def __getGroup(self, l): base = ','.join(['DC=' + i for i in self._domain.split('.')]) group = ldaputil.escape(self._group) try: obj = next(ldaputil.getAsDict(l, base, "(&(objectClass=group)(|(cn={0})(sAMAccountName={0})))".format(group), ['dn'], sizeLimit=50)) except StopIteration: obj = None if obj is None: return None return obj['dn'] # Returns the DN
def __getGroup(self, ldapConnection: typing.Any) -> typing.Optional[str]: base = ','.join(['DC=' + i for i in self._domain.split('.')]) group = ldaputil.escape(self._group) obj: typing.Optional[typing.MutableMapping[str, typing.Any]] try: obj = next(ldaputil.getAsDict(ldapConnection, base, "(&(objectClass=group)(|(cn={0})(sAMAccountName={0})))".format(group), ['dn'], sizeLimit=50)) except StopIteration: obj = None if obj is None: return None return obj['dn'] # Returns the DN
def __getMachine(self, l, machineName): if self._ou: base = self._ou else: base = ','.join(['DC=' + i for i in self._domain.split('.')]) fltr = '(&(objectClass=computer)(sAMAccountName={}$))'.format(ldaputil.escape(machineName)) try: obj = next(ldaputil.getAsDict(l, base, fltr, ['dn'], sizeLimit=50)) except StopIteration: obj = None if obj is None: return None return obj['dn'] # Returns the DN
def __getMachine(self, ldapConnection, machineName: str) -> typing.Optional[str]: # if self._ou: # base = self._ou # else: base = ','.join(['DC=' + i for i in self._domain.split('.')]) fltr = '(&(objectClass=computer)(sAMAccountName={}$))'.format(ldaputil.escape(machineName)) obj: typing.Optional[typing.MutableMapping[str, typing.Any]] try: obj = next(ldaputil.getAsDict(ldapConnection, base, fltr, ['dn'], sizeLimit=50)) except StopIteration: obj = None if obj is None: return None return obj['dn'] # Returns the DN
def __getMachine(self, l, machineName): # if self._ou: # base = self._ou # else: base = ','.join(['DC=' + i for i in self._domain.split('.')]) fltr = '(&(objectClass=computer)(sAMAccountName={}$))'.format( ldaputil.escape(machineName)) try: obj = next(ldaputil.getAsDict(l, base, fltr, ['dn'], sizeLimit=50)) except StopIteration: obj = None if obj is None: return None return obj['dn'] # Returns the DN
def __getGroup(self, l): base = ','.join(['DC=' + i for i in self._domain.split('.')]) group = ldaputil.escape(self._group) try: obj = next( ldaputil.getAsDict( l, base, "(&(objectClass=group)(|(cn={0})(sAMAccountName={0})))". format(group), ['dn'], sizeLimit=50)) except StopIteration: obj = None if obj is None: return None return obj['dn'] # Returns the DN
def searchUsers(self, pattern): try: res = [] for r in ldaputil.getAsDict( con=self.__connection(), base=self._ldapBase, ldapFilter='(&(&(objectClass={})({}={}*)))'.format( self._userClass, self._userIdAttr, ldaputil.escape(pattern)), attrList=None, # All attrs sizeLimit=LDAP_RESULT_LIMIT): logger.debug('R: {0}'.format(r)) res.append({ 'id': r.get(self._userIdAttr.lower(), '')[0], 'name': self.__getUserRealName(r) }) logger.debug(res) return res except Exception: logger.exception("Exception: ") raise AuthenticatorException( _('Too many results, be more specific'))
def searchUsers(self, pattern): try: res = [] for r in ldaputil.getAsDict( con=self.__connection(), base=self._ldapBase, ldapFilter='(&(&(objectClass={})({}={}*)))'.format(self._userClass, self._userIdAttr, ldaputil.escape(pattern)), attrList=None, # All attrs sizeLimit=LDAP_RESULT_LIMIT ): logger.debug('R: {0}'.format(r)) res.append({ 'id': r.get(self._userIdAttr.lower(), '')[0], 'name': self.__getUserRealName(r) }) logger.debug(res) return res except Exception: logger.exception("Exception: ") raise AuthenticatorException(_('Too many results, be more specific'))
def __getUser(self, username: str) -> typing.Optional[ldaputil.LDAPResultType]: """ Searchs for the username and returns its LDAP entry @param username: username to search, using user provided parameters at configuration to map search entries. @return: None if username is not found, an dictionary of LDAP entry attributes if found. @note: Active directory users contains the groups it belongs to in "memberOf" attribute """ attributes = [self._userIdAttr] + self.__getAttrsFromField(self._userNameAttr) + self.__getAttrsFromField(self._groupNameAttr) user = ldaputil.getFirst( con=self.__connection(), base=self._ldapBase, objectClass=self._userClass, field=self._userIdAttr, value=username, attributes=attributes, sizeLimit=LDAP_RESULT_LIMIT ) # If user attributes is split, that is, it has more than one "ldap entry", get a second entry filtering by a new attribute # and add result attributes to "main" search. # For example, you can have authentication in an "user" object class and attributes in an "user_attributes" object class. # Note: This is very rare situation, but it ocurrs :) if user and self._altClass: for usr in ldaputil.getAsDict( con=self.__connection(), base=self._ldapBase, ldapFilter='(&(objectClass={})({}={}))'.format(self._altClass, self._userIdAttr, ldaputil.escape(username)), attrList=attributes, sizeLimit=LDAP_RESULT_LIMIT ): for attr in self.__getAttrsFromField(self._groupNameAttr): v = usr.get(attr) if not v: continue kl = attr.lower() # If already exists the field, check if it is a list to add new elements... if kl in usr: # Convert existing to list, so we can add a new value if not isinstance(user[kl], (list, tuple)): user[kl] = [user[kl]] # Convert values to list, if not list if not isinstance(v, (list, tuple)): v = [v] # Now append to existing values for x in v: user[kl].append(x) else: user[kl] = v return user