def __getGroups(self, user: ldaputil.LDAPResultType):
try:
groups: typing.List[str] = []
filter_ = '(&(objectClass=%s)(|(%s=%s)(%s=%s)))' % (
self._groupClass,
self._memberAttr,
user['_id'],
self._memberAttr,
user['dn'],
)
for d in ldaputil.getAsDict(
con=self.__connection(),
base=self._ldapBase,
ldapFilter=filter_,
attrList=[self._groupIdAttr],
sizeLimit=10 * LDAP_RESULT_LIMIT,
):
if self._groupIdAttr in d:
for k in d[self._groupIdAttr]:
groups.append(k)
logger.debug('Groups: %s', groups)
return groups
except Exception:
logger.exception('Exception at __getGroups')
return []
def __getGroup(self, l):
base = ','.join(['DC=' + i for i in self._domain.split('.')])
group = ldaputil.escape(self._group)
try:
obj = next(ldaputil.getAsDict(l, base, "(&(objectClass=group)(|(cn={0})(sAMAccountName={0})))".format(group), ['dn'], sizeLimit=50))
except StopIteration:
obj = None
if obj is None:
return None
return obj['dn'] # Returns the DN
def __getUser(self, username: str) -> typing.Optional[ldaputil.LDAPResultType]:
"""
Searchs for the username and returns its LDAP entry
@param username: username to search, using user provided parameters at configuration to map search entries.
@return: None if username is not found, an dictionary of LDAP entry attributes if found.
@note: Active directory users contains the groups it belongs to in "memberOf" attribute
"""
attributes = [self._userIdAttr] + self.__getAttrsFromField(self._userNameAttr) + self.__getAttrsFromField(self._groupNameAttr)
user = ldaputil.getFirst(
con=self.__connection(),
base=self._ldapBase,
objectClass=self._userClass,
field=self._userIdAttr,
value=username,
attributes=attributes,
sizeLimit=LDAP_RESULT_LIMIT
)
# If user attributes is split, that is, it has more than one "ldap entry", get a second entry filtering by a new attribute
# and add result attributes to "main" search.
# For example, you can have authentication in an "user" object class and attributes in an "user_attributes" object class.
# Note: This is very rare situation, but it ocurrs :)
if user and self._altClass:
for usr in ldaputil.getAsDict(
con=self.__connection(),
base=self._ldapBase,
ldapFilter='(&(objectClass={})({}={}))'.format(self._altClass, self._userIdAttr, ldaputil.escape(username)),
attrList=attributes,
sizeLimit=LDAP_RESULT_LIMIT
):
for attr in self.__getAttrsFromField(self._groupNameAttr):
v = usr.get(attr)
if not v:
continue
kl = attr.lower()
# If already exists the field, check if it is a list to add new elements...
if kl in usr:
# Convert existing to list, so we can add a new value
if not isinstance(user[kl], (list, tuple)):
user[kl] = [user[kl]]
# Convert values to list, if not list
if not isinstance(v, (list, tuple)):
v = [v]
# Now append to existing values
for x in v:
user[kl].append(x)
else:
user[kl] = v
return user
def __getGroup(self, ldapConnection: typing.Any) -> typing.Optional[str]:
base = ','.join(['DC=' + i for i in self._domain.split('.')])
group = ldaputil.escape(self._group)
obj: typing.Optional[typing.MutableMapping[str, typing.Any]]
try:
obj = next(ldaputil.getAsDict(ldapConnection, base, "(&(objectClass=group)(|(cn={0})(sAMAccountName={0})))".format(group), ['dn'], sizeLimit=50))
except StopIteration:
obj = None
if obj is None:
return None
return obj['dn'] # Returns the DN
def __getGroups(self, usr):
filter_ = '(&(objectClass={})(|({}={})({}={})))'.format(self._groupClass, self._memberAttr, usr['_id'], self._memberAttr, usr['dn'])
groups = {}
for d in ldaputil.getAsDict(
con=self.__connection(),
base=self._ldapBase,
ldapFilter=filter_,
attrList=[self._groupIdAttr],
sizeLimit=10 * LDAP_RESULT_LIMIT # Increase LDAP limit, so we can accept 500 groups or so
):
groups[d[self._groupIdAttr][0]] = d['dn']
return groups
def __getMachine(self, l, machineName):
if self._ou:
base = self._ou
else:
base = ','.join(['DC=' + i for i in self._domain.split('.')])
fltr = '(&(objectClass=computer)(sAMAccountName={}$))'.format(ldaputil.escape(machineName))
try:
obj = next(ldaputil.getAsDict(l, base, fltr, ['dn'], sizeLimit=50))
except StopIteration:
obj = None
if obj is None:
return None
return obj['dn'] # Returns the DN
def __getMachine(self, ldapConnection, machineName: str) -> typing.Optional[str]:
# if self._ou:
# base = self._ou
# else:
base = ','.join(['DC=' + i for i in self._domain.split('.')])
