mirror of
https://github.com/Kozea/Radicale.git
synced 2025-08-04 18:22:26 +00:00
LDAP auth: harmonize _login2() and _login3() methods
This commit is contained in:
Peter Marschall
parent
b22038c746
commit
6f82333ff7
1 changed files with 16 additions and 7 deletions
|
|
@ -112,12 +112,18 @@ class Auth(auth.BaseAuth):
|
||||||
conn.set_option(self.ldap.OPT_REFERRALS, 0)
|
conn.set_option(self.ldap.OPT_REFERRALS, 0)
|
||||||
conn.simple_bind_s(self._ldap_reader_dn, self._ldap_secret)
|
conn.simple_bind_s(self._ldap_reader_dn, self._ldap_secret)
|
||||||
"""Search for the dn of user to authenticate"""
|
"""Search for the dn of user to authenticate"""
|
||||||
res = conn.search_s(self._ldap_base, self.ldap.SCOPE_SUBTREE, filterstr=self._ldap_filter.format(login), attrlist=['memberOf'])
|
res = conn.search_s(
|
||||||
|
self._ldap_base,
|
||||||
|
self.ldap.SCOPE_SUBTREE,
|
||||||
|
filterstr=self._ldap_filter.format(login),
|
||||||
|
attrlist=['memberOf']
|
||||||
|
)
|
||||||
if len(res) == 0:
|
if len(res) == 0:
|
||||||
"""User could not be found"""
|
"""User could not be found"""
|
||||||
return ""
|
return ""
|
||||||
user_dn = res[0][0]
|
user_entry = res[0]
|
||||||
logger.debug("LDAP Auth user: %s", user_dn)
|
user_dn = user_entry[0]
|
||||||
|
logger.debug(f"_login2 found LDAP user DN {user_dn}")
|
||||||
"""Close LDAP connection"""
|
"""Close LDAP connection"""
|
||||||
conn.unbind()
|
conn.unbind()
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
|
|
@ -132,11 +138,12 @@ class Auth(auth.BaseAuth):
|
||||||
tmp: list[str] = []
|
tmp: list[str] = []
|
||||||
if self._ldap_load_groups:
|
if self._ldap_load_groups:
|
||||||
tmp = []
|
tmp = []
|
||||||
for t in res[0][1]['memberOf']:
|
for g in user_entry[1]['memberOf']:
|
||||||
tmp.append(t.decode('utf-8').split(',')[0][3:])
|
tmp.append(g.decode('utf-8').split(',')[0][3:])
|
||||||
self._ldap_groups = set(tmp)
|
self._ldap_groups = set(tmp)
|
||||||
logger.debug("LDAP Auth groups of user: %s", ",".join(self._ldap_groups))
|
logger.debug("_login2 LDAP groups of user: %s", ",".join(self._ldap_groups))
|
||||||
conn.unbind()
|
conn.unbind()
|
||||||
|
logger.debug(f"_login2 {login} successfully authenticated")
|
||||||
return login
|
return login
|
||||||
except self.ldap.INVALID_CREDENTIALS:
|
except self.ldap.INVALID_CREDENTIALS:
|
||||||
return ""
|
return ""
|
||||||
|
|
@ -182,18 +189,20 @@ class Auth(auth.BaseAuth):
|
||||||
user_entry = conn.response[0]
|
user_entry = conn.response[0]
|
||||||
conn.unbind()
|
conn.unbind()
|
||||||
user_dn = user_entry['dn']
|
user_dn = user_entry['dn']
|
||||||
logger.debug(f"_login3 found user_dn {user_dn}")
|
logger.debug(f"_login3 found LDAP user DN {user_dn}")
|
||||||
try:
|
try:
|
||||||
"""Try to bind as the user itself"""
|
"""Try to bind as the user itself"""
|
||||||
conn = self.ldap3.Connection(server, user_dn, password=password)
|
conn = self.ldap3.Connection(server, user_dn, password=password)
|
||||||
if not conn.bind():
|
if not conn.bind():
|
||||||
logger.debug(f"_login3 user '{login}' cannot be found")
|
logger.debug(f"_login3 user '{login}' cannot be found")
|
||||||
return ""
|
return ""
|
||||||
|
tmp: list[str] = []
|
||||||
if self._ldap_load_groups:
|
if self._ldap_load_groups:
|
||||||
tmp = []
|
tmp = []
|
||||||
for g in user_entry['attributes']['memberOf']:
|
for g in user_entry['attributes']['memberOf']:
|
||||||
tmp.append(g.split(',')[0][3:])
|
tmp.append(g.split(',')[0][3:])
|
||||||
self._ldap_groups = set(tmp)
|
self._ldap_groups = set(tmp)
|
||||||
|
logger.debug("_login3 LDAP groups of user: %s", ",".join(self._ldap_groups))
|
||||||
conn.unbind()
|
conn.unbind()
|
||||||
logger.debug(f"_login3 {login} successfully authenticated")
|
logger.debug(f"_login3 {login} successfully authenticated")
|
||||||
return login
|
return login
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue