Пример #1
0
    def get_user(self, *args, **kwargs):
        """
        Returns the user with the given identifier.

        The user identifier should either be keyword arguments,
        or positional arguments that match the fields in
        settings.LDAP_AUTH_USER_LOOKUP_FIELDS.

        For the default User model, this can therefor be in
        the form `get_user(username)` or `get_user(username=username)`.
        """
        # Parse the user lookup.
        user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS, True, args, kwargs)
        # Search the LDAP database.
        search_filter = "(&(objectClass={object_class}){user_identifier})".format(
            object_class = clean_ldap_name(settings.LDAP_AUTH_OBJECT_CLASS),
            user_identifier = "".join(
                "({attribute_name}={field_value})".format(
                    attribute_name = clean_ldap_name(settings.LDAP_AUTH_USER_FIELDS[field_name]),
                    field_value = clean_ldap_name(field_value),
                )
                for field_name, field_value
                in user_identifier.items()
            ),
        )
        if self._connection.search(
            search_base = settings.LDAP_AUTH_SEARCH_BASE,
            search_filter = search_filter,
            search_scope = ldap3.SEARCH_SCOPE_WHOLE_SUBTREE,
            attributes = list(settings.LDAP_AUTH_USER_FIELDS.values()),
            size_limit = 1,
        ):
            return self._get_or_create_user(self._connection.response[0])
        return None
Пример #2
0
    def get_user(self, *args, **kwargs):
        """
        Returns the user with the given identifier.

        The user identifier should either be keyword arguments,
        or positional arguments that match the fields in
        settings.LDAP_AUTH_USER_LOOKUP_FIELDS.

        For the default User model, this can therefor be in
        the form `get_user(username)` or `get_user(username=username)`.
        """
        # Parse the user lookup.
        user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS, True, args, kwargs)
        # Search the LDAP database.
        search_filter = "(&(objectClass={object_class}){user_identifier})".format(
            object_class = clean_ldap_name(settings.LDAP_AUTH_OBJECT_CLASS),
            user_identifier = "".join(
                "({attribute_name}={field_value})".format(
                    attribute_name = clean_ldap_name(settings.LDAP_AUTH_USER_FIELDS[field_name]),
                    field_value = clean_ldap_name(field_value),
                )
                for field_name, field_value
                in user_identifier.items()
            ),
        )
        if self._connection.search(
            search_base = settings.LDAP_AUTH_SEARCH_BASE,
            search_filter = search_filter,
            search_scope = ldap3.SEARCH_SCOPE_WHOLE_SUBTREE,
            attributes = ldap3.ALL_ATTRIBUTES,
            size_limit = 1,
        ):
            return self._get_or_create_user(self._connection.response[0])
        return None
Пример #3
0
def connection(*args, **kwargs):
    """
    Creates and returns a connection to the LDAP server.

    If a user identifier is given, it should either be
    keyword arguments, or positional arguments that match the fields in
    settings.LDAP_AUTH_USER_LOOKUP_FIELDS.

    The final positional argument, or the keyword argument `password`, will
    be taken as the user's password.
    """
    # Parse the user lookup.
    user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS + ("password",), False, args, kwargs)
    # Format the DN for the username.
    if user_identifier:
        password = user_identifier.pop("password")
        username_dn = "{user_identifier},{search_base}".format(
            user_identifier = ",".join(
                "{attribute_name}={field_value}".format(
                    attribute_name = clean_ldap_name(settings.LDAP_AUTH_USER_FIELDS[field_name]),
                    field_value = clean_ldap_name(field_value),
                )
                for field_name, field_value
                in user_identifier.items()
            ),
            search_base = settings.LDAP_AUTH_SEARCH_BASE,
        )
    else:
        password = None
        username_dn = None
    # Make the connection.
    if user_identifier:
        if settings.LDAP_AUTH_USE_TLS:
            auto_bind = ldap3.AUTO_BIND_TLS_BEFORE_BIND
        else:
            auto_bind = ldap3.AUTO_BIND_NO_TLS
    else:
        auto_bind = ldap3.AUTO_BIND_NONE
    try:
        c = ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=username_dn, password=password, auto_bind=auto_bind)
        with ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=username_dn, password=password, auto_bind=auto_bind) as c:
            yield Connection(c)
    except ldap3.LDAPBindError:
        # Alternative search LDAP_AUTH_SEARCH_BASE
        alt_con = ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=settings.LDAP_SEARCH_DN,
                                   password=settings.LDAP_SEARCH_PASSWORD, auto_bind=auto_bind)
        if alt_con.search(settings.LDAP_AUTH_SEARCH_BASE,'(&(objectClass=person)(uid=%s))' % (kwargs['username'],), ldap3.SUBTREE):
            try:
                if len(alt_con.response) == 1:
                    username_dn = alt_con.response[0]['dn']
                    c2 =  ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=username_dn, password=password, auto_bind=auto_bind)
                    yield Connection(c2)
            except:
                yield
        else:
            yield
Пример #4
0
def connection(*args, **kwargs):
    """
    Creates and returns a connection to the LDAP server.

