Produits Entr'ouvert » Authentic 2

from django.db import models

from django.shortcuts import get_object_or_404

from django.utils.dateparse import parse_datetime

from django.utils.text import slugify

from django.utils.translation import gettext_lazy as _

from django.views.decorators.cache import cache_control

                response = {

                    'result': 0,

                    'errors': {'__all__': ['Mail sending failed']},

                }

                response_status = status.HTTP_503_SERVICE_UNAVAILABLE

            else:

from django.core.exceptions import ImproperlyConfigured

from django.db.models import Q

from django.db.transaction import atomic

from django.utils.translation import gettext as _

from django.utils.translation import ngettext

from ldap.controls import DecodeControlTuples, SimplePagedResultsControl, ppolicy

    if d is None:

        return d

    elif isinstance(d, str):

    elif isinstance(d, (list, tuple)):

        return d.__class__(map_text(x) for x in d)

    elif isinstance(d, dict):

                    settings.SECRET_KEY, encrypted_bindpw, raise_on_error=False

                )

                if decrypted:

                    self.ldap_data['block']['bindpw'] = decrypted

                    del self.ldap_data['block']['encrypted_bindpw']

        data = dict(self.ldap_data)

        data['block'] = dict(data['block'])

        if data['block'].get('bindpw'):

                crypto.aes_base64_encrypt(settings.SECRET_KEY, force_bytes(data['block']['bindpw']))

            )

            del data['block']['bindpw']

        cache = self.ldap_data.setdefault('password', {})

        if password is not None:

            # Prevent eavesdropping of the password through the session storage

        cache[self.dn] = password

        # ensure session is marked dirty

        self.update_request()

            password = cache.get(self.dn)

            if password is not None:

                try:

                except crypto.DecryptionError:

                    log.error('unable to decrypt a stored LDAP password')

                    self.keep_password_in_session(None)

                    password = None

                else:

            return password

        else:

            self.keep_password_in_session(None)

    def get_attributes(self, attribute_source, ctx):

        cache_key = hashlib.md5(

        ).hexdigest()

        conn = self.get_connection()

        # prevents blocking on temporary LDAP failures

        for conn in self.get_connections(block):

            ldap_uri = conn.get_option(ldap.OPT_URI)

            authz_ids = []

            try:

                if block['user_dn_template']:

                    escaped_username = escape_dn_chars(username)

                    authz_ids.append(template.format(username=escaped_username))

                else:

                            authz_ids.append(username)

                        elif block['user_filter']:

                            # allow multiple occurences of the username in the filter

                            n = len(user_filter.split('%s')) - 1

                            try:

                                query = filter_format(user_filter, (username,) * n)

    def create_username(self, block, attributes):

        '''Build a username using the configured template'''

        try:

            return username_template.format(realm=block['realm'], **attributes)

        except KeyError as e:

        if member_of_attribute:

            group_dns.update([dn.lower() for dn in attributes.get(member_of_attribute, [])])

        if group_filter:

            params = attributes.copy()

            params['user_dn'] = dn

            query = FilterFormatter().format(group_filter, **params)

    def _get_target_ou(self, block):

        ou_slug = block['ou_slug']

        if ou_slug:

            try:

                return OrganizationalUnit.objects.get(slug=ou_slug)

            except OrganizationalUnit.DoesNotExist:

    @classmethod

    def get_sync_ldap_user_filter(cls, block):

        user_filter = user_filter.replace('%s', '*')

        return user_filter

        attribute_map = results[0][1] if results else {}

        # add mandatory attributes

        for key, mandatory_values in mandatory_attributes_values.items():

            old = attribute_map.setdefault(key, [])

            new = set(old) | set(mandatory_values)

            attribute_map[key] = list(new)

        # apply mappings

        for from_attribute, to_attribute in attribute_mappings:

            if from_attribute not in attribute_map:

                continue

            old = attribute_map.setdefault(to_attribute, [])

            new = set(old) | set(attribute_map[from_attribute])

            attribute_map[to_attribute] = list(new)

        # extra attributes

        attribute_map = cls.get_ldap_extra_attributes(block, conn, dn, attribute_map)

            if quote:

                decoded.append((attribute, urllib.parse.unquote(value)))

            else:

        filters = [filter_format('(%s=%s)', (a, b)) for a, b in decoded]

        return '(&{})'.format(''.join(filters))

        log.info('Synchronising users from realm "%s"', block['realm'])

        conn = cls.get_connection(block)

        if conn is None:

            return

        cls.check_group_to_role_mappings(block)

        user_filter = cls.get_sync_ldap_user_filter(block)

        attribute_names = cls.get_ldap_attributes_names(block)

        results = cls.paged_search(

                    'external_guid', flat=True

                )

