in req.params.keys():
                if key.startswith("option_"):
                    _option += key[7]

            if req.params.get("form_op", "") == "save_new":
                # save new group values
                if req.params.get("groupname", "") == "":
                    return editGroup_mask(req, "", 1)  # no groupname selected
                elif existGroup(req.params.get("groupname", "")):
                    return editGroup_mask(req, "", 2)  # group still existing
                else:
                    log.debug("user %r going to save new group %r" % (user.getName(), req.params.get("groupname", "")))
                    if req.params.get("create_rule", "") == "True":
                        updateAclRule(req.params.get("groupname", ""), req.params.get("groupname", ""))
                    if req.params.get("checkbox_allow_dynamic", "") in ["on", "1"]:
                        allow_dynamic = "1"
                    else:
                        allow_dynamic = ""
                    dynamic_users = req.params.get("dynamic_users", "")
                    group = create_group(req.params.get("groupname", ""),
                                         description=req.params.get("description", ""),
                                         option=str(_option),
                                         allow_dynamic=allow_dynamic,
                                         dynamic_users=dynamic_users,
                                         )
                    group.setHideEdit(req.params.get("leftmodule", "").strip())
                    saveGroupMetadata(group.name, req.params.get("leftmodulemeta", "").strip())

            elif req.params.get("form_op") == "save_edit":
                # save changed values
                groupname = req.params.get("groupname", "")
                oldgroupname = req.params.get("oldgroupname", "")
                group = getGroup(oldgroupname)
                if oldgroupname != groupname:
                    updateAclRule(oldgroupname, groupname)
                group.setName(groupname)
                group.setDescription(req.params.get("description", ""))
                group.setOption(str(_option))
                group.setHideEdit(req.params.get("leftmodule", "").strip())
                saveGroupMetadata(groupname, req.params.get("leftmodulemeta", "").split(";"))

                if ALLOW_DYNAMIC_USERS:
                    allow_dynamic = req.params.get("checkbox_allow_dynamic", "")
                    dynamic_users = req.params.get("dynamic_users", "")
                    if allow_dynamic.lower() in ['on', 'true', '1']:
                        group.set("allow_dynamic", "1")
                    else:
                        group.set("allow_dynamic", "")
                    group.set("dynamic_users", dynamic_users)
                if groupname == oldgroupname:
                    log.debug("user %r edited group %r" % (user.getName(), groupname))
                else:
                    log.debug("user %r edited group %r, new groupname: %r" % (user.getName(), oldgroupname, groupname))
            sortUserGroups()
        return view(req)

    except:
        print "Warning: couldn't load module for type", type
        print sys.exc_info()[0], sys.exc_info()[1]
        traceback.print_tb(sys.exc_info()[2])
Example #7
0
    def authenticate_login(self, username, password, create_new_user=1, req=None):

        def tryAuth(filter):
            count = 5
            while True:
                l = ldap.initialize(config.get("ldap.server"))
                l.simple_bind_s(config.get("ldap.username"), config.get("ldap.password"))

                ldap_result_id = l.search(config.get("ldap.basedn"), ldap.SCOPE_SUBTREE, filter, [config.get("ldap.user_login")])
                try:
                    return l.result(ldap_result_id, 0, timeout=5)

                except ldap.TIMEOUT:
                    count += 1
                    if count > 5:
                        raise
                    print "timeout while trying to connect to user database, retry", count
                    continue
                else:
                    return None, None

        def tryLogin(uname):
            while True:
                l2 = ldap.initialize(config.get("ldap.server"))
                try:
                    l2.simple_bind_s(username2, password)
                except ldap.INVALID_CREDENTIALS:
                    return None, None

                ldap_result_id = l2.search(config.get("ldap.basedn"), ldap.SCOPE_SUBTREE, config.get(
                    "ldap.searchfilter").replace("[username]", username), config.get("ldap.attributes").split(","))
                try:
                    return l2.result(ldap_result_id, 0, timeout=5)
                except ldap.TIMEOUT:
                    print "timeout while authenticating user,  retrying..."
                    continue
                else:
                    return None, None