    If a user identifier is given, it should either be
    keyword arguments, or positional arguments that match the fields in
    settings.LDAP_AUTH_USER_LOOKUP_FIELDS.

    The final positional argument, or the keyword argument `password`, will
    be taken as the user's password.
    """
    # Parse the user lookup.
    user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS + ("password",), False, args, kwargs)
    # Format the DN for the username.
    if user_identifier:
        password = user_identifier.pop("password")
        username_dn = "{user_identifier},{search_base}".format(
            user_identifier = ",".join(
                "{attribute_name}={field_value}".format(
                    attribute_name = clean_ldap_name(settings.LDAP_AUTH_USER_FIELDS[field_name]),
                    field_value = clean_ldap_name(field_value),
                )
                for field_name, field_value
                in user_identifier.items()
            ),
            search_base = settings.LDAP_AUTH_SEARCH_BASE,
        )
    else:
        username_dn = settings.LDAP_AUTH_CONNECTION_USERNAME
        password = settings.LDAP_AUTH_CONNECTION_PASSWORD
    # Make the connection.
    # --------------------------------------------------------------------------
    # iJet changes here to support explicit auto bind override.
    if settings.LDAP_AUTO_BIND is None:
        if user_identifier:
            if settings.LDAP_AUTH_USE_TLS:
                auto_bind = ldap3.AUTO_BIND_TLS_BEFORE_BIND
            else:
                auto_bind = ldap3.AUTO_BIND_NO_TLS
        else:
            auto_bind = ldap3.AUTO_BIND_NONE
    else:
        auto_bind = settings.LDAP_AUTO_BIND
    # --------------------------------------------------------------------------
    try:
        with ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=username_dn, password=password, auto_bind=auto_bind) as c:
            yield Connection(c)
    except (ldap3.LDAPBindError, ldap3.LDAPSASLPrepError):
        yield None
Пример #5
0
def authenticate(*args, **kwargs):
    """
    Authenticates with the LDAP server, and returns
    the corresponding Django user instance.

    The user identifier should either be
    keyword arguments, or positional arguments that match the fields in
    settings.LDAP_AUTH_USER_LOOKUP_FIELDS.

    The final positional argument, or the keyword argument `password`, will
    be taken as the user's password.
    """
    user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS + ("password",), True, args, kwargs)
    user_identifier.pop("password")
    with connection(*args, **kwargs) as c:
        if c is None:
            return None
        return c.get_user(**user_identifier)
Пример #6
0
def authenticate(*args, **kwargs):
    """
    Authenticates with the LDAP server, and returns
    the corresponding Django user instance.

    The user identifier should either be
    keyword arguments, or positional arguments that match the fields in
    settings.LDAP_AUTH_USER_LOOKUP_FIELDS.

    The final positional argument, or the keyword argument `password`, will
    be taken as the user's password.
    """
    user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS + ("password",), True, args, kwargs)
    user_identifier.pop("password")
    with connection(*args, **kwargs) as c:
        if c is None:
            return None
        return c.get_user(**user_identifier)
Пример #7
0
def connection(*args, **kwargs):
    """
    Creates and returns a connection to the LDAP server.

    If a user identifier is given, it should either be
    keyword arguments, or positional arguments that match the fields in
    settings.LDAP_AUTH_USER_LOOKUP_FIELDS.

