def authenticate(self, username=None, password=None, server=None): self.add_ldap_config_for_server(server) username_filter_kwargs = ldap_access.get_ldap_user_kwargs(username) # Do this check up here, because the auth call creates a django user upon first login per user is_super = False if not UserProfile.objects.filter(creation_method=str(UserProfile.CreationMethod.EXTERNAL)).exists(): # If there are no LDAP users already in the system, the first one will # become a superuser is_super = True elif User.objects.filter(**username_filter_kwargs).exists(): # If the user already exists, we shouldn't change its superuser # privileges. However, if there's a naming conflict with a non-external # user, we should do the safe thing and turn off superuser privs. existing_user = User.objects.get(**username_filter_kwargs) existing_profile = get_profile(existing_user) if existing_profile.creation_method == str(UserProfile.CreationMethod.EXTERNAL): is_super = User.objects.get(**username_filter_kwargs).is_superuser elif not desktop.conf.LDAP.CREATE_USERS_ON_LOGIN.get(): return None try: user = self._backend.authenticate(username, password) except ImproperlyConfigured, detail: LOG.warn("LDAP was not properly configured: %s", detail) return None
def authenticate(self, username=None, password=None, server=None): self.add_ldap_config_for_server(server) username_filter_kwargs = ldap_access.get_ldap_user_kwargs(username) # Do this check up here, because the auth call creates a django user upon first login per user is_super = False if not UserProfile.objects.filter(creation_method=str( UserProfile.CreationMethod.EXTERNAL)).exists(): # If there are no LDAP users already in the system, the first one will # become a superuser is_super = True elif User.objects.filter(**username_filter_kwargs).exists(): # If the user already exists, we shouldn't change its superuser # privileges. However, if there's a naming conflict with a non-external # user, we should do the safe thing and turn off superuser privs. existing_user = User.objects.get(**username_filter_kwargs) existing_profile = get_profile(existing_user) if existing_profile.creation_method == str( UserProfile.CreationMethod.EXTERNAL): is_super = User.objects.get( **username_filter_kwargs).is_superuser elif not desktop.conf.LDAP.CREATE_USERS_ON_LOGIN.get(): return None try: user = self._backend.authenticate(username, password) except ImproperlyConfigured, detail: LOG.warn("LDAP was not properly configured: %s", detail) return None
def authenticate(self, request=None, username=None, password=None, server=None): self.add_ldap_config_for_server(server) username_filter_kwargs = ldap_access.get_ldap_user_kwargs(username) # Do this check up here, because the auth call creates a django user upon first login per user is_super = False if not UserProfile.objects.filter(creation_method=UserProfile.CreationMethod.EXTERNAL.name).exists(): # If there are no LDAP users already in the system, the first one will # become a superuser is_super = True elif User.objects.filter(**username_filter_kwargs).exists(): # If the user already exists, we shouldn't change its superuser # privileges. However, if there's a naming conflict with a non-external # user, we should do the safe thing and turn off superuser privs. existing_user = User.objects.get(**username_filter_kwargs) existing_profile = get_profile(existing_user) if existing_profile.creation_method == UserProfile.CreationMethod.EXTERNAL.name: is_super = User.objects.get(**username_filter_kwargs).is_superuser elif not LDAP.CREATE_USERS_ON_LOGIN.get(): LOG.warning("Create users when they login with their LDAP credentials is turned off") return None try: allowed_group = self.check_ldap_access_groups(server, username) if allowed_group: if sys.version_info[0] > 2: user = self._backend.authenticate(request, username=username, password=password) else: user = self._backend.authenticate(username=username, password=password) else: LOG.warning("%s not in an allowed login group" % username) return None except ImproperlyConfigured as detail: LOG.warning("LDAP was not properly configured: %s", detail) return None if AUTH.PAM_USE_PWD_MODULE.get() and user is not None: LOG.debug('Setting LDAP username to %s using PAM pwd module for user %s' % (getpwnam(username).pw_name, username)) pam_user = getpwnam(username).pw_name try: user = User.objects.get(username__iexact=pam_user) except User.DoesNotExist: user = find_or_create_user(pam_user, None) if user is not None and user.is_active: profile = get_profile(user) profile.creation_method = UserProfile.CreationMethod.EXTERNAL.name profile.save() user.is_superuser = is_super user = rewrite_user(user) ensure_has_a_group(user) if LDAP.SYNC_GROUPS_ON_LOGIN.get(): self.import_groups(server, user) return user