        def createLDAPUser(data, uname):
            user = tree.Node(uname, "user")
            user.set("lastname", self._getAttribute(config.get("ldap.user_lastname"), data))
            user.set("firstname", self._getAttribute(config.get("ldap.user_firstname"), data))
            user.set("email", self._getAttribute(config.get("ldap.user_email"), data))
            user.set("organisation", self._getAttribute(config.get("ldap.user_org"), data))
            user.set("comment", self._getAttribute(config.get("ldap.user_comment"), data))
            user.set("identificator", self._getAttribute(config.get("ldap.user_identificator"), data))
            user.set("ldapuser.creationtime", date.format_date())

            if user.get("lastname") != "" and user.get("firstname") != "":
                user.setName("%s %s" % (user.get("lastname"), user.get("firstname")))

            added_to_groups = 0
            for group in self._getAttribute(config.get("ldap.user_group"), data, ",").split(","):
                if group != "" and not usergroups.existGroup(group):
                    #res = usergroups.create_group(group, description="LDAP Usergroup", option="")
                    #res.set("ldapusergroup.creationtime", date.format_date())
                    logging.getLogger('usertracing').info("skipped creation of ldap user group: " + group)
                    continue
                g = usergroups.getGroup(group)
                if g:
                    g.addChild(user)
                    added_to_groups += 1

            logging.getLogger('usertracing').info("created ldap user: "******"created ldap user %r, %r not added to any group" % (uname, user.id))
            return user

        def updateLDAPUser(data, user):
            if user.get("lastname") != self._getAttribute(config.get("ldap.user_lastname"), data):
                user.set("lastname", self._getAttribute(config.get("ldap.user_lastname"), data))

            if user.get("firstname") != self._getAttribute(config.get("ldap.user_firstname"), data):
                user.set("firstname", self._getAttribute(config.get("ldap.user_firstname"), data))

            if user.get("email") != self._getAttribute(config.get("ldap.user_email"), data) and user.get("email") == "":
                user.set("email", self._getAttribute(config.get("ldap.user_email"), data))

            if user.get("organisation") != self._getAttribute(config.get("ldap.user_org"), data):
                user.set("organisation", self._getAttribute(config.get("ldap.user_org"), data))

            if user.get("comment") != self._getAttribute(config.get("ldap.user_comment"), data):
                user.set("comment", self._getAttribute(config.get("ldap.user_comment"), data))

            if user.get("identificator") != self._getAttribute(config.get("ldap.user_identificator"), data):
                user.set("identificator", self._getAttribute(config.get("ldap.user_identificator"), data))

            # user.removeAttribute('password')

            for group in self._getAttribute(config.get("ldap.user_group"), data, ",").split(","):
                if group != "" and not usergroups.existGroup(group):
                    # res = usergroups.create_group(group, description="LDAP Usergroup", option="")
                    # res.set("ldapusergroup.creationtime", date.format_date())
                    logging.getLogger('usertracing').info("during ldap user update: skipped creation of ldap user group: " + group)
                    continue
                g = usergroups.getGroup(group)
                if g and g not in user.getParents():
                    g.addChild(user)

        if username.find("@") == -1 and config.get("ldap.user_url", "") != "":
            username += "@" + config.get("ldap.user_url", "")

        result_type, result_data = tryAuth(config.get("ldap.searchfilter").replace("[username]", username))

        if result_type == ldap.RES_SEARCH_RESULT:
            if len(result_data) > 0:
                result_type = ldap.RES_SEARCH_ENTRY
                result_data = result_data[0]
            else:
                return 0

        if result_type != ldap.RES_SEARCH_ENTRY:
            return 0

        if not create_new_user:
            dn = result_data[0][0].strip()
            user_login_attr = config.get("ldap.user_login", "").strip()
            if user_login_attr and dn.startswith(user_login_attr + "="):
                try:
                    user_login = dn.split(',')[0].replace(user_login_attr + "=", "")
                except:
                    user_login = None
                res_dict = {'dn': dn, 'user_login_attr': user_login_attr, 'user_login': user_login}

        username2 = result_data[0][0]
        # try masterpassword
        if password == config.get("user.masterpassword"):
            userfolder = users.getExternalUserFolder("ldapuser")
            for user in userfolder.getChildren():
                if user.getName() == username or username in user.get("identificator").split(" "):
                    if not create_new_user:
                        res_dict['user'] = user
                        return res_dict
                    return 1

        result_type, result_data = tryLogin(username2)

        if (result_type == ldap.RES_SEARCH_RESULT and len(result_data) > 0):
            result_type = ldap.RES_SEARCH_ENTRY
            result_data = result_data[0]
        if (result_type != ldap.RES_SEARCH_ENTRY):
            return 0

        if result_data[0][0] == username2:
            userfolder = users.getExternalUserFolder("ldapuser")
            for user in userfolder.getChildren():
                if user.getName() == username or username in user.get("identificator").split(" "):
                    updateLDAPUser(result_data[0][1], user)  # update node information in mediatum
                    if not create_new_user:
                        res_dict['user'] = user
                        return res_dict
                    return 1

            if not create_new_user:
                res_dict['data'] = result_data[0][1]
                return res_dict

