def get_user(self, *args, **kwargs): """ Returns the user with the given identifier. The user identifier should either be keyword arguments, or positional arguments that match the fields in settings.LDAP_AUTH_USER_LOOKUP_FIELDS. For the default User model, this can therefor be in the form `get_user(username)` or `get_user(username=username)`. """ # Parse the user lookup. user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS, True, args, kwargs) # Search the LDAP database. search_filter = "(&(objectClass={object_class}){user_identifier})".format( object_class = clean_ldap_name(settings.LDAP_AUTH_OBJECT_CLASS), user_identifier = "".join( "({attribute_name}={field_value})".format( attribute_name = clean_ldap_name(settings.LDAP_AUTH_USER_FIELDS[field_name]), field_value = clean_ldap_name(field_value), ) for field_name, field_value in user_identifier.items() ), ) if self._connection.search( search_base = settings.LDAP_AUTH_SEARCH_BASE, search_filter = search_filter, search_scope = ldap3.SEARCH_SCOPE_WHOLE_SUBTREE, attributes = list(settings.LDAP_AUTH_USER_FIELDS.values()), size_limit = 1, ): return self._get_or_create_user(self._connection.response[0]) return None
def get_user(self, *args, **kwargs): """ Returns the user with the given identifier. The user identifier should either be keyword arguments, or positional arguments that match the fields in settings.LDAP_AUTH_USER_LOOKUP_FIELDS. For the default User model, this can therefor be in the form `get_user(username)` or `get_user(username=username)`. """ # Parse the user lookup. user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS, True, args, kwargs) # Search the LDAP database. search_filter = "(&(objectClass={object_class}){user_identifier})".format( object_class = clean_ldap_name(settings.LDAP_AUTH_OBJECT_CLASS), user_identifier = "".join( "({attribute_name}={field_value})".format( attribute_name = clean_ldap_name(settings.LDAP_AUTH_USER_FIELDS[field_name]), field_value = clean_ldap_name(field_value), ) for field_name, field_value in user_identifier.items() ), ) if self._connection.search( search_base = settings.LDAP_AUTH_SEARCH_BASE, search_filter = search_filter, search_scope = ldap3.SEARCH_SCOPE_WHOLE_SUBTREE, attributes = ldap3.ALL_ATTRIBUTES, size_limit = 1, ): return self._get_or_create_user(self._connection.response[0]) return None
def connection(*args, **kwargs): """ Creates and returns a connection to the LDAP server. If a user identifier is given, it should either be keyword arguments, or positional arguments that match the fields in settings.LDAP_AUTH_USER_LOOKUP_FIELDS. The final positional argument, or the keyword argument `password`, will be taken as the user's password. """ # Parse the user lookup. user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS + ("password",), False, args, kwargs) # Format the DN for the username. if user_identifier: password = user_identifier.pop("password") username_dn = "{user_identifier},{search_base}".format( user_identifier = ",".join( "{attribute_name}={field_value}".format( attribute_name = clean_ldap_name(settings.LDAP_AUTH_USER_FIELDS[field_name]), field_value = clean_ldap_name(field_value), ) for field_name, field_value in user_identifier.items() ), search_base = settings.LDAP_AUTH_SEARCH_BASE, ) else: password = None username_dn = None # Make the connection. if user_identifier: if settings.LDAP_AUTH_USE_TLS: auto_bind = ldap3.AUTO_BIND_TLS_BEFORE_BIND else: auto_bind = ldap3.AUTO_BIND_NO_TLS else: auto_bind = ldap3.AUTO_BIND_NONE try: c = ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=username_dn, password=password, auto_bind=auto_bind) with ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=username_dn, password=password, auto_bind=auto_bind) as c: yield Connection(c) except ldap3.LDAPBindError: # Alternative search LDAP_AUTH_SEARCH_BASE alt_con = ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=settings.LDAP_SEARCH_DN, password=settings.LDAP_SEARCH_PASSWORD, auto_bind=auto_bind) if alt_con.search(settings.LDAP_AUTH_SEARCH_BASE,'(&(objectClass=person)(uid=%s))' % (kwargs['username'],), ldap3.SUBTREE): try: if len(alt_con.response) == 1: username_dn = alt_con.response[0]['dn'] c2 = ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=username_dn, password=password, auto_bind=auto_bind) yield Connection(c2) except: yield else: yield