fltr = '(&(objectClass=computer)(sAMAccountName={}$))'.format(ldaputil.escape(machineName))
obj: typing.Optional[typing.MutableMapping[str, typing.Any]]
try:
obj = next(ldaputil.getAsDict(ldapConnection, base, fltr, ['dn'], sizeLimit=50))
except StopIteration:
obj = None
if obj is None:
return None
return obj['dn'] # Returns the DN
def __getMachine(self, l, machineName):
# if self._ou:
# base = self._ou
# else:
base = ','.join(['DC=' + i for i in self._domain.split('.')])
fltr = '(&(objectClass=computer)(sAMAccountName={}$))'.format(
ldaputil.escape(machineName))
try:
obj = next(ldaputil.getAsDict(l, base, fltr, ['dn'], sizeLimit=50))
except StopIteration:
obj = None
if obj is None:
return None
return obj['dn'] # Returns the DN
def searchGroups(self, pattern):
try:
res = []
for r in ldaputil.getAsDict(
con=self.__connection(),
base=self._ldapBase,
ldapFilter='(&(objectClass={})({}={}*))'.format(
self._groupClass, self._groupIdAttr, pattern),
attrList=[self._groupIdAttr],
sizeLimit=LDAP_RESULT_LIMIT):
grpId = r[self._groupIdAttr][0]
res.append({'id': grpId, 'name': grpId})
return res
except Exception:
logger.exception("Exception: ")
raise AuthenticatorException(
_('Too many results, be more specific'))
def __getGroups(self, usr):
filter_ = '(&(objectClass={})(|({}={})({}={})))'.format(
self._groupClass, self._memberAttr, usr['_id'], self._memberAttr,
usr['dn'])
groups = {}
for d in ldaputil.getAsDict(
con=self.__connection(),
base=self._ldapBase,
ldapFilter=filter_,
attrList=[self._groupIdAttr],
sizeLimit=10 *
LDAP_RESULT_LIMIT # Increase LDAP limit, so we can accept 500 groups or so
):
groups[d[self._groupIdAttr][0]] = d['dn']
return groups
def searchUsers(self, pattern):
try:
res = []
for r in ldaputil.getAsDict(
con=self.__connection(),
base=self._ldapBase,
ldapFilter='(&(objectClass={})({}={}*))'.format(self._userClass, self._userIdAttr, pattern),
attrList=[self._userIdAttr],
sizeLimit=LDAP_RESULT_LIMIT
):
res.append({
'id': r[self._userIdAttr][0], # Ignore @...
'name': self.__getUserRealName(r)
})
return res
except Exception:
logger.exception("Exception: ")
raise AuthenticatorException(_('Too many results, be more specific'))
def searchGroups(self, pattern):
try:
fld = self._groupIdAttr
res = []
for r in ldaputil.getAsDict(
con=self.__connection(),
base=self.__getLdapBase(),
ldapFilter='(&(objectClass=%s)(%s=%s*))' %
(self._groupClass, self._groupIdAttr, pattern),
attrList=[fld, 'memberOf', 'description'],
sizeLimit=LDAP_RESULT_LIMIT):
res.append({'id': r[fld][0], 'name': r['description'][0]})
return res
except Exception:
logger.exception("Exception: ")
raise AuthenticatorException(
_('Too many results, be more specific'))
def __getGroup(self, l):
base = ','.join(['DC=' + i for i in self._domain.split('.')])
group = ldaputil.escape(self._group)
try:
obj = next(
ldaputil.getAsDict(
l,
base,
"(&(objectClass=group)(|(cn={0})(sAMAccountName={0})))".
format(group), ['dn'],
sizeLimit=50))
except StopIteration:
obj = None
if obj is None:
return None
return obj['dn'] # Returns the DN
def searchGroups(self, pattern):
try:
res = []
for r in ldaputil.getAsDict(
con=self.__connection(),
base=self._ldapBase,
ldapFilter='(&(objectClass={})({}={}*))'.format(self._groupClass, self._groupIdAttr, pattern),
attrList=[self._groupIdAttr],
sizeLimit=LDAP_RESULT_LIMIT
):
grpId = r[self._groupIdAttr][0]
res.append({
'id': grpId,
'name': grpId
})
return res
except Exception:
logger.exception("Exception: ")
raise AuthenticatorException(_('Too many results, be more specific'))
def searchGroups(self, pattern: str) -> typing.Iterable[typing.Dict[str, str]]:
try:
res = []
for r in ldaputil.getAsDict(
con=self.__connection(),
base=self._ldapBase,
ldapFilter='(&(objectClass=%s)(%s=%s*))'
% (self._groupClass, self._groupIdAttr, pattern),
attrList=[self._groupIdAttr, 'memberOf', 'description'],
sizeLimit=LDAP_RESULT_LIMIT,
):
res.append({'id': r[self._groupIdAttr][0], 'name': r['description'][0]})
return res
except Exception:
logger.exception("Exception: ")
raise auths.exceptions.AuthenticatorException(
_('Too many results, be more specific')
)
def searchUsers(self, pattern):
try:
res = []
for r in ldaputil.getAsDict(
con=self.__connection(),
base=self._ldapBase,
ldapFilter='(&(objectClass={})({}={}*))'.format(
self._userClass, self._userIdAttr, pattern),
attrList=[self._userIdAttr],
sizeLimit=LDAP_RESULT_LIMIT):
res.append({
'id': r[self._userIdAttr][0], # Ignore @...