    The final positional argument, or the keyword argument `password`, will
    be taken as the user's password.
    """
    # Parse the user lookup.
    user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS + ("password",), False, args, kwargs)
    # Format the DN for the username.
    if user_identifier:
        password = user_identifier.pop("password")
        username_dn = "{user_identifier},{search_base}".format(
            user_identifier = ",".join(
                "{attribute_name}={field_value}".format(
                    attribute_name = clean_ldap_name(settings.LDAP_AUTH_USER_FIELDS[field_name]),
                    field_value = clean_ldap_name(field_value),
                )
                for field_name, field_value
                in user_identifier.items()
            ),
            search_base = settings.LDAP_AUTH_SEARCH_BASE,
        )
    else:
        password = None
        username_dn = None
    # Make the connection.
    with ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=username_dn, password=password, auto_bind=ldap3.AUTO_BIND_NONE) as c:

        if settings.LDAP_AUTH_USE_TLS:
            c.start_tls()

        # Attempt authentication, if required.
        if user_identifier and not c.bind():
            yield None
        else:
            # We authenticated, so let's return the connection.
            auth_connection = Connection(c)
            yield auth_connection
Пример #8
0
def connection(*args, **kwargs):
    """
    Creates and returns a connection to the LDAP server.

    If a user identifier is given, it should either be
    keyword arguments, or positional arguments that match the fields in
    settings.LDAP_AUTH_USER_LOOKUP_FIELDS.

    The final positional argument, or the keyword argument `password`, will
    be taken as the user's password.
    """
    # Parse the user lookup.
    user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS + ("password",), False, args, kwargs)
    # Format the DN for the username.
    if user_identifier:
        password = user_identifier.pop("password")
        username_dn = "{user_identifier},{search_base}".format(
            user_identifier = ",".join(
                "{attribute_name}={field_value}".format(
                    attribute_name = clean_ldap_name(settings.LDAP_AUTH_USER_FIELDS[field_name]),
                    field_value = clean_ldap_name(field_value),
                )
                for field_name, field_value
                in user_identifier.items()
            ),
            search_base = settings.LDAP_AUTH_SEARCH_BASE,
        )
    else:
        password = None
        username_dn = None
    # Make the connection.
    if user_identifier:
        if settings.LDAP_AUTH_USE_TLS:
            auto_bind = ldap3.AUTO_BIND_TLS_BEFORE_BIND
        else:
            auto_bind = ldap3.AUTO_BIND_NO_TLS
    else:
        auto_bind = ldap3.AUTO_BIND_NONE
    try:
        with ldap3.Connection(ldap3.Server(settings.LDAP_AUTH_URL), user=username_dn, password=password, auto_bind=auto_bind) as c:
            yield Connection(c)
    except ldap3.LDAPBindError:
        yield None
Пример #9
0
    def get_user(self, *args, **kwargs):
        """
        Returns the user with the given identifier.

        The user identifier should either be keyword arguments,
        or positional arguments that match the fields in
        settings.LDAP_AUTH_USER_LOOKUP_FIELDS.

        For the default User model, this can therefor be in
        the form `get_user(username)` or `get_user(username=username)`.
        """
        # Parse the user lookup.
        user_identifier = resolve_user_identifier(settings.LDAP_AUTH_USER_LOOKUP_FIELDS, True, args, kwargs)
        # Search the LDAP database.

        search_filter = "(uid={username})".format(
                    username = user_identifier['username'].split('@')[0],
                )
        


        if self._connection.search(
            search_base = settings.LDAP_AUTH_SEARCH_BASE,
            search_filter = search_filter,
            search_scope = ldap3.SEARCH_SCOPE_WHOLE_SUBTREE,
            attributes = list(settings.LDAP_AUTH_USER_FIELDS.values()),
            size_limit = 1,
        ):
            split_attrs = self._connection.response[0]['attributes']['cn'][0].split()
            first = split_attrs[0] 
            last = split_attrs[1] 
            User = get_user_model()
            user_dict = {
                    'username': user_identifier['username'].split('@')[0],
                    'email': user_identifier['username']
                    }
            user, created = User.objects.get_or_create(**user_dict)
            user.first_name = first
            user.last_name = last
            user.save()
            return user
        return None