            )

            attribute_names = list(

                {a[0] for a in cls.attribute_name_from_external_id_tuple(block['external_id_tuples'])}

                | set(USUAL_GUID_ATTRIBUTES)

            new_attrs = {'dn': dn}

            for key in attrs:

                try:

                except UnicodeDecodeError:

                    log.debug('unable to decode attribute %r as UTF-8, converting to base64', key)

                    new_attrs[key.lower()] = [base64.b64encode(value).decode('ascii') for value in attrs[key]]

        try:

            if credentials:

                who, password = credentials[0], credentials[1]

                conn.simple_bind_s(who, password)

                log_message = 'with user %s' % who

            elif block['bindsasl']:

                conn.sasl_interactive_bind_s(who, auth)

                log_message = 'with account %s' % who

            elif block['binddn'] and block['bindpw']:

                log_message = 'with binddn %s' % who

            else:

                who = 'anonymous'

                    if not isinstance(block[d], str):

                        raise ImproperlyConfigured('LDAP_AUTH_SETTINGS: attribute %r must be a string' % d)

                    try:

                    except UnicodeEncodeError:

                        raise ImproperlyConfigured('LDAP_AUTH_SETTINGS: attribute %r must be a string' % d)

                if isinstance(value, bool) and not isinstance(block[d], bool):

            # we handle strings, list of strings and list of list or tuple whose first element is a

            # string

            if isinstance(block[key], str):

            elif isinstance(block[key], (list, tuple)):

                new_seq = []

                for elt in block[key]:

            elif isinstance(block[key], dict):

                newdict = {}

                for subkey in block[key]:

                block[key] = newdict

            else:

                raise NotImplementedError(

            for block in config:

                if block['authentication'] is False:

                    continue

                    continue

                for external_id_tuple in map_text(block['external_id_tuples']):

                    conn = self.ldap_backend.get_connection(block)

from django.core.validators import RegexValidator

from django.db import IntegrityError, models

from django.db.transaction import atomic

from django.utils.translation import gettext as _

from authentic2 import app_settings

        return self

    def __next__(self):

    next = __next__

        def parse_csv(input_fd):

            try:

            except UnicodeDecodeError:

                self.error = Error('bad-encoding', _('Bad encoding'))

                return False

from django.contrib.auth import forms as auth_forms

from django.forms.widgets import Media

from django.utils import html

from django.utils.translation import gettext

from django.utils.translation import gettext_lazy as _

            invalid_login_message.append(_('Try again or use the forgotten password link below.'))

        elif getattr(settings, 'REGISTRATION_OPEN', True):

            invalid_login_message.append(_('Try again or create an account.'))

        return error_messages

from django.forms.widgets import EmailInput as BaseEmailInput

from django.forms.widgets import PasswordInput as BasePasswordInput

from django.forms.widgets import TextInput, TimeInput

from django.utils.formats import get_format, get_language

from django.utils.safestring import mark_safe

from django.utils.translation import gettext_lazy as _

    def format_value(self, value):

        if value is not None:

            if isinstance(value, datetime.datetime):

            return value

from django.contrib.auth import hashers

from django.contrib.auth.hashers import make_password

from django.utils.crypto import constant_time_compare

from django.utils.translation import gettext_noop as _

        algo_name, salt_offset, hex_encode = OPENLDAP_ALGO_MAPPING[algo]

        salt, password = (password[salt_offset:], password[:salt_offset]) if salt_offset else ('', password)

        if hex_encode:

        return '%s$%s$%s' % (algo_name, salt, password)

    else:

        return make_password(password)

        assert password

        assert b'$' not in salt

        hash = self.digest(force_bytes(password + salt)).hexdigest()

        return "%s$%s$%s" % (self.algorithm, salt, hash)

    def verify(self, password, encoded):

        assert password

        assert b'$' not in salt

        hash = self.digest(force_bytes(password) + salt).hexdigest()

        return "%s$md5$%s$%s" % (self.algorithm, salt, hash)

    def verify(self, password, encoded):

            h, salt = encoded.split(':', 1)

        else:

            h, salt = encoded, ''

        return '%s$md5$%s$%s' % (cls.algorithm, salt, h)

        if subalgo != 'md5':

            raise NotImplementedError

        if salt:

        else:

            return _hash

        salt = force_bytes(salt)

        hashed = base64.b64encode(hashlib.sha1(password + salt).digest() + salt)

    def verify(self, password, encoded):

        """Verify the given password against the encoded string."""

from django.http import HttpResponse, HttpResponseBadRequest, HttpResponseForbidden, HttpResponseRedirect

from django.shortcuts import redirect, render

from django.urls import reverse

from django.utils.timezone import utc

from django.utils.translation import gettext as _

from django.utils.translation import gettext_noop as N_

    seen = set()

    # Keep current attributes, mark string values as already added

    for attribute in attribute_statement.attribute:

        # sequence from lasso are always tuple, so convert to list

        attributes[(name, name_format)] = attribute, list(attribute.attributeValue)

        for atv in attribute.attributeValue:

                and isinstance(atv.any[0], lasso.MiscTextNode)

                and atv.any[0].textChild

            ):

    definitions = list(qs)

