0001-ldap-add-options-to-control-authentiction-and-cron-p.patch
src/authentic2/backends/ldap_backend.py | ||
---|---|---|
543 | 543 |
# https://www.python-ldap.org/en/python-ldap-3.3.0/reference/ldap.html#ldap-controls |
544 | 544 |
'use_controls': False, |
545 | 545 |
'ppolicy_dn': '', |
546 |
'authentication': True, |
|
547 |
'cron_provisionning': True, |
|
546 | 548 |
} |
547 | 549 |
_REQUIRED = ('url', 'basedn') |
548 | 550 |
_TO_ITERABLE = ('url', 'groupsu', 'groupstaff', 'groupactive') |
... | ... | |
629 | 631 | |
630 | 632 |
# Now we can try to authenticate |
631 | 633 |
for block in config: |
634 |
if block['authentication'] is False: |
|
635 |
continue |
|
632 | 636 |
uid = username |
633 | 637 |
# if ou is provided, ignore LDAP server for other OU |
634 | 638 |
if ou: |
... | ... | |
1667 | 1671 |
for block in blocks: |
1668 | 1672 |
if realm and realm != block['realm']: |
1669 | 1673 |
continue |
1674 |
if block['cron_provisionning'] is False: |
|
1675 |
continue |
|
1670 | 1676 |
count = 0 |
1671 | 1677 |
try: |
1672 | 1678 |
for user in cls.get_users_for_block(block): |
... | ... | |
2012 | 2018 |
if not external_id: |
2013 | 2019 |
continue |
2014 | 2020 |
for block in config: |
2021 |
if block['authentication'] is False: |
|
2022 |
continue |
|
2015 | 2023 |
if user_external_id.source != force_text(block['realm']): |
2016 | 2024 |
continue |
2017 | 2025 |
for external_id_tuple in map_text(block['external_id_tuples']): |
tests/test_ldap.py | ||
---|---|---|
2493 | 2493 |
user = User.objects.get() |
2494 | 2494 |
role = user.roles.get(name='Ambiguous role') |
2495 | 2495 |
assert role.ou == default_ou |
2496 | ||
2497 | ||
2498 |
def test_authenticate_no_authentication(slapd, settings, client, db): |
|
2499 |
settings.LDAP_AUTH_SETTINGS = [ |
|
2500 |
{ |
|
2501 |
'url': [slapd.ldap_url], |
|
2502 |
'basedn': 'o=ôrga', |
|
2503 |
'use_tls': False, |
|
2504 |
'attributes': ['jpegPhoto'], |
|
2505 |
'authentication': False, |
|
2506 |
} |
|
2507 |
] |
|
2508 |
result = client.post( |
|
2509 |
'/login/', {'login-password-submit': '1', 'username': USERNAME, 'password': PASS}, follow=True |
|
2510 |
) |
|
2511 |
assert result.status_code == 200 |
|
2512 |
assert force_bytes('Étienne Michu') not in result.content |
|
2513 |
assert User.objects.count() == 0 |
|
2514 | ||
2515 | ||
2516 |
def test_get_users_no_cron_provisionning(slapd, settings, db, monkeypatch, caplog): |
|
2517 |
from django.contrib.auth.models import Group |
|
2518 | ||
2519 |
settings.LDAP_AUTH_SETTINGS = [ |
|
2520 |
{ |
|
2521 |
'url': [slapd.ldap_url], |
|
2522 |
'basedn': 'o=ôrga', |
|
2523 |
'use_tls': False, |
|
2524 |
'create_group': True, |
|
2525 |
'group_mapping': [ |
|
2526 |
['cn=group2,o=ôrga', ['Group2']], |
|
2527 |
], |
|
2528 |
'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))', |
|
2529 |
'group_to_role_mapping': [ |
|
2530 |
['cn=unknown,o=dn', ['Role2']], |
|
2531 |
], |
|
2532 |
'lookups': ['external_id', 'username'], |
|
2533 |
'cron_provisionning': False, |
|
2534 |
} |
|
2535 |
] |
|
2536 |
assert Group.objects.count() == 0 |
|
2537 |
assert User.objects.count() == 0 |
|
2538 |
users = list(ldap_backend.LDAPBackend.get_users()) |
|
2539 |
assert len(users) == 0 |
|
2540 |
assert User.objects.count() == 0 |
|
2541 |
assert Group.objects.count() == 0 |
|
2496 |
- |