def set_password(self, raw_password): l = get_ldap_connection() #unicode_pass = unicode('"' + raw_password + '"', 'iso-8859-1') unicode_pass = '******' + raw_password + '"' password_value = unicode_pass.encode('utf-16-le') add_pass = [(ldap.MOD_REPLACE, 'unicodePwd', [password_value])] user_dn = self.ldap_user['distinguishedName'][0] l.modify_s(user_dn, add_pass)
def get_users_by_field(self, field, value): l = get_ldap_connection() filter_string = "({0}={1})".format(field, value) #HEFTODO build user result directly result = l.search_s(settings.AD_BASEDN, ldap.SCOPE_ONELEVEL, filterstr=filter_string) backend = PS1Backend() users = [] for ldap_user in result: guid = uuid.UUID(bytes_le=(ldap_user[1]['objectGUID'][0])) users.append(backend.get_user(str(guid))) return users
def set_password(self, raw_password): """" HEFTODO: would prefer a non admin override That means we need the current password and the new password. Requiring those means that the change password form needs some rework.""" l = backends.get_ldap_connection() #unicode_pass = unicode('"' + raw_password + '"', 'iso-8859-1') unicode_pass = '******' + raw_password + '"' password_value = unicode_pass.encode('utf-16-le') add_pass = [(ldap.MOD_REPLACE, 'unicodePwd', [password_value])] user_dn = self.ldap_user['distinguishedName'][0] l.modify_s(user_dn, add_pass) print("password changed")
def ldap_user(self): if hasattr(self, '_ldap_user'): return self._ldap_user self._ldap_user = cache.get(self.object_guid) if not self._ldap_user: guid = uuid.UUID(self.object_guid) # certain byte sequences contain printable character that can # potentially be parseable by the query string. Escape each byte as # hex to make sure this doesn't happen. restrung = ''.join(['\\%02x' % ord(x) for x in guid.bytes_le]) filter_string = r'(objectGUID={0})'.format(restrung) l = get_ldap_connection() result = l.search_ext_s(settings.AD_BASEDN, ldap.SCOPE_ONELEVEL, filterstr=filter_string) self._ldap_user = result[0][1] cache.set(self.object_guid, self._ldap_user, 24 * 60 * 60) return self._ldap_user