def authenticate(self, username=None, password=None):
if not password:
return None
username = username.lower()
# works for username and [email protected]
username = username.lower().split('@')[0]
try:
# initialise the LDAP manager
l = LDAPManager()
result_data = l.search(username,field="cn")
# If the user does not exist in LDAP, Fail.
if not result_data:
return None
# Attempt to bind to the user's DN.
l.bind(result_data[0][0],password)
# Success. The user existed and authenticated.
# Get group
group = None
if result_data[0][1].get("carthageFacultyStatus"):
if result_data[0][1]["carthageFacultyStatus"][0] == "A":
group = "carthageFacultyStatus"
if result_data[0][1].get("carthageStaffStatus"):
if result_data[0][1]["carthageStaffStatus"][0] == "A":
group = "carthageStaffStatus"
if result_data[0][1].get("carthageStudentStatus"):
if result_data[0][1]["carthageStudentStatus"][0] == "A":
group = "carthageStudentStatus"
# Get the user record or create one with no privileges.
try:
user = User.objects.get(username__exact=username)
if not user.last_name:
user.last_name = result_data[0][1]['sn'][0]
user.first_name = result_data[0][1]['givenName'][0]
user.save()
try:
if group:
# add them to their group
# or 'except' if they already belong
g = Group.objects.get(name__iexact=group)
g.user_set.add(user)
except:
return user
except:
# Create a User object.
user = l.dj_create(
result_data, auth_user_pk=settings.LDAP_AUTH_USER_PK
)
# Success.
return user
except Exception, e:
# Name or password were bad. Fail permanently.
return None
def main():
"""
main method
"""
# initialize the manager
l = LDAPManager()
"""
l = LDAPManager(
protocol=settings.LDAP_PROTOCOL_PWM,
server=settings.LDAP_SERVER_PWM,
port=settings.LDAP_PORT_PWM,
user=settings.LDAP_USER_PWM,
password=settings.LDAP_PASS_PWM,
base=settings.LDAP_BASE_PWM
)
"""
result = l.search(value,field=field)
print result
# authenticate
if password:
auth = l.bind(result[0][0],password)
print auth
# create a django user
if create:
user = l.dj_create(result[0][1]["cn"][0],result)
print user
def main():
"""
main method
"""
# initialize the manager
l = LDAPManager()
"""
l = LDAPManager(
protocol=settings.LDAP_PROTOCOL_PWM,
server=settings.LDAP_SERVER_PWM,
port=settings.LDAP_PORT_PWM,
user=settings.LDAP_USER_PWM,
password=settings.LDAP_PASS_PWM,
base=settings.LDAP_BASE_PWM
)
"""
result = l.search(value,field=field)
if field == 'carthageDob':
for r in result:
p = "{cn[0]}|{carthageNameID[0]}|{sn[0]}|{givenName[0]}|{mail[0]}"
print p.format(**r[1])
else:
print result
# authenticate
if password:
auth = l.bind(result[0][0],password)
print auth
# create a django user
if create:
user = l.dj_create(result[0][1]['cn'][0],result)
print user
def authenticate(self, username=None, password=None, request=None):
if not password:
return None
username = username.lower()
l = LDAPManager()
'''
l = LDAPManager(
protocol=settings.LDAP_PROTOCOL_PWM,
server=settings.LDAP_SERVER_PWM,
port=settings.LDAP_PORT_PWM,
user=settings.LDAP_USER_PWM,
password=settings.LDAP_PASS_PWM,
base=settings.LDAP_BASE_PWM
)
'''
try:
result_data = l.search(username,field='cn')
# If the user does not exist in LDAP, Fail.
if not result_data and request:
request.session['ldap_account'] = False
return None
# Attempt to bind to the user's DN.
l.bind(result_data[0][0],password)
# Success. The user existed and authenticated.
# Get the user record or create one with no privileges.
try:
user = User.objects.get(username__exact=username)
except:
# Create a User object.
user = l.dj_create(result_data)
# TODO: update the alumni container
return user
except ldap.INVALID_CREDENTIALS:
# Name or password were bad. Fail permanently.
if request:
request.session['ldap_cn'] = username
request.session['ldap_account'] = True
request.session['ldap_questions'] = self.get_questions(username)
return None
def modify_ldap_password(request):
"""
Modifies the password for an LDAP account.
Requires POST.
