def get_user(self, *args, **kwargs): """ Returns the user with the given identifier. The user identifier should either be keyword arguments, or positional arguments that match the fields in settings.LDAP_AUTH_USER_LOOKUP_FIELDS. For the default User model, this can therefor be in the form `get_user(username)` or `get_user(username=username)`. """ # Parse the user lookup. user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS, True, args, kwargs) # Search the LDAP database. search_filter = "(&(objectClass={object_class}){user_identifier})".format( object_class = clean_ldap_name(settings.LDAP_AUTH_OBJECT_CLASS), user_identifier = "".join( "({attribute_name}={field_value})".format( attribute_name = clean_ldap_name(settings.LDAP_AUTH_USER_FIELDS[field_name]), field_value = clean_ldap_name(field_value), ) for field_name, field_value in user_identifier.items() ), ) if self._connection.search( search_base = settings.LDAP_AUTH_SEARCH_BASE, search_filter = search_filter, search_scope = ldap3.SEARCH_SCOPE_WHOLE_SUBTREE, attributes = list(settings.LDAP_AUTH_USER_FIELDS.values()), size_limit = 1, ): return self._get_or_create_user(self._connection.response[0]) return None
def get_user(self, *args, **kwargs): """ Returns the user with the given identifier. The user identifier should either be keyword arguments, or positional arguments that match the fields in settings.LDAP_AUTH_USER_LOOKUP_FIELDS. For the default User model, this can therefor be in the form `get_user(username)` or `get_user(username=username)`. """ # Parse the user lookup. user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS, True, args, kwargs) # Search the LDAP database. search_filter = "(&(objectClass={object_class}){user_identifier})".format( object_class = clean_ldap_name(settings.LDAP_AUTH_OBJECT_CLASS), user_identifier = "".join( "({attribute_name}={field_value})".format( attribute_name = clean_ldap_name(settings.LDAP_AUTH_USER_FIELDS[field_name]), field_value = clean_ldap_name(field_value), ) for field_name, field_value in user_identifier.items() ), ) if self._connection.search( search_base = settings.LDAP_AUTH_SEARCH_BASE, search_filter = search_filter, search_scope = ldap3.SEARCH_SCOPE_WHOLE_SUBTREE, attributes = ldap3.ALL_ATTRIBUTES, size_limit = 1, ): return self._get_or_create_user(self._connection.response[0]) return None
def connection(*args, **kwargs): """ Creates and returns a connection to the LDAP server. If a user identifier is given, it should either be keyword arguments, or positional arguments that match the fields in settings.LDAP_AUTH_USER_LOOKUP_FIELDS. The final positional argument, or the keyword argument `password`, will be taken as the user's password. """ # Parse the user lookup. user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS + ("password",), False, args, kwargs) # Format the DN for the username. if user_identifier: password = user_identifier.pop("password") username_dn = "{user_identifier},{search_base}".format( user_identifier = ",".join( "{attribute_name}={field_value}".format( attribute_name = clean_ldap_name(settings.LDAP_AUTH_USER_FIELDS[field_name]), field_value = clean_ldap_name(field_value), ) for field_name, field_value in user_identifier.items() ), search_base = settings.LDAP_AUTH_SEARCH_BASE, ) else: password = None username_dn = None # Make the connection. if user_identifier: if settings.LDAP_AUTH_USE_TLS: auto_bind = ldap3.AUTO_BIND_TLS_BEFORE_BIND else: auto_bind = ldap3.AUTO_BIND_NO_TLS else: auto_bind = ldap3.AUTO_BIND_NONE try: c = ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=username_dn, password=password, auto_bind=auto_bind) with ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=username_dn, password=password, auto_bind=auto_bind) as c: yield Connection(c) except ldap3.LDAPBindError: # Alternative search LDAP_AUTH_SEARCH_BASE alt_con = ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=settings.LDAP_SEARCH_DN, password=settings.LDAP_SEARCH_PASSWORD, auto_bind=auto_bind) if alt_con.search(settings.LDAP_AUTH_SEARCH_BASE,'(&(objectClass=person)(uid=%s))' % (kwargs['username'],), ldap3.SUBTREE): try: if len(alt_con.response) == 1: username_dn = alt_con.response[0]['dn'] c2 = ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=username_dn, password=password, auto_bind=auto_bind) yield Connection(c2) except: yield else: yield
def connection(*args, **kwargs): """ Creates and returns a connection to the LDAP server. If a user identifier is given, it should either be keyword arguments, or positional arguments that match the fields in settings.LDAP_AUTH_USER_LOOKUP_FIELDS. The final positional argument, or the keyword argument `password`, will be taken as the user's password. """ # Parse the user lookup. user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS + ("password",), False, args, kwargs) # Format the DN for the username. if user_identifier: password = user_identifier.pop("password") username_dn = "{user_identifier},{search_base}".format( user_identifier = ",".join( "{attribute_name}={field_value}".format( attribute_name = clean_ldap_name(settings.LDAP_AUTH_USER_FIELDS[field_name]), field_value = clean_ldap_name(field_value), ) for field_name, field_value in user_identifier.items() ), search_base = settings.LDAP_AUTH_SEARCH_BASE, ) else: username_dn = settings.LDAP_AUTH_CONNECTION_USERNAME password = settings.LDAP_AUTH_CONNECTION_PASSWORD # Make the connection. # -------------------------------------------------------------------------- # iJet changes here to support explicit auto bind override. if settings.LDAP_AUTO_BIND is None: if user_identifier: if settings.LDAP_AUTH_USE_TLS: auto_bind = ldap3.AUTO_BIND_TLS_BEFORE_BIND else: auto_bind = ldap3.AUTO_BIND_NO_TLS else: auto_bind = ldap3.AUTO_BIND_NONE else: auto_bind = settings.LDAP_AUTO_BIND # -------------------------------------------------------------------------- try: with ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=username_dn, password=password, auto_bind=auto_bind) as c: yield Connection(c) except (ldap3.LDAPBindError, ldap3.LDAPSASLPrepError): yield None
def authenticate(*args, **kwargs): """ Authenticates with the LDAP server, and returns the corresponding Django user instance. The user identifier should either be keyword arguments, or positional arguments that match the fields in settings.LDAP_AUTH_USER_LOOKUP_FIELDS. The final positional argument, or the keyword argument `password`, will be taken as the user's password. """ user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS + ("password",), True, args, kwargs) user_identifier.pop("password") with connection(*args, **kwargs) as c: if c is None: return None return c.get_user(**user_identifier)
def authenticate(*args, **kwargs): """ Authenticates with the LDAP server, and returns the corresponding Django user instance. The user identifier should either be keyword arguments, or positional arguments that match the fields in settings.LDAP_AUTH_USER_LOOKUP_FIELDS. The final positional argument, or the keyword argument `password`, will be taken as the user's password. """ user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS + ("password",), True, args, kwargs) user_identifier.pop("password") with connection(*args, **kwargs) as c: if c is None: return None return c.get_user(**user_identifier)
def connection(*args, **kwargs): """ Creates and returns a connection to the LDAP server. If a user identifier is given, it should either be keyword arguments, or positional arguments that match the fields in settings.LDAP_AUTH_USER_LOOKUP_FIELDS. The final positional argument, or the keyword argument `password`, will be taken as the user's password. """ # Parse the user lookup. user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS + ("password",), False, args, kwargs) # Format the DN for the username. if user_identifier: password = user_identifier.pop("password") username_dn = "{user_identifier},{search_base}".format( user_identifier = ",".join( "{attribute_name}={field_value}".format( attribute_name = clean_ldap_name(settings.LDAP_AUTH_USER_FIELDS[field_name]), field_value = clean_ldap_name(field_value), ) for field_name, field_value in user_identifier.items() ), search_base = settings.LDAP_AUTH_SEARCH_BASE, ) else: password = None username_dn = None # Make the connection. with ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=username_dn, password=password, auto_bind=ldap3.AUTO_BIND_NONE) as c: if settings.LDAP_AUTH_USE_TLS: c.start_tls() # Attempt authentication, if required. if user_identifier and not c.bind(): yield None else: # We authenticated, so let's return the connection. auth_connection = Connection(c) yield auth_connection
def connection(*args, **kwargs): """ Creates and returns a connection to the LDAP server. If a user identifier is given, it should either be keyword arguments, or positional arguments that match the fields in settings.LDAP_AUTH_USER_LOOKUP_FIELDS. The final positional argument, or the keyword argument `password`, will be taken as the user's password. """ # Parse the user lookup. user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS + ("password",), False, args, kwargs) # Format the DN for the username. if user_identifier: password = user_identifier.pop("password") username_dn = "{user_identifier},{search_base}".format( user_identifier = ",".join( "{attribute_name}={field_value}".format( attribute_name = clean_ldap_name(settings.LDAP_AUTH_USER_FIELDS[field_name]), field_value = clean_ldap_name(field_value), ) for field_name, field_value in user_identifier.items() ), search_base = settings.LDAP_AUTH_SEARCH_BASE, ) else: password = None username_dn = None # Make the connection. if user_identifier: if settings.LDAP_AUTH_USE_TLS: auto_bind = ldap3.AUTO_BIND_TLS_BEFORE_BIND else: auto_bind = ldap3.AUTO_BIND_NO_TLS else: auto_bind = ldap3.AUTO_BIND_NONE try: with ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=username_dn, password=password, auto_bind=auto_bind) as c: yield Connection(c) except ldap3.LDAPBindError: yield None
def get_user(self, *args, **kwargs): """ Returns the user with the given identifier. The user identifier should either be keyword arguments, or positional arguments that match the fields in settings.LDAP_AUTH_USER_LOOKUP_FIELDS. For the default User model, this can therefor be in the form `get_user(username)` or `get_user(username=username)`. """ # Parse the user lookup. user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS, True, args, kwargs) # Search the LDAP database. search_filter = "(uid={username})".format( username = user_identifier['username'].split('@')[0], ) if self._connection.search( search_base = settings.LDAP_AUTH_SEARCH_BASE, search_filter = search_filter, search_scope = ldap3.SEARCH_SCOPE_WHOLE_SUBTREE, attributes = list(settings.LDAP_AUTH_USER_FIELDS.values()), size_limit = 1, ): split_attrs = self._connection.response[0]['attributes']['cn'][0].split() first = split_attrs[0] last = split_attrs[1] User = get_user_model() user_dict = { 'username': user_identifier['username'].split('@')[0], 'email': user_identifier['username'] } user, created = User.objects.get_or_create(**user_dict) user.first_name = first user.last_name = last user.save() return user return None