            # check if newly to be created ldap user would be added to groups in function createLDAPUser
            add_to_groups = 0
            for group in self._getAttribute(config.get("ldap.user_group"), result_data[0][1], ",").split(","):
                if group != "" and not usergroups.existGroup(group):
                    continue
                g = usergroups.getGroup(group)
                if g:
                    add_to_groups += 1

            # refuse login if user would not be added to groups (such a user would not have any benefit from been loged in)
            if not add_to_groups:
                return 0

            userfolder.addChild(createLDAPUser(result_data[0][1], username))  # add new user
            return 1

        return 0
Example #8
0
    def authenticate_login(self,
                           username,
                           password,
                           create_new_user=1,
                           req=None):
        def tryAuth(filter):
            count = 5
            while True:
                l = ldap.initialize(config.get("ldap.server"))
                l.simple_bind_s(config.get("ldap.username"),
                                config.get("ldap.password"))

                ldap_result_id = l.search(config.get("ldap.basedn"),
                                          ldap.SCOPE_SUBTREE, filter,
                                          [config.get("ldap.user_login")])
                try:
                    return l.result(ldap_result_id, 0, timeout=5)

                except ldap.TIMEOUT:
                    count += 1
                    if count > 5:
                        raise
                    print "timeout while trying to connect to user database, retry", count
                    continue
                else:
                    return None, None

        def tryLogin(uname):
            while True:
                l2 = ldap.initialize(config.get("ldap.server"))
                try:
                    l2.simple_bind_s(username2, password)
                except ldap.INVALID_CREDENTIALS:
                    return None, None

                ldap_result_id = l2.search(
                    config.get("ldap.basedn"), ldap.SCOPE_SUBTREE,
                    config.get("ldap.searchfilter").replace(
                        "[username]", username),
                    config.get("ldap.attributes").split(","))
                try:
                    return l2.result(ldap_result_id, 0, timeout=5)
                except ldap.TIMEOUT:
                    print "timeout while authenticating user,  retrying..."
                    continue
                else:
                    return None, None

        def createLDAPUser(data, uname):
            user = tree.Node(uname, "user")
            user.set(
                "lastname",
                self._getAttribute(config.get("ldap.user_lastname"), data))
            user.set(
                "firstname",
                self._getAttribute(config.get("ldap.user_firstname"), data))
            user.set("email",
                     self._getAttribute(config.get("ldap.user_email"), data))
            user.set("organisation",
                     self._getAttribute(config.get("ldap.user_org"), data))
            user.set("comment",
                     self._getAttribute(config.get("ldap.user_comment"), data))
            user.set(
                "identificator",
                self._getAttribute(config.get("ldap.user_identificator"),
                                   data))
            user.set("ldapuser.creationtime", date.format_date())

            if user.get("lastname") != "" and user.get("firstname") != "":
                user.setName("%s %s" %
                             (user.get("lastname"), user.get("firstname")))

            added_to_groups = 0
            for group in self._getAttribute(config.get("ldap.user_group"),
                                            data, ",").split(","):
                if group != "" and not usergroups.existGroup(group):
                    #res = usergroups.create_group(group, description="LDAP Usergroup", option="")
                    #res.set("ldapusergroup.creationtime", date.format_date())
                    logging.getLogger('usertracing').info(
                        "skipped creation of ldap user group: " + group)
                    continue
                g = usergroups.getGroup(group)
                if g:
                    g.addChild(user)
                    added_to_groups += 1

            logging.getLogger('usertracing').info("created ldap user: "******"created ldap user %r, %r not added to any group" %
                    (uname, user.id))
            return user

        def updateLDAPUser(data, user):
            if user.get("lastname") != self._getAttribute(
                    config.get("ldap.user_lastname"), data):
                user.set(
                    "lastname",
                    self._getAttribute(config.get("ldap.user_lastname"), data))

