0001-ldap-add-an-option-to-indicate-provisionning-only-pu.patch
src/authentic2/backends/ldap_backend.py | ||
---|---|---|
517 | 517 |
# https://www.python-ldap.org/en/python-ldap-3.3.0/reference/ldap.html#ldap-controls |
518 | 518 |
'use_controls': False, |
519 | 519 |
'ppolicy_dn': '', |
520 |
# used to indicated that this directory serves provisionning purposes only (no direct authn) |
|
521 |
'provisionning_only': False, |
|
520 | 522 |
} |
521 | 523 |
_REQUIRED = ('url', 'basedn') |
522 | 524 |
_TO_ITERABLE = ('url', 'groupsu', 'groupstaff', 'groupactive') |
... | ... | |
603 | 605 | |
604 | 606 |
# Now we can try to authenticate |
605 | 607 |
for block in config: |
608 |
if block.get('provisionning_only', False): |
|
609 |
continue |
|
606 | 610 |
uid = username |
607 | 611 |
# if ou is provided, ignore LDAP server for other OU |
608 | 612 |
if ou: |
... | ... | |
1458 | 1462 |
yield from cls.normalize_ldap_results(data) |
1459 | 1463 | |
1460 | 1464 |
@classmethod |
1461 |
def get_users(cls, realm=None): |
|
1465 |
def get_users(cls, realm=None, provisionning=False):
|
|
1462 | 1466 |
blocks = cls.get_config() |
1463 | 1467 |
if not blocks: |
1464 | 1468 |
log.info('No LDAP server configured.') |
... | ... | |
1466 | 1470 |
for block in blocks: |
1467 | 1471 |
if realm and realm != block['realm']: |
1468 | 1472 |
continue |
1473 |
if block.get('provisionning_only', False) and not provisionning: |
|
1474 |
continue |
|
1469 | 1475 | |
1470 | 1476 |
log.info('Synchronising users from realm "%s"', block['realm']) |
1471 | 1477 |
conn = cls.get_connection(block) |
... | ... | |
1820 | 1826 |
for user_external_id in user.userexternalid_set.all(): |
1821 | 1827 |
external_id = user_external_id.external_id |
1822 | 1828 |
for block in config: |
1829 |
if block.get('provisionning_only', False): |
|
1830 |
continue |
|
1823 | 1831 |
if user_external_id.source != force_text(block['realm']): |
1824 | 1832 |
continue |
1825 | 1833 |
for external_id_tuple in map_text(block['external_id_tuples']): |
src/authentic2/management/commands/sync-ldap-users.py | ||
---|---|---|
58 | 58 |
elif verbosity == 3: |
59 | 59 |
ldap_logger.setLevel(logging.DEBUG) |
60 | 60 | |
61 |
for dummy in LDAPBackend.get_users(realm=kwargs['realm']): |
|
61 |
for dummy in LDAPBackend.get_users(realm=kwargs['realm'], provisionning=True):
|
|
62 | 62 |
continue |
tests/test_ldap.py | ||
---|---|---|
2208 | 2208 | |
2209 | 2209 |
assert 'Base ldapsearch command' not in ldap_config_text |
2210 | 2210 |
assert 'Error while attempting to connect to LDAP server' in ldap_config_text |
2211 | ||
2212 | ||
2213 |
def test_provisionning_only(slapd, settings, client, db): |
|
2214 |
settings.LDAP_AUTH_SETTINGS = [ |
|
2215 |
{ |
|
2216 |
'url': [slapd.ldap_url], |
|
2217 |
'basedn': 'o=ôrga', |
|
2218 |
'use_tls': False, |
|
2219 |
'attributes': ['jpegPhoto'], |
|
2220 |
'provisionning_only': True, |
|
2221 |
} |
|
2222 |
] |
|
2223 |
result = client.post( |
|
2224 |
'/login/', {'login-password-submit': '1', 'username': USERNAME, 'password': PASS}, follow=True |
|
2225 |
) |
|
2226 |
assert result.status_code == 200 |
|
2227 |
assert force_bytes('Étienne Michu') not in result.content |
|
2228 |
assert User.objects.count() == 0 |
|
2211 |
- |