oss/Radicale
oss/Radicale
1
0
Fork 0
mirror of https://github.com/Kozea/Radicale.git synced 2025-07-23 17:48:30 +00:00
Code Wiki Activity

LDAP auth: calculate attributes to query in __init__()

Browse source 
Remove code duplication by factoring out the calculation of the
LDAP query attributes out of _login2() resp. _login3() into __init__().
This commit is contained in:
Peter Marschall 2025-01-01 18:09:00 +01:00
parent 841df09312
commit 607b3af67b
1 changed files with 7 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

17
radicale/auth/ldap.py
View file

@ -43,6 +43,7 @@ class Auth(auth.BaseAuth):
_ldap_reader_dn: str _ldap_reader_dn: str
_ldap_secret: str _ldap_secret: str
_ldap_filter: str _ldap_filter: str
_ldap_attributes: list[str] = ['memberOf']
_ldap_user_attr: str _ldap_user_attr: str
_ldap_load_groups: bool _ldap_load_groups: bool
_ldap_module_version: int = 3 _ldap_module_version: int = 3
@ -109,6 +110,10 @@ class Auth(auth.BaseAuth):
logger.info("auth.ldap_ssl_ca_file : %r" % self._ldap_ssl_ca_file) logger.info("auth.ldap_ssl_ca_file : %r" % self._ldap_ssl_ca_file)
else: else:
logger.info("auth.ldap_ssl_ca_file : (not provided)") logger.info("auth.ldap_ssl_ca_file : (not provided)")
"""Extend attributes to to be returned in the user query"""
if self._ldap_user_attr:
self._ldap_attributes.append(self._ldap_user_attr)
logger.info("ldap_attributes : %r" % self._ldap_attributes)
def _login2(self, login: str, password: str) -> str: def _login2(self, login: str, password: str) -> str:
try: try:
@ -121,15 +126,11 @@ class Auth(auth.BaseAuth):
"""Search for the dn of user to authenticate""" """Search for the dn of user to authenticate"""
escaped_login = self.ldap.filter.escape_filter_chars(login) escaped_login = self.ldap.filter.escape_filter_chars(login)
logger.debug(f"_login2 login escaped for LDAP filters: {escaped_login}") logger.debug(f"_login2 login escaped for LDAP filters: {escaped_login}")
attrs = ['memberof']
if self._ldap_user_attr:
attrs = ['memberOf', self._ldap_user_attr]
logger.debug(f"_login2 attrs: {attrs}")
res = conn.search_s( res = conn.search_s(
self._ldap_base, self._ldap_base,
self.ldap.SCOPE_SUBTREE, self.ldap.SCOPE_SUBTREE,
filterstr=self._ldap_filter.format(escaped_login), filterstr=self._ldap_filter.format(escaped_login),
attrlist=attrs attrlist=self._ldap_attributes
) )
if len(res) != 1: if len(res) != 1:
"""User could not be found unambiguously""" """User could not be found unambiguously"""
@ -198,15 +199,11 @@ class Auth(auth.BaseAuth):
"""Search the user dn""" """Search the user dn"""
escaped_login = self.ldap3.utils.conv.escape_filter_chars(login) escaped_login = self.ldap3.utils.conv.escape_filter_chars(login)
logger.debug(f"_login3 login escaped for LDAP filters: {escaped_login}") logger.debug(f"_login3 login escaped for LDAP filters: {escaped_login}")
attrs = ['memberof']
if self._ldap_user_attr:
attrs = ['memberOf', self._ldap_user_attr]
logger.debug(f"_login3 attrs: {attrs}")
conn.search( conn.search(
search_base=self._ldap_base, search_base=self._ldap_base,
search_filter=self._ldap_filter.format(escaped_login), search_filter=self._ldap_filter.format(escaped_login),
search_scope=self.ldap3.SUBTREE, search_scope=self.ldap3.SUBTREE,
attributes=attrs attributes=self._ldap_attributes
) )
if len(conn.entries) != 1: if len(conn.entries) != 1:
"""User could not be found unambiguously""" """User could not be found unambiguously"""