"""
errors = {}
if request.method == 'POST':
form = ModifyLdapPasswordForm(request.POST)
if form.is_valid():
data = form.cleaned_data
where = 'WHERE'
where+= ' ( lower(id_rec.lastname) = "{}" )'.format(
data['sn'].lower()
)
where+= ' AND'
where+= '''
(profile_rec.birth_date = "{}"
'''.format(data['carthageDob'].strftime('%m/%d/%Y'))
where+= ' OR profile_rec.birth_date is null)'
where+= ' AND'
where+= '''
SUBSTRING(id_rec.ss_no FROM 8 FOR 4) = "{}"
'''.format(data['ssn'])
sql = CONFIRM_USER + where
results = do_sql(sql, key=settings.INFORMIX_DEBUG)
try:
objects = results.fetchall()
except:
objects = ''
if len(objects) == 1:
# initial the ldap manager
# we have to use the PWM server here
l = LDAPManager(
protocol=settings.LDAP_PROTOCOL_PWM,
server=settings.LDAP_SERVER_PWM,
port=settings.LDAP_PORT_PWM,
user=settings.LDAP_USER_PWM,
password=settings.LDAP_PASS_PWM,
base=settings.LDAP_BASE_PWM
)
search = l.search(objects[0].id)
if search:
# now modify password
# modify_s() returns a tuple with status code
# and an empty list: (103, [])
try:
status = l.modify(
search[0][0], 'userPassword',
data['userPassword']
)
# success = 103
if status[0] == 103:
# success
request.session['ldap_password_success'] = True
# Get the user record or create one with no privileges.
try:
user = User.objects.get(
username__exact=search[0][1]['cn'][0]
)
except:
# Create a User object.
user = l.dj_create(search)
# authenticate user
user.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, user)
return HttpResponseRedirect(
reverse_lazy('alumni_directory_home')
)
except Exception as e:
# log it for later
ldap_logger.debug('ldap error: {}\n{}'.format(e,data))
if '16019' in str(e):
error = """
There was an error creating your account. Verify that
your password does not contain any English words like
the names of months, colors, etc.
"""
else:
error = """
There was an error creating your account. Verify that
your passwords meet the criteria.
"""
messages.add_message(
request, messages.ERROR, error, extra_tags='alert alert-danger'
)
else:
# fail
errors['ldap'] = "We failed to update your password."
else:
errors['ldap'] = "We failed to find your Alumni account."
else:
errors['informix'] = "We could not find you in the database."
else:
form = ModifyLdapPasswordForm()
return render(
request,
'registration/modify_ldap_password.html',
{'form':form,'errors':errors}
)
def create_ldap(request):
"""
Creates an LDAP account.
Requires POST.
After successful create, we update Informix with
the LDAP username.
"""
if request.method == 'POST':
form = CreateLdapForm(request.POST)
if form.is_valid():
data = form.cleaned_data
# dob format: YYYY-MM-DD
data['carthageDob'] = data['carthageDob'].strftime('%Y-%m-%d')
# username (cn) will be email address
data['cn'] = data['mail']
# remove confirmation password
data.pop('confPassword',None)
# python ldap wants strings, not unicode
for k,v in data.items():
data[k] = str(v)
data['objectclass'] = settings.LDAP_OBJECT_CLASS_LIST
data['carthageFacultyStatus'] = ''
data['carthageStaffStatus'] = ''
data['carthageStudentStatus'] = ''
data['carthageFormerStudentStatus'] = 'A'
data['carthageOtherStatus'] = ''
# create the ldap user
# we have to use the PWM server here
l = LDAPManager(
protocol=settings.LDAP_PROTOCOL_PWM,
server=settings.LDAP_SERVER_PWM,
port=settings.LDAP_PORT_PWM,
user=settings.LDAP_USER_PWM,
password=settings.LDAP_PASS_PWM,
base=settings.LDAP_BASE_PWM
)
try:
user = l.create(data)
# set session ldap_cn, why?
request.session['ldap_cn'] = user[0][1]['cn'][0]
if not settings.DEBUG:
# update informix cvid_rec.ldap_user
sql = '''
UPDATE cvid_rec SET ldap_name='{}',
ldap_add_date = TODAY
WHERE cx_id = '{}'
'''.format(
user[0][1]['cn'][0], user[0][1]['carthageNameID'][0]
)
ln = do_sql(sql, key=settings.INFORMIX_DEBUG)
# create the django user
djuser = l.dj_create(user)
data['djuser'] = djuser
# authenticate user
djuser.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, djuser)
# send email to admins
subject = "[LDAP][Create] {} {}".format(
user[0][1]['givenName'][0],
user[0][1]['sn'][0]
)
if settings.DEBUG:
to_list = [settings.SERVER_EMAIL]
else:
to_list = settings.LDAP_CREATE_TO_LIST
send_mail(
request,to_list, subject, data['mail'],
'registration/create_ldap_email.html', data
)
return HttpResponseRedirect(
reverse_lazy('alumni_directory_home')
)
except Exception as e:
# log it for later
ldap_logger.debug('ldap error: {}\n{}'.format(e,data))
if '16019' in str(e):
error = """
There was an error creating your account. Verify that
your password does not contain any English words like
the names of months, colors, etc.
"""
else:
error = """
There was an error creating your account. Verify that
your passwords meet the criteria.
"""
messages.add_message(
request, messages.ERROR, error, extra_tags='alert alert-danger'
)
return render(
request,
'registration/create_ldap.html', {'form':form,}
)
else:
return render(
request,
'registration/create_ldap.html', {'form':form,}
)
elif settings.DEBUG:
form = CreateLdapForm(initial={'carthageNameID':'901257',})
return render(
request,
'registration/create_ldap.html', {'form':form,}
)
else:
# POST required
return HttpResponseRedirect(reverse_lazy('registration_search'))