def connection(*args, **kwargs): """ Creates and returns a connection to the LDAP server. If a user identifier is given, it should either be keyword arguments, or positional arguments that match the fields in settings.LDAP_AUTH_USER_LOOKUP_FIELDS. The final positional argument, or the keyword argument `password`, will be taken as the user's password. """ # Parse the user lookup. user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS + ("password",), False, args, kwargs) # Format the DN for the username. if user_identifier: password = user_identifier.pop("password") username_dn = "{user_identifier},{search_base}".format( user_identifier = ",".join( "{attribute_name}={field_value}".format( attribute_name = clean_ldap_name(settings.LDAP_AUTH_USER_FIELDS[field_name]), field_value = clean_ldap_name(field_value), ) for field_name, field_value in user_identifier.items() ), search_base = settings.LDAP_AUTH_SEARCH_BASE, ) else: username_dn = settings.LDAP_AUTH_CONNECTION_USERNAME password = settings.LDAP_AUTH_CONNECTION_PASSWORD # Make the connection. # -------------------------------------------------------------------------- # iJet changes here to support explicit auto bind override. if settings.LDAP_AUTO_BIND is None: if user_identifier: if settings.LDAP_AUTH_USE_TLS: auto_bind = ldap3.AUTO_BIND_TLS_BEFORE_BIND else: auto_bind = ldap3.AUTO_BIND_NO_TLS else: auto_bind = ldap3.AUTO_BIND_NONE else: auto_bind = settings.LDAP_AUTO_BIND # -------------------------------------------------------------------------- try: with ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=username_dn, password=password, auto_bind=auto_bind) as c: yield Connection(c) except (ldap3.LDAPBindError, ldap3.LDAPSASLPrepError): yield None
def connection(*args, **kwargs): """ Creates and returns a connection to the LDAP server. If a user identifier is given, it should either be keyword arguments, or positional arguments that match the fields in settings.LDAP_AUTH_USER_LOOKUP_FIELDS. The final positional argument, or the keyword argument `password`, will be taken as the user's password. """ # Parse the user lookup. user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS + ("password",), False, args, kwargs) # Format the DN for the username. if user_identifier: password = user_identifier.pop("password") username_dn = "{user_identifier},{search_base}".format( user_identifier = ",".join( "{attribute_name}={field_value}".format( attribute_name = clean_ldap_name(settings.LDAP_AUTH_USER_FIELDS[field_name]), field_value = clean_ldap_name(field_value), ) for field_name, field_value in user_identifier.items() ), search_base = settings.LDAP_AUTH_SEARCH_BASE, ) else: password = None username_dn = None # Make the connection. with ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=username_dn, password=password, auto_bind=ldap3.AUTO_BIND_NONE) as c: if settings.LDAP_AUTH_USE_TLS: c.start_tls() # Attempt authentication, if required. if user_identifier and not c.bind(): yield None else: # We authenticated, so let's return the connection. auth_connection = Connection(c) yield auth_connection
def connection(*args, **kwargs): """ Creates and returns a connection to the LDAP server. If a user identifier is given, it should either be keyword arguments, or positional arguments that match the fields in settings.LDAP_AUTH_USER_LOOKUP_FIELDS. The final positional argument, or the keyword argument `password`, will be taken as the user's password. """ # Parse the user lookup. user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS + ("password",), False, args, kwargs) # Format the DN for the username. if user_identifier: password = user_identifier.pop("password") username_dn = "{user_identifier},{search_base}".format( user_identifier = ",".join( "{attribute_name}={field_value}".format( attribute_name = clean_ldap_name(settings.LDAP_AUTH_USER_FIELDS[field_name]), field_value = clean_ldap_name(field_value), ) for field_name, field_value in user_identifier.items() ), search_base = settings.LDAP_AUTH_SEARCH_BASE, ) else: password = None username_dn = None # Make the connection. if user_identifier: if settings.LDAP_AUTH_USE_TLS: auto_bind = ldap3.AUTO_BIND_TLS_BEFORE_BIND else: auto_bind = ldap3.AUTO_BIND_NO_TLS else: auto_bind = ldap3.AUTO_BIND_NONE try: with ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=username_dn, password=password, auto_bind=auto_bind) as c: yield Connection(c) except ldap3.LDAPBindError: yield None
def iter_users(self): """ Returns an iterator of Django users that correspond to users in the LDAP database. """ paged_entries = self._connection.extend.standard.paged_search( search_base = settings.LDAP_AUTH_SEARCH_BASE, search_filter = "(objectClass={object_class})".format( object_class = clean_ldap_name(settings.LDAP_AUTH_OBJECT_CLASS), ), search_scope = ldap3.SEARCH_SCOPE_WHOLE_SUBTREE, attributes = list(settings.LDAP_AUTH_USER_FIELDS.values()), paged_size = 30, ) return ( self._get_or_create_user(entry) for entry in paged_entries )
def iter_users(self): """ Returns an iterator of Django users that correspond to users in the LDAP database. """ paged_entries = self._connection.extend.standard.paged_search( search_base = settings.LDAP_AUTH_SEARCH_BASE, search_filter = "(objectClass={object_class})".format( object_class = clean_ldap_name(settings.LDAP_AUTH_OBJECT_CLASS), ), search_scope = ldap3.SEARCH_SCOPE_WHOLE_SUBTREE, attributes = list(settings.LDAP_AUTH_USER_FIELDS.values()), paged_size = 30, ) return ( self._get_or_create_user(entry) for entry in paged_entries )
def testCleanLdapName(self): self.assertEqual(clean_ldap_name("*****@*****.**"), r'*****@*****.**') self.assertEqual(clean_ldap_name("café"), r'caf\E9')
def testCleanLdapName(self): self.assertEqual(clean_ldap_name("*****@*****.**"), r"*****@*****.**") self.assertEqual(clean_ldap_name("café"), r"caf\E9")