'name': self.__getUserRealName(r)
})
return res
except Exception:
logger.exception("Exception: ")
raise AuthenticatorException(
_('Too many results, be more specific'))
def searchUsers(self, pattern):
try:
res = []
for r in ldaputil.getAsDict(
con=self.__connection(),
base=self._ldapBase,
ldapFilter='(&(&(objectClass={})({}={}*)))'.format(self._userClass, self._userIdAttr, ldaputil.escape(pattern)),
attrList=None, # All attrs
sizeLimit=LDAP_RESULT_LIMIT
):
logger.debug('R: {0}'.format(r))
res.append({
'id': r.get(self._userIdAttr.lower(), '')[0],
'name': self.__getUserRealName(r)
})
logger.debug(res)
return res
except Exception:
logger.exception("Exception: ")
raise AuthenticatorException(_('Too many results, be more specific'))
def searchGroups(self, pattern):
try:
fld = self._groupIdAttr
res = []
for r in ldaputil.getAsDict(
con=self.__connection(),
base=self.__getLdapBase(),
ldapFilter='(&(objectClass=%s)(%s=%s*))' % (self._groupClass, self._groupIdAttr, pattern),
attrList=[fld, 'memberOf', 'description'],
sizeLimit=LDAP_RESULT_LIMIT
):
res.append({
'id': r[fld][0],
'name': r['description'][0]
})
return res
except Exception:
logger.exception("Exception: ")
raise AuthenticatorException(_('Too many results, be more specific'))
def searchUsers(self, pattern):
try:
res = []
for r in ldaputil.getAsDict(
con=self.__connection(),
base=self._ldapBase,
ldapFilter='(&(&(objectClass={})({}={}*)))'.format(self._userClass, self._userIdAttr, ldaputil.escape(pattern)),
attrList=None, # All attrs
sizeLimit=LDAP_RESULT_LIMIT
):
logger.debug('R: {0}'.format(r))
res.append({
'id': r.get(self._userIdAttr.lower(), '')[0],
'name': self.__getUserRealName(r)
})
logger.debug(res)
return res
except Exception:
logger.exception("Exception: ")
raise AuthenticatorException(_('Too many results, be more specific'))
def searchUsers(self,
pattern: str) -> typing.Iterable[typing.Dict[str, str]]:
try:
res = []
for r in ldaputil.getAsDict(
con=self.__connection(),
base=self._ldapBase,
ldapFilter='(&(objectClass=%s)(%s=%s*))' %
(self._userClass, self._userIdAttr, pattern),
attrList=[self._userIdAttr, self._userNameAttr],
sizeLimit=LDAP_RESULT_LIMIT):
res.append({
'id': r[self._userIdAttr][0], # Ignore @...
'name': self.__getUserRealName(r)
})
return res
except Exception:
logger.exception("Exception: ")
raise auths.exceptions.AuthenticatorException(
_('Too many results, be more specific'))
def __getGroups(self, usr):
try:
groups = {}
filter_ = '(&(objectClass=%s)(|(%s=%s)(%s=%s)))' % (self._groupClass, self._memberAttr, usr['_id'], self._memberAttr, usr['dn'])
fld = self._groupIdAttr
for d in ldaputil.getAsDict(
con=self.__connection(),
base=self.__getLdapBase(),
ldapFilter=_filter,
attrList=[fld],
sizeLimit=10 * LDAP_RESULT_LIMIT
):
if fld in d:
for k in d[fld]:
groups.add(k)
logger.debug('Groups: {0}'.format(groups))
return groups
except Exception:
logger.exception('Exception at __getGroups')
return {}
def __getGroups(self, usr):
try:
groups = {}
filter_ = '(&(objectClass=%s)(|(%s=%s)(%s=%s)))' % (
self._groupClass, self._memberAttr, usr['_id'],
self._memberAttr, usr['dn'])
fld = self._groupIdAttr
for d in ldaputil.getAsDict(con=self.__connection(),
base=self.__getLdapBase(),
ldapFilter=_filter,
attrList=[fld],
sizeLimit=10 * LDAP_RESULT_LIMIT):
if fld in d:
for k in d[fld]:
groups.add(k)
logger.debug('Groups: {0}'.format(groups))
return groups
except Exception:
logger.exception('Exception at __getGroups')
return {}