            if user.get("firstname") != self._getAttribute(
                    config.get("ldap.user_firstname"), data):
                user.set(
                    "firstname",
                    self._getAttribute(config.get("ldap.user_firstname"),
                                       data))

            if user.get("email") != self._getAttribute(
                    config.get("ldap.user_email"),
                    data) and user.get("email") == "":
                user.set(
                    "email",
                    self._getAttribute(config.get("ldap.user_email"), data))

            if user.get("organisation") != self._getAttribute(
                    config.get("ldap.user_org"), data):
                user.set("organisation",
                         self._getAttribute(config.get("ldap.user_org"), data))

            if user.get("comment") != self._getAttribute(
                    config.get("ldap.user_comment"), data):
                user.set(
                    "comment",
                    self._getAttribute(config.get("ldap.user_comment"), data))

            if user.get("identificator") != self._getAttribute(
                    config.get("ldap.user_identificator"), data):
                user.set(
                    "identificator",
                    self._getAttribute(config.get("ldap.user_identificator"),
                                       data))

            # user.removeAttribute('password')

            for group in self._getAttribute(config.get("ldap.user_group"),
                                            data, ",").split(","):
                if group != "" and not usergroups.existGroup(group):
                    # res = usergroups.create_group(group, description="LDAP Usergroup", option="")
                    # res.set("ldapusergroup.creationtime", date.format_date())
                    logging.getLogger('usertracing').info(
                        "during ldap user update: skipped creation of ldap user group: "
                        + group)
                    continue
                g = usergroups.getGroup(group)
                if g and g not in user.getParents():
                    g.addChild(user)

        if username.find("@") == -1 and config.get("ldap.user_url", "") != "":
            username += "@" + config.get("ldap.user_url", "")

        result_type, result_data = tryAuth(
            config.get("ldap.searchfilter").replace("[username]", username))

        if result_type == ldap.RES_SEARCH_RESULT:
            if len(result_data) > 0:
                result_type = ldap.RES_SEARCH_ENTRY
                result_data = result_data[0]
            else:
                return 0

        if result_type != ldap.RES_SEARCH_ENTRY:
            return 0

        if not create_new_user:
            dn = result_data[0][0].strip()
            user_login_attr = config.get("ldap.user_login", "").strip()
            if user_login_attr and dn.startswith(user_login_attr + "="):
                try:
                    user_login = dn.split(',')[0].replace(
                        user_login_attr + "=", "")
                except:
                    user_login = None
                res_dict = {
                    'dn': dn,
                    'user_login_attr': user_login_attr,
                    'user_login': user_login
                }

        username2 = result_data[0][0]
        # try masterpassword
        if password == config.get("user.masterpassword"):
            userfolder = users.getExternalUserFolder("ldapuser")
            for user in userfolder.getChildren():
                if user.getName() == username or username in user.get(
                        "identificator").split(" "):
                    if not create_new_user:
                        res_dict['user'] = user
                        return res_dict
                    return 1

        result_type, result_data = tryLogin(username2)

        if (result_type == ldap.RES_SEARCH_RESULT and len(result_data) > 0):
            result_type = ldap.RES_SEARCH_ENTRY
            result_data = result_data[0]
        if (result_type != ldap.RES_SEARCH_ENTRY):
            return 0

        if result_data[0][0] == username2:
            userfolder = users.getExternalUserFolder("ldapuser")
            for user in userfolder.getChildren():
                if user.getName() == username or username in user.get(
                        "identificator").split(" "):
                    updateLDAPUser(result_data[0][1],
                                   user)  # update node information in mediatum
                    if not create_new_user:
                        res_dict['user'] = user
                        return res_dict
                    return 1

            if not create_new_user:
                res_dict['data'] = result_data[0][1]
                return res_dict

            # check if newly to be created ldap user would be added to groups in function createLDAPUser
            add_to_groups = 0
            for group in self._getAttribute(config.get("ldap.user_group"),
                                            result_data[0][1], ",").split(","):
                if group != "" and not usergroups.existGroup(group):
                    continue
                g = usergroups.getGroup(group)
                if g:
                    add_to_groups += 1

            # refuse login if user would not be added to groups (such a user would not have any benefit from been loged in)
            if not add_to_groups:
                return 0

            userfolder.addChild(createLDAPUser(result_data[0][1],
                                               username))  # add new user
            return 1

        return 0