def get_user(self, **kwargs):
"""
Returns the user with the given identifier.
The user identifier should be keyword arguments matching the fields
in settings.LDAP_AUTH_USER_LOOKUP_FIELDS.
"""
# Search the LDAP database.
domain = kwargs.pop("domain", None)
if domain is not None:
search_base = settings.LDAP_AUTH_MULTIDOMAIN_SEARCH_BASE.get(
domain)
else:
search_base = settings.LDAP_AUTH_SEARCH_BASE
if self._connection.search(
search_base=search_base,
search_filter=format_search_filter(kwargs),
search_scope=ldap3.SUBTREE,
attributes=ldap3.ALL_ATTRIBUTES,
get_operational_attributes=True,
size_limit=1,
):
return self._get_or_create_user(self._connection.response[0],
domain=domain)
logger.warning("LDAP user lookup failed")
return None
def get_user(self, **kwargs):
"""
Returns the user with the given identifier.
The user identifier should be keyword arguments matching the fields
in settings.LDAP_AUTH_USER_LOOKUP_FIELDS.
"""
# Search the LDAP database.
if self._connection.search(
search_base=settings.LDAP_AUTH_SEARCH_BASE,
search_filter=format_search_filter(kwargs),
search_scope=ldap3.SUBTREE,
attributes=ldap3.ALL_ATTRIBUTES,
get_operational_attributes=True,
size_limit=1,
):
return self._get_or_create_user(self._connection.response[0])
# print(
# "search_base:%s" % settings.LDAP_AUTH_SEARCH_BASE,
# "search_filter:%s" % format_search_filter(kwargs),
# "search_scope:%s" % ldap3.SUBTREE,
# "attributes:%s" % ldap3.ALL_ATTRIBUTES,
# "get_operational_attributes:%s" % True,
# )
logger.warning("LDAP user lookup failed")
return None
def iter_users(self):
"""
Returns an iterator of Django users that correspond to
users in the LDAP database.
"""
paged_entries = self._connection.extend.standard.paged_search(
search_base=settings.LDAP_AUTH_SEARCH_BASE,
search_filter=format_search_filter({}),
search_scope=ldap3.SUBTREE,
attributes=ldap3.ALL_ATTRIBUTES,
get_operational_attributes=True,
paged_size=30,
)
return filter(
None,
(self._get_or_create_user(entry)
for entry in paged_entries if entry["type"] == "searchResEntry"))
def get_user(self, **kwargs):
"""
Returns the user with the given identifier.
The user identifier should be keyword arguments matching the fields
in settings.LDAP_AUTH_USER_LOOKUP_FIELDS.
"""
# Search the LDAP database.
if self._connection.search(
search_base = settings.LDAP_AUTH_SEARCH_BASE,
search_filter = format_search_filter(kwargs),
search_scope = ldap3.SEARCH_SCOPE_WHOLE_SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES,
get_operational_attributes = True,
size_limit = 1,
):
return self._get_or_create_user(self._connection.response[0])
return None
def iter_users(self):
"""
Returns an iterator of Django users that correspond to
users in the LDAP database.
"""
paged_entries = self._connection.extend.standard.paged_search(
search_base = settings.LDAP_AUTH_SEARCH_BASE,
search_filter = format_search_filter({}),
search_scope = ldap3.SEARCH_SCOPE_WHOLE_SUBTREE,
attributes = ldap3.ALL_ATTRIBUTES,
paged_size = 30,
)
return (
self._get_or_create_user(entry)
for entry
in paged_entries
if entry["type"] == "searchResEntry"
)
def connection(**kwargs):
"""
Creates and returns a connection to the LDAP server.
The user identifier, if given, should be keyword arguments matching the fields
in settings.LDAP_AUTH_USER_LOOKUP_FIELDS, plus a `password` argument.
"""
# Format the DN for the username.
format_username = import_func(settings.LDAP_AUTH_FORMAT_USERNAME)
kwargs = {
key: value
for key, value
in kwargs.items()
if value
}
username = None
password = None
if kwargs:
password = kwargs.pop("password")
# username = format_username(kwargs)
try:
username = kwargs.pop("binddn")
except:
username = format_username(kwargs)
# Configure the connection.
if settings.LDAP_AUTH_USE_TLS:
auto_bind = ldap3.AUTO_BIND_TLS_BEFORE_BIND
else:
auto_bind = ldap3.AUTO_BIND_NO_TLS
# Connect.
try:
c = ldap3.Connection(
ldap3.Server(
settings.LDAP_AUTH_URL,
allowed_referral_hosts=[("*", True)],
get_info=ldap3.NONE,
connect_timeout=settings.LDAP_AUTH_CONNECT_TIMEOUT,
),
#user=username,
#password=password,
user=settings.LDAP_AUTH_CONNECTION_USERNAME,
password=settings.LDAP_AUTH_CONNECTION_PASSWORD,
auto_bind=auto_bind,
raise_exceptions=True,
receive_timeout=settings.LDAP_AUTH_RECEIVE_TIMEOUT,
)
except LDAPException as ex:
logger.warning("LDAP connect failed: {ex}".format(ex=ex))
yield None
return
# Rebind as login user.
if ( settings.LDAP_AUTH_CONNECTION_USERNAME != username ):
# Search login user.
if c.search(
search_base=settings.LDAP_AUTH_SEARCH_BASE,
search_filter=format_search_filter(kwargs),
search_scope=ldap3.SUBTREE,
size_limit=1,
):
username=c.response[0]['dn']
#print username
User = get_user_model()
try:
c.rebind(
# user=format_username({User.USERNAME_FIELD: settings.LDAP_AUTH_CONNECTION_USERNAME}),
# user=settings.LDAP_AUTH_CONNECTION_USERNAME,
# password=settings.LDAP_AUTH_CONNECTION_PASSWORD,
user=username,
password=password,
)
except LDAPException as ex:
logger.warning("LDAP rebind failed: {ex}".format(ex=ex))
yield None
return
# Return the connection.
logger.info("LDAP connect succeeded")
try:
yield Connection(c)
finally:
c.unbind()
