def get_user(self, **kwargs): """ Returns the user with the given identifier. The user identifier should be keyword arguments matching the fields in settings.LDAP_AUTH_USER_LOOKUP_FIELDS. """ # Search the LDAP database. domain = kwargs.pop("domain", None) if domain is not None: search_base = settings.LDAP_AUTH_MULTIDOMAIN_SEARCH_BASE.get( domain) else: search_base = settings.LDAP_AUTH_SEARCH_BASE if self._connection.search( search_base=search_base, search_filter=format_search_filter(kwargs), search_scope=ldap3.SUBTREE, attributes=ldap3.ALL_ATTRIBUTES, get_operational_attributes=True, size_limit=1, ): return self._get_or_create_user(self._connection.response[0], domain=domain) logger.warning("LDAP user lookup failed") return None
def get_user(self, **kwargs): """ Returns the user with the given identifier. The user identifier should be keyword arguments matching the fields in settings.LDAP_AUTH_USER_LOOKUP_FIELDS. """ # Search the LDAP database. if self._connection.search( search_base=settings.LDAP_AUTH_SEARCH_BASE, search_filter=format_search_filter(kwargs), search_scope=ldap3.SUBTREE, attributes=ldap3.ALL_ATTRIBUTES, get_operational_attributes=True, size_limit=1, ): return self._get_or_create_user(self._connection.response[0]) # print( # "search_base:%s" % settings.LDAP_AUTH_SEARCH_BASE, # "search_filter:%s" % format_search_filter(kwargs), # "search_scope:%s" % ldap3.SUBTREE, # "attributes:%s" % ldap3.ALL_ATTRIBUTES, # "get_operational_attributes:%s" % True, # ) logger.warning("LDAP user lookup failed") return None
def iter_users(self): """ Returns an iterator of Django users that correspond to users in the LDAP database. """ paged_entries = self._connection.extend.standard.paged_search( search_base=settings.LDAP_AUTH_SEARCH_BASE, search_filter=format_search_filter({}), search_scope=ldap3.SUBTREE, attributes=ldap3.ALL_ATTRIBUTES, get_operational_attributes=True, paged_size=30, ) return filter( None, (self._get_or_create_user(entry) for entry in paged_entries if entry["type"] == "searchResEntry"))
def get_user(self, **kwargs): """ Returns the user with the given identifier. The user identifier should be keyword arguments matching the fields in settings.LDAP_AUTH_USER_LOOKUP_FIELDS. """ # Search the LDAP database. if self._connection.search( search_base = settings.LDAP_AUTH_SEARCH_BASE, search_filter = format_search_filter(kwargs), search_scope = ldap3.SEARCH_SCOPE_WHOLE_SUBTREE, attributes = ldap3.ALL_ATTRIBUTES, get_operational_attributes = True, size_limit = 1, ): return self._get_or_create_user(self._connection.response[0]) return None
def iter_users(self): """ Returns an iterator of Django users that correspond to users in the LDAP database. """ paged_entries = self._connection.extend.standard.paged_search( search_base = settings.LDAP_AUTH_SEARCH_BASE, search_filter = format_search_filter({}), search_scope = ldap3.SEARCH_SCOPE_WHOLE_SUBTREE, attributes = ldap3.ALL_ATTRIBUTES, paged_size = 30, ) return ( self._get_or_create_user(entry) for entry in paged_entries if entry["type"] == "searchResEntry" )
def connection(**kwargs): """ Creates and returns a connection to the LDAP server. The user identifier, if given, should be keyword arguments matching the fields in settings.LDAP_AUTH_USER_LOOKUP_FIELDS, plus a `password` argument. """ # Format the DN for the username. format_username = import_func(settings.LDAP_AUTH_FORMAT_USERNAME) kwargs = { key: value for key, value in kwargs.items() if value } username = None password = None if kwargs: password = kwargs.pop("password") # username = format_username(kwargs) try: username = kwargs.pop("binddn") except: username = format_username(kwargs) # Configure the connection. if settings.LDAP_AUTH_USE_TLS: auto_bind = ldap3.AUTO_BIND_TLS_BEFORE_BIND else: auto_bind = ldap3.AUTO_BIND_NO_TLS # Connect. try: c = ldap3.Connection( ldap3.Server( settings.LDAP_AUTH_URL, allowed_referral_hosts=[("*", True)], get_info=ldap3.NONE, connect_timeout=settings.LDAP_AUTH_CONNECT_TIMEOUT, ), #user=username, #password=password, user=settings.LDAP_AUTH_CONNECTION_USERNAME, password=settings.LDAP_AUTH_CONNECTION_PASSWORD, auto_bind=auto_bind, raise_exceptions=True, receive_timeout=settings.LDAP_AUTH_RECEIVE_TIMEOUT, ) except LDAPException as ex: logger.warning("LDAP connect failed: {ex}".format(ex=ex)) yield None return # Rebind as login user. if ( settings.LDAP_AUTH_CONNECTION_USERNAME != username ): # Search login user. if c.search( search_base=settings.LDAP_AUTH_SEARCH_BASE, search_filter=format_search_filter(kwargs), search_scope=ldap3.SUBTREE, size_limit=1, ): username=c.response[0]['dn'] #print username User = get_user_model() try: c.rebind( # user=format_username({User.USERNAME_FIELD: settings.LDAP_AUTH_CONNECTION_USERNAME}), # user=settings.LDAP_AUTH_CONNECTION_USERNAME, # password=settings.LDAP_AUTH_CONNECTION_PASSWORD, user=username, password=password, ) except LDAPException as ex: logger.warning("LDAP rebind failed: {ex}".format(ex=ex)) yield None return # Return the connection. logger.info("LDAP connect succeeded") try: yield Connection(c) finally: c.unbind()