| 365 |
365 |
|
| 366 |
366 |
try:
|
| 367 |
367 |
if block['user_dn_template']:
|
| 368 |
|
template = str(block['user_dn_template'])
|
|
368 |
template = force_bytes(block['user_dn_template'])
|
| 369 |
369 |
escaped_username = escape_dn_chars(utf8_username)
|
| 370 |
370 |
authz_ids.append(template.format(username=escaped_username))
|
| 371 |
371 |
else:
|
| ... | ... | |
| 477 |
477 |
|
| 478 |
478 |
def create_username(self, block, attributes):
|
| 479 |
479 |
'''Build a username using the configured template'''
|
| 480 |
|
username_template = unicode(block['username_template'])
|
|
480 |
username_template = force_text(block['username_template'])
|
| 481 |
481 |
try:
|
| 482 |
482 |
return username_template.format(realm=block['realm'], **attributes)
|
| 483 |
483 |
except KeyError as e:
|
| ... | ... | |
| 575 |
575 |
if member_of_attribute:
|
| 576 |
576 |
group_dns.update(attributes.get(member_of_attribute, []))
|
| 577 |
577 |
if group_filter:
|
| 578 |
|
group_filter = str(group_filter)
|
|
578 |
group_filter = force_bytes(group_filter)
|
| 579 |
579 |
params = attributes.copy()
|
| 580 |
580 |
params['user_dn'] = dn
|
| 581 |
581 |
query = FilterFormatter().format(group_filter, **params)
|
| ... | ... | |
| 702 |
702 |
ou_slug = block['ou_slug']
|
| 703 |
703 |
OU = get_ou_model()
|
| 704 |
704 |
if ou_slug:
|
| 705 |
|
ou_slug = unicode(ou_slug)
|
|
705 |
ou_slug = force_text(ou_slug)
|
| 706 |
706 |
try:
|
| 707 |
707 |
ou = OU.objects.get(slug=ou_slug)
|
| 708 |
708 |
except OU.DoesNotExist:
|
| ... | ... | |
| 750 |
750 |
attribute_map = cls.normalize_ldap_results(results[0][1])
|
| 751 |
751 |
# add mandatory attributes
|
| 752 |
752 |
for key, mandatory_values in mandatory_attributes_values.iteritems():
|
| 753 |
|
key = str(key)
|
|
753 |
key = force_bytes(key)
|
| 754 |
754 |
old = attribute_map.setdefault(key, [])
|
| 755 |
755 |
new = set(old) | set(mandatory_values)
|
| 756 |
756 |
attribute_map[key] = list(new)
|
| 757 |
757 |
# apply mappings
|
| 758 |
758 |
for from_attribute, to_attribute in attribute_mappings:
|
| 759 |
|
from_attribute = str(from_attribute)
|
|
759 |
from_attribute = force_bytes(from_attribute)
|
| 760 |
760 |
if from_attribute not in attribute_map:
|
| 761 |
761 |
continue
|
| 762 |
|
to_attribute = str(to_attribute)
|
|
762 |
to_attribute = force_bytes(to_attribute)
|
| 763 |
763 |
old = attribute_map.setdefault(to_attribute, [])
|
| 764 |
764 |
new = set(old) | set(attribute_map[from_attribute])
|
| 765 |
765 |
attribute_map[to_attribute] = list(new)
|
| ... | ... | |
| 980 |
980 |
new_attributes = {}
|
| 981 |
981 |
for key in attributes:
|
| 982 |
982 |
try:
|
| 983 |
|
new_attributes[key.lower()] = map(lambda x: unicode(x, encoding), attributes[key])
|
|
983 |
new_attributes[key.lower()] = map(lambda x: force_text(x, encoding), attributes[key])
|
| 984 |
984 |
except UnicodeDecodeError:
|
| 985 |
985 |
log.debug('unable to decode attribute %r as UTF-8, converting to base64', key)
