0001-ldap-add-options-to-control-authentiction-and-cron-p.patch

Emmanuel Cazenave, 21 juin 2022 16:04

Voir les différences: en ligne côte à côte

Subject: [PATCH] ldap: add options to control authentiction and cron
 provisionning (#60492)

 src/authentic2/backends/ldap_backend.py |  8 +++++
 tests/test_ldap.py                      | 46 +++++++++++++++++++++++++
 2 files changed, 54 insertions(+)

             # https://www.python-ldap.org/en/python-ldap-3.3.0/reference/ldap.html#ldap-controls
             'use_controls': False,
             'ppolicy_dn': '',
             'authentication': True,
             'cron_provisionning': True,
+        }
         _REQUIRED = ('url', 'basedn')
         _TO_ITERABLE = ('url', 'groupsu', 'groupstaff', 'groupactive')
-...
             # Now we can try to authenticate
             for block in config:
                 if block['authentication'] is False:
                     continue
                 uid = username
                 # if ou is provided, ignore LDAP server for other OU
                 if ou:
-...
             for block in blocks:
                 if realm and realm != block['realm']:
                     continue
                 if block['cron_provisionning'] is False:
                     continue
                 count = 0
                 try:
                     for user in cls.get_users_for_block(block):
-...
                 if not external_id:
                     continue
                 for block in config:
                     if block['authentication'] is False:
                         continue
                     if user_external_id.source != force_text(block['realm']):
                         continue
                     for external_id_tuple in map_text(block['external_id_tuples']):

         user = User.objects.get()
         role = user.roles.get(name='Ambiguous role')
         assert role.ou == default_ou
     def test_authenticate_no_authentication(slapd, settings, client, db):
         settings.LDAP_AUTH_SETTINGS = [
+            {
                 'url': [slapd.ldap_url],
                 'basedn': 'o=ôrga',
                 'use_tls': False,
                 'attributes': ['jpegPhoto'],
                 'authentication': False,
+            }
+        ]
         result = client.post(
             '/login/', {'login-password-submit': '1', 'username': USERNAME, 'password': PASS}, follow=True
+        )
         assert result.status_code == 200
         assert force_bytes('Étienne Michu') not in result.content
         assert User.objects.count() == 0
     def test_get_users_no_cron_provisionning(slapd, settings, db, monkeypatch, caplog):
         from django.contrib.auth.models import Group
         settings.LDAP_AUTH_SETTINGS = [
+            {
                 'url': [slapd.ldap_url],
                 'basedn': 'o=ôrga',
                 'use_tls': False,
                 'create_group': True,
                 'group_mapping': [
                     ['cn=group2,o=ôrga', ['Group2']],
                 ],
                 'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))',
                 'group_to_role_mapping': [
                     ['cn=unknown,o=dn', ['Role2']],
                 ],
                 'lookups': ['external_id', 'username'],
                 'cron_provisionning': False,
+            }
+        ]
         assert Group.objects.count() == 0
         assert User.objects.count() == 0
         users = list(ldap_backend.LDAPBackend.get_users())
         assert len(users) == 0
         assert User.objects.count() == 0
         assert Group.objects.count() == 0
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0001-ldap-add-options-to-control-authentiction-and-cron-p.patch