def authenticate(self, username=None, password=None, server=None):
self.add_ldap_config_for_server(server)
username_filter_kwargs = ldap_access.get_ldap_user_kwargs(username)
# Do this check up here, because the auth call creates a django user upon first login per user
is_super = False
if not UserProfile.objects.filter(creation_method=str(UserProfile.CreationMethod.EXTERNAL)).exists():
# If there are no LDAP users already in the system, the first one will
# become a superuser
is_super = True
elif User.objects.filter(**username_filter_kwargs).exists():
# If the user already exists, we shouldn't change its superuser
# privileges. However, if there's a naming conflict with a non-external
# user, we should do the safe thing and turn off superuser privs.
existing_user = User.objects.get(**username_filter_kwargs)
existing_profile = get_profile(existing_user)
if existing_profile.creation_method == str(UserProfile.CreationMethod.EXTERNAL):
is_super = User.objects.get(**username_filter_kwargs).is_superuser
elif not desktop.conf.LDAP.CREATE_USERS_ON_LOGIN.get():
return None
try:
user = self._backend.authenticate(username, password)
except ImproperlyConfigured, detail:
LOG.warn("LDAP was not properly configured: %s", detail)
return None
def authenticate(self, username=None, password=None, server=None):
self.add_ldap_config_for_server(server)
username_filter_kwargs = ldap_access.get_ldap_user_kwargs(username)
# Do this check up here, because the auth call creates a django user upon first login per user
is_super = False
if not UserProfile.objects.filter(creation_method=str(
UserProfile.CreationMethod.EXTERNAL)).exists():
# If there are no LDAP users already in the system, the first one will
# become a superuser
is_super = True
elif User.objects.filter(**username_filter_kwargs).exists():
# If the user already exists, we shouldn't change its superuser
# privileges. However, if there's a naming conflict with a non-external
# user, we should do the safe thing and turn off superuser privs.
existing_user = User.objects.get(**username_filter_kwargs)
existing_profile = get_profile(existing_user)
if existing_profile.creation_method == str(
UserProfile.CreationMethod.EXTERNAL):
is_super = User.objects.get(
**username_filter_kwargs).is_superuser
elif not desktop.conf.LDAP.CREATE_USERS_ON_LOGIN.get():
return None
try:
user = self._backend.authenticate(username, password)
except ImproperlyConfigured, detail:
LOG.warn("LDAP was not properly configured: %s", detail)
return None
def authenticate(self, request=None, username=None, password=None, server=None):
self.add_ldap_config_for_server(server)
username_filter_kwargs = ldap_access.get_ldap_user_kwargs(username)
# Do this check up here, because the auth call creates a django user upon first login per user
is_super = False
if not UserProfile.objects.filter(creation_method=UserProfile.CreationMethod.EXTERNAL.name).exists():
# If there are no LDAP users already in the system, the first one will
# become a superuser
is_super = True
elif User.objects.filter(**username_filter_kwargs).exists():
# If the user already exists, we shouldn't change its superuser
# privileges. However, if there's a naming conflict with a non-external
# user, we should do the safe thing and turn off superuser privs.
existing_user = User.objects.get(**username_filter_kwargs)
existing_profile = get_profile(existing_user)
if existing_profile.creation_method == UserProfile.CreationMethod.EXTERNAL.name:
is_super = User.objects.get(**username_filter_kwargs).is_superuser
elif not LDAP.CREATE_USERS_ON_LOGIN.get():
LOG.warning("Create users when they login with their LDAP credentials is turned off")
return None
try:
allowed_group = self.check_ldap_access_groups(server, username)
if allowed_group:
if sys.version_info[0] > 2:
user = self._backend.authenticate(request, username=username, password=password)
else:
user = self._backend.authenticate(username=username, password=password)
else:
LOG.warning("%s not in an allowed login group" % username)
return None
except ImproperlyConfigured as detail:
LOG.warning("LDAP was not properly configured: %s", detail)
return None
if AUTH.PAM_USE_PWD_MODULE.get() and user is not None:
LOG.debug('Setting LDAP username to %s using PAM pwd module for user %s' % (getpwnam(username).pw_name, username))
pam_user = getpwnam(username).pw_name
try:
user = User.objects.get(username__iexact=pam_user)
except User.DoesNotExist:
user = find_or_create_user(pam_user, None)
if user is not None and user.is_active:
profile = get_profile(user)
profile.creation_method = UserProfile.CreationMethod.EXTERNAL.name
profile.save()
user.is_superuser = is_super
user = rewrite_user(user)
ensure_has_a_group(user)
if LDAP.SYNC_GROUPS_ON_LOGIN.get():
self.import_groups(server, user)
return user
