def _connect():
global _currentLdapConnection
if not user.isInAD() and not (user.isRoot() or not computer.isInAD()):
logging.warning("Cannot perform LDAP search: User is not in AD!")
_currentLdapConnection = None
return False
if not _currentLdapConnection == None:
return True
try:
sasl_auth = ldap.sasl.sasl({}, 'GSSAPI')
_currentLdapConnection = ldap.initialize(serverUrl(), trace_level=0)
# TODO:
# conn.set_option(ldap.OPT_X_TLS_CACERTFILE, '/path/to/ca.pem')
# conn.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
# conn.start_tls_s()
_currentLdapConnection.set_option(ldap.OPT_REFERRALS, 0)
_currentLdapConnection.protocol_version = ldap.VERSION3
_currentLdapConnection.sasl_interactive_bind_s("", sasl_auth)
except Exception as e:
_currentLdapConnection = None
logging.error("Cloud not bind to ldap!")
logging.exception(e)
return False
return True
def readAttributes():
"""
Reads all attributes of the current user from ldap
:return: Tuple (success, dict of user attributes)
:rtype: tuple
"""
if not user.isInAD():
return False, None
return ldapHelper.searchOne(f"(sAMAccountName={user.username()})")
def _isApplicable():
if not user.isInAD():
logging.error(
"Modifying environment variables of non-AD users is not supported by lmn-export and lmn-unset!"
)
return False
elif "LinuxmusterLinuxclient7EnvFixActive" not in os.environ or os.environ[
"LinuxmusterLinuxclient7EnvFixActive"] != "1":
logging.error(
"lmn-export and lmn-unset may only be used inside of linuxmuster-linuxclient7 hooks!"
)
return False
else:
return True
def readAttributes():
if not user.isInAD():
return False, None
return ldapHelper.searchOne("(sAMAccountName={})".format(user.username()))