0001-ldap-add-an-enabled-option-60493.patch
src/authentic2/backends/ldap_backend.py | ||
---|---|---|
517 | 517 |
# https://www.python-ldap.org/en/python-ldap-3.3.0/reference/ldap.html#ldap-controls |
518 | 518 |
'use_controls': False, |
519 | 519 |
'ppolicy_dn': '', |
520 |
# is the directory enabled? it can disabled e.g. for debugging purposes |
|
521 |
'enabled': True, |
|
520 | 522 |
} |
521 | 523 |
_REQUIRED = ('url', 'basedn') |
522 | 524 |
_TO_ITERABLE = ('url', 'groupsu', 'groupstaff', 'groupactive') |
... | ... | |
603 | 605 | |
604 | 606 |
# Now we can try to authenticate |
605 | 607 |
for block in config: |
608 |
if not block.get('enabled', True): |
|
609 |
continue |
|
606 | 610 |
uid = username |
607 | 611 |
# if ou is provided, ignore LDAP server for other OU |
608 | 612 |
if ou: |
tests/test_ldap.py | ||
---|---|---|
2208 | 2208 | |
2209 | 2209 |
assert 'Base ldapsearch command' not in ldap_config_text |
2210 | 2210 |
assert 'Error while attempting to connect to LDAP server' in ldap_config_text |
2211 | ||
2212 | ||
2213 |
def test_explicitely_enabled(slapd, settings, client, db): |
|
2214 |
settings.LDAP_AUTH_SETTINGS = [ |
|
2215 |
{ |
|
2216 |
'url': [slapd.ldap_url], |
|
2217 |
'basedn': 'o=ôrga', |
|
2218 |
'use_tls': False, |
|
2219 |
'attributes': ['jpegPhoto'], |
|
2220 |
'enabled': True, |
|
2221 |
} |
|
2222 |
] |
|
2223 |
result = client.post( |
|
2224 |
'/login/', {'login-password-submit': '1', 'username': USERNAME, 'password': PASS}, follow=True |
|
2225 |
) |
|
2226 |
assert result.status_code == 200 |
|
2227 |
assert force_bytes('Étienne Michu') in result.content |
|
2228 |
assert User.objects.count() == 1 |
|
2229 | ||
2230 | ||
2231 |
def test_disabled(slapd, settings, client, db): |
|
2232 |
settings.LDAP_AUTH_SETTINGS = [ |
|
2233 |
{ |
|
2234 |
'url': [slapd.ldap_url], |
|
2235 |
'basedn': 'o=ôrga', |
|
2236 |
'use_tls': False, |
|
2237 |
'attributes': ['jpegPhoto'], |
|
2238 |
'enabled': False, |
|
2239 |
} |
|
2240 |
] |
|
2241 |
result = client.post( |
|
2242 |
'/login/', {'login-password-submit': '1', 'username': USERNAME, 'password': PASS}, follow=True |
|
2243 |
) |
|
2244 |
assert result.status_code == 200 |
|
2245 |
assert force_bytes('Étienne Michu') not in result.content |
|
2246 |
assert User.objects.count() == 0 |
|
2211 |
- |