    # special handling of nid format edupersontargetedid

        elif value is None:

            value = ''

        else:

        tn = lasso.MiscTextNode.newWithString(force_str(value))

        tn.textChild = True

        return tn

def saml2_add_attribute_values(assertion, attributes):

    if attributes:

        logger.debug('adding attributes')

        logger.debug('adding attributes %s', attributes)

        if not assertion.attributeStatement:

            assertion.attributeStatement = [lasso.Saml2AttributeStatement()]

                    attribute_value.any = [text_node]

                    attribute_value_list.append(attribute_value)

            attribute.attributeValue = attribute_value_list

def build_assertion(request, login, provider, nid_format='transient'):

    expiry_date = request.session.get_expiry_date()

    session_not_on_or_after = timezone_now + (expiry_date - timezone_now) * 0.5

    assertion.authnStatement[0].sessionNotOnOrAfter = datetime_to_xs_datetime(session_not_on_or_after)

    fill_assertion(request, login.request, assertion, login.remoteProviderId, nid_format)

    # Save federation and new session

    if nid_format == 'persistent':

        and name_id_policy.format

        and name_id_policy.format != lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED

    ):

        nid_format = saml2_urn_to_nidformat(name_id_policy.format, accepted=policy.accepted_name_id_format)

        logger.debug('nameID format %s', nid_format)

        default_nid_format = policy.default_name_id_format

    the login form was submitted

    """

    nonce = login.request.id or get_nonce()

    next_url = make_url(continue_sso, params={NONCE_FIELD_NAME: nonce})

    logger.debug('redirect to login page with next url %s', next_url)

    return login_require(

def need_consent_for_federation(request, login, nid_format):

    nonce = login.request.id or get_nonce()

    display_name = None

    try:

        provider = LibertyProvider.objects.get(entity_id=login.request.issuer.content)

        logger.debug('ask the user consent now')

        return need_consent_for_federation(request, login, nid_format)

    try:

        if needs_persistence(nid_format):

            logger.debug('load identity dump')

            load_federation(request, get_entity_id(request), login, user)

        login.validateRequestMsg(not user.is_anonymous, consent_obtained)

    except lasso.LoginRequestDeniedError:

        logger.warning('access denied due to LoginRequestDeniedError')

        set_saml2_response_responder_status_code(login.response, lasso.SAML2_STATUS_CODE_REQUEST_DENIED)

def save_artifact(request, login):

    '''Remember an artifact message for later retrieving'''

    LibertyArtifact(

    ).save()

    logger.debug('artifact saved')

        provider_id=logout.remoteProviderId, django_session_key=request.session.session_key

    ).delete()

    # Save some values for cleaning up

    # Use the logout view and come back to the finish slo view

    next_url = make_url(finish_slo, params={'id': logout.request.id})

            return redirect_next(request, next) or ko_icon(request)

        return process_logout_response(request, logout, soap_response, next)

    else:

        return HttpResponseRedirect(logout.msgUrl)

import ldap.dn

import ldap.filter

class DnFormatter(string.Formatter):

    def convert_field(self, value, conversion):

        if conversion == 's':

        return super().convert_field(value, conversion)

    def convert_field(self, value, conversion):

        if conversion == 's':

        return super().convert_field(value, conversion)

from django.forms import MediaDefiningClass

from django.http import Http404, HttpResponse

from django.urls import reverse, reverse_lazy

from django.utils.functional import cached_property

from django.utils.timezone import now

from django.utils.translation import gettext_lazy as _

            data['location'] = location

        if hasattr(response, 'render'):

            response.render()

        return HttpResponse(json.dumps(data), content_type='application/json')

                # retrieve ldap uri, not directly visible in configuration block

                config['ldap_uri'] = conn.get_option(ldap.OPT_URI)

                # user filters need to be formatted to ldapsearch syntax

                config['sync_ldap_users_filter'] = (

                )

            kwargs['ldap_list'].append(config)

import pickle

from django.contrib.auth import get_user_model

from django_select2.forms import ModelSelect2MultipleWidget, ModelSelect2Widget

from authentic2.a2_rbac.models import Role

        attrs = super().build_attrs(*args, **kwargs)

        field_data = {

            'class': self.__class__.__name__,

        }

        attrs['data-field_id'] = crypto.dumps(field_data)

        return attrs

from django.http import Http404, HttpResponse, HttpResponseRedirect

from django.shortcuts import render

from django.urls import reverse

from authentic2.compat_lasso import lasso

from authentic2.http_utils import get_url

        return False

    if server:

        server.addProviderFromBuffer(

        )

        policy = get_sp_options_policy(liberty_provider)

        if policy:

from django.core.exceptions import ValidationError

from django.db import models

from django.template.defaultfilters import pluralize

from django.utils.text import capfirst

def dumps(value):

# This is a copy of http://djangosnippets.org/snippets/513/

from django import forms

from django.conf import settings

from django.core.exceptions import ValidationError

from django.utils.translation import gettext_lazy as _

from authentic2.a2_rbac.models import OrganizationalUnit

            try:

                response = requests.get(url, timeout=settings.REQUESTS_TIMEOUT)

                response.raise_for_status()

            except requests.RequestException as e:

                raise ValidationError(

                    _('