79 |
79 |
# realm for selecting an ldap configuration or formatting usernames
|
80 |
80 |
'realm': 'ldap',
|
81 |
81 |
# template for building username
|
82 |
|
'username_template': '{username}@{realm}',
|
|
82 |
'username_template': '{uid}@{realm}',
|
83 |
83 |
# allow to match multiple user records
|
84 |
84 |
'multimatch': True,
|
85 |
85 |
# update username on all login, use with CAUTION !! only if you know that
|
... | ... | |
430 |
430 |
log.error('user bind failed: authz_id not found %r', ', '.join(authz_ids))
|
431 |
431 |
if block['replicas']:
|
432 |
432 |
break
|
433 |
|
return self._return_user(uri, authz_id, username, password, conn, block)
|
|
433 |
return self._return_user(uri, authz_id, password, conn, block)
|
434 |
434 |
except ldap.SERVER_DOWN:
|
435 |
435 |
log.error('ldap authentication error: %r is down', uri)
|
436 |
436 |
finally:
|
... | ... | |
456 |
456 |
def backend_name(self):
|
457 |
457 |
return '%s.%s' % (__name__, self.__class__.__name__)
|
458 |
458 |
|
459 |
|
def create_username(self, uri, dn, username, password, conn, block, attributes):
|
|
459 |
def create_username(self, uri, dn, conn, block, attributes):
|
460 |
460 |
'''Build a username using the configured template'''
|
461 |
461 |
username_template = unicode(block['username_template'])
|
462 |
|
return username_template.format(username=username, uri=uri,
|
|
462 |
# create the uid from user's dn
|
|
463 |
uid = dn.split(',')[0]
|
|
464 |
uid = uid.split('=')[1]
|
|
465 |
return username_template.format(uid=uid, uri=uri,
|
463 |
466 |
block=block, realm=block['realm'], **attributes)
|
464 |
467 |
|
465 |
468 |
def save_user(self, user, username):
|
... | ... | |
762 |
765 |
.delete()
|
763 |
766 |
|
764 |
767 |
@commit_on_success
|
765 |
|
def _return_user(self, uri, dn, username, password, conn, block):
|
|
768 |
def _return_user(self, uri, dn, password, conn, block):
|
766 |
769 |
attributes = self.get_ldap_attributes(block, conn, dn)
|
767 |
770 |
if attributes is None:
|
768 |
771 |
# attributes retrieval failed
|
769 |
772 |
return
|
770 |
773 |
log.debug('retrieved attributes for %r: %r', dn, attributes)
|
771 |
|
username = self.create_username(uri, dn, username, password, conn,
|
772 |
|
block, attributes)
|
|
774 |
username = self.create_username(uri, dn, conn, block, attributes)
|
773 |
775 |
if block['transient']:
|
774 |
776 |
return self._return_transient_user(uri, dn, username, password,
|
775 |
777 |
conn, block, attributes)
|
776 |
|
-
|