365 |
365 |
|
366 |
366 |
try:
|
367 |
367 |
if block['user_dn_template']:
|
368 |
|
template = str(block['user_dn_template'])
|
|
368 |
template = force_bytes(block['user_dn_template'])
|
369 |
369 |
escaped_username = escape_dn_chars(utf8_username)
|
370 |
370 |
authz_ids.append(template.format(username=escaped_username))
|
371 |
371 |
else:
|
... | ... | |
477 |
477 |
|
478 |
478 |
def create_username(self, block, attributes):
|
479 |
479 |
'''Build a username using the configured template'''
|
480 |
|
username_template = unicode(block['username_template'])
|
|
480 |
username_template = force_text(block['username_template'])
|
481 |
481 |
try:
|
482 |
482 |
return username_template.format(realm=block['realm'], **attributes)
|
483 |
483 |
except KeyError as e:
|
... | ... | |
575 |
575 |
if member_of_attribute:
|
576 |
576 |
group_dns.update(attributes.get(member_of_attribute, []))
|
577 |
577 |
if group_filter:
|
578 |
|
group_filter = str(group_filter)
|
|
578 |
group_filter = force_bytes(group_filter)
|
579 |
579 |
params = attributes.copy()
|
580 |
580 |
params['user_dn'] = dn
|
581 |
581 |
query = FilterFormatter().format(group_filter, **params)
|
... | ... | |
702 |
702 |
ou_slug = block['ou_slug']
|
703 |
703 |
OU = get_ou_model()
|
704 |
704 |
if ou_slug:
|
705 |
|
ou_slug = unicode(ou_slug)
|
|
705 |
ou_slug = force_text(ou_slug)
|
706 |
706 |
try:
|
707 |
707 |
ou = OU.objects.get(slug=ou_slug)
|
708 |
708 |
except OU.DoesNotExist:
|
... | ... | |
750 |
750 |
attribute_map = cls.normalize_ldap_results(results[0][1])
|
751 |
751 |
# add mandatory attributes
|
752 |
752 |
for key, mandatory_values in mandatory_attributes_values.iteritems():
|
753 |
|
key = str(key)
|
|
753 |
key = force_bytes(key)
|
754 |
754 |
old = attribute_map.setdefault(key, [])
|
755 |
755 |
new = set(old) | set(mandatory_values)
|
756 |
756 |
attribute_map[key] = list(new)
|
757 |
757 |
# apply mappings
|
758 |
758 |
for from_attribute, to_attribute in attribute_mappings:
|
759 |
|
from_attribute = str(from_attribute)
|
|
759 |
from_attribute = force_bytes(from_attribute)
|
760 |
760 |
if from_attribute not in attribute_map:
|
761 |
761 |
continue
|
762 |
|
to_attribute = str(to_attribute)
|
|
762 |
to_attribute = force_bytes(to_attribute)
|
763 |
763 |
old = attribute_map.setdefault(to_attribute, [])
|
764 |
764 |
new = set(old) | set(attribute_map[from_attribute])
|
765 |
765 |
attribute_map[to_attribute] = list(new)
|
... | ... | |
980 |
980 |
new_attributes = {}
|
981 |
981 |
for key in attributes:
|
982 |
982 |
try:
|
983 |
|
new_attributes[key.lower()] = map(lambda x: unicode(x, encoding), attributes[key])
|
|
983 |
new_attributes[key.lower()] = map(lambda x: force_text(x, encoding), attributes[key])
|
984 |
984 |
except UnicodeDecodeError:
|
985 |
985 |
log.debug('unable to decode attribute %r as UTF-8, converting to base64', key)
|
986 |
986 |
new_attributes[key.lower()] = map(base64.b64encode, attributes[key])
|
... | ... | |
1101 |
1101 |
raise ImproperlyConfigured(
|
1102 |
1102 |
'LDAP_AUTH_SETTINGS: attribute %r must be a string' % d)
|
1103 |
1103 |
try:
|
1104 |
|
block[d] = str(block[d])
|
|
1104 |
block[d] = force_bytes(block[d])
|
1105 |
1105 |
except UnicodeEncodeError:
|
1106 |
1106 |
raise ImproperlyConfigured(
|
1107 |
1107 |
'LDAP_AUTH_SETTINGS: attribute %r must be a string' % d)
|
1108 |
1108 |
if isinstance(cls._DEFAULTS[d], bool) and not isinstance(block[d], bool):
|
1109 |
1109 |
raise ImproperlyConfigured(
|
1110 |
1110 |
'LDAP_AUTH_SETTINGS: attribute %r must be a boolean' % d)
|
1111 |
|
if (isinstance(cls._DEFAULTS[d], (list, tuple))
|
1112 |
|
and not isinstance(block[d], (list, tuple))):
|
|
1111 |
if (isinstance(cls._DEFAULTS[d], (list, tuple)) and
|
|
1112 |
not isinstance(block[d], (list, tuple))):
|
1113 |
1113 |
raise ImproperlyConfigured(
|
1114 |
1114 |
'LDAP_AUTH_SETTINGS: attribute %r must be a list or a tuple' % d)
|
1115 |
1115 |
if isinstance(cls._DEFAULTS[d], dict) and not isinstance(block[d], dict):
|
... | ... | |
1130 |
1130 |
# we handle strings, list of strings and list of list or tuple whose first element is a
|
1131 |
1131 |
# string
|
1132 |
1132 |
if isinstance(block[key], six.string_types):
|
1133 |
|
block[key] = str(block[key]).lower()
|
|
1133 |
block[key] = force_bytes(block[key]).lower()
|
1134 |
1134 |
elif isinstance(block[key], (list, tuple)):
|
1135 |
1135 |
new_seq = []
|
1136 |
1136 |
for elt in block[key]:
|
1137 |
1137 |
if isinstance(elt, six.string_types):
|
1138 |
|
elt = str(elt).lower()
|
|
1138 |
elt = force_bytes(elt).lower()
|
1139 |
1139 |
elif isinstance(elt, (list, tuple)):
|
1140 |
1140 |
elt = list(elt)
|
1141 |
|
elt[0] = str(elt[0]).lower()
|
|
1141 |
elt[0] = force_bytes(elt[0]).lower()
|
1142 |
1142 |
elt = tuple(elt)
|
1143 |
1143 |
new_seq.append(elt)
|
1144 |
1144 |
block[key] = tuple(new_seq)
|
1145 |
1145 |
elif isinstance(block[key], dict):
|
1146 |
1146 |
newdict = {}
|
1147 |
1147 |
for subkey in block[key]:
|
1148 |
|
newdict[str(subkey).lower()] = block[key][subkey]
|
|
1148 |
newdict[force_bytes(subkey).lower()] = block[key][subkey]
|
1149 |
1149 |
block[key] = newdict
|
1150 |
1150 |
else:
|
1151 |
1151 |
raise NotImplementedError(
|
... | ... | |
1167 |
1167 |
for user_external_id in user.userexternalid_set.all():
|
1168 |
1168 |
external_id = user_external_id.external_id
|
1169 |
1169 |
for block in config:
|
1170 |
|
if user_external_id.source != unicode(block['realm']):
|
|
1170 |
if user_external_id.source != force_text(block['realm']):
|
1171 |
1171 |
continue
|
1172 |
1172 |
for external_id_tuple in block['external_id_tuples']:
|
1173 |
1173 |
conn = self.ldap_backend.get_connection(block)
|
1174 |
|
-
|