|
| 986 |
986 |
new_attributes[key.lower()] = map(base64.b64encode, attributes[key])
|
| ... | ... | |
| 1101 |
1101 |
raise ImproperlyConfigured(
|
| 1102 |
1102 |
'LDAP_AUTH_SETTINGS: attribute %r must be a string' % d)
|
| 1103 |
1103 |
try:
|
| 1104 |
|
block[d] = str(block[d])
|
|
1104 |
block[d] = force_bytes(block[d])
|
| 1105 |
1105 |
except UnicodeEncodeError:
|
| 1106 |
1106 |
raise ImproperlyConfigured(
|
| 1107 |
1107 |
'LDAP_AUTH_SETTINGS: attribute %r must be a string' % d)
|
| 1108 |
1108 |
if isinstance(cls._DEFAULTS[d], bool) and not isinstance(block[d], bool):
|
| 1109 |
1109 |
raise ImproperlyConfigured(
|
| 1110 |
1110 |
'LDAP_AUTH_SETTINGS: attribute %r must be a boolean' % d)
|
| 1111 |
|
if (isinstance(cls._DEFAULTS[d], (list, tuple))
|
| 1112 |
|
and not isinstance(block[d], (list, tuple))):
|
|
1111 |
if (isinstance(cls._DEFAULTS[d], (list, tuple)) and
|
|
1112 |
not isinstance(block[d], (list, tuple))):
|
| 1113 |
1113 |
raise ImproperlyConfigured(
|
| 1114 |
1114 |
'LDAP_AUTH_SETTINGS: attribute %r must be a list or a tuple' % d)
|
| 1115 |
1115 |
if isinstance(cls._DEFAULTS[d], dict) and not isinstance(block[d], dict):
|
| ... | ... | |
| 1130 |
1130 |
# we handle strings, list of strings and list of list or tuple whose first element is a
|
| 1131 |
1131 |
# string
|
| 1132 |
1132 |
if isinstance(block[key], six.string_types):
|
| 1133 |
|
block[key] = str(block[key]).lower()
|
|
1133 |
block[key] = force_bytes(block[key]).lower()
|
| 1134 |
1134 |
elif isinstance(block[key], (list, tuple)):
|
| 1135 |
1135 |
new_seq = []
|
| 1136 |
1136 |
for elt in block[key]:
|
| 1137 |
1137 |
if isinstance(elt, six.string_types):
|
| 1138 |
|
elt = str(elt).lower()
|
|
1138 |
elt = force_bytes(elt).lower()
|
| 1139 |
1139 |
elif isinstance(elt, (list, tuple)):
|
| 1140 |
1140 |
elt = list(elt)
|
| 1141 |
|
elt[0] = str(elt[0]).lower()
|
|
1141 |
elt[0] = force_bytes(elt[0]).lower()
|
| 1142 |
1142 |
elt = tuple(elt)
|
| 1143 |
1143 |
new_seq.append(elt)
|
| 1144 |
1144 |
block[key] = tuple(new_seq)
|
| 1145 |
1145 |
elif isinstance(block[key], dict):
|
| 1146 |
1146 |
newdict = {}
|
| 1147 |
1147 |
for subkey in block[key]:
|
| 1148 |
|
newdict[str(subkey).lower()] = block[key][subkey]
|
|
1148 |
newdict[force_bytes(subkey).lower()] = block[key][subkey]
|
| 1149 |
1149 |
block[key] = newdict
|
| 1150 |
1150 |
else:
|
| 1151 |
1151 |
raise NotImplementedError(
|
| ... | ... | |
| 1167 |
1167 |
for user_external_id in user.userexternalid_set.all():
|
| 1168 |
1168 |
external_id = user_external_id.external_id
|
| 1169 |
1169 |
for block in config:
|
| 1170 |
|
if user_external_id.source != unicode(block['realm']):
|
|
1170 |
if user_external_id.source != force_text(block['realm']):
|
| 1171 |
1171 |
continue
|
| 1172 |
1172 |
for external_id_tuple in block['external_id_tuples']:
|
| 1173 |
1173 |
conn = self.ldap_backend.get_connection(block)
|
| 1174 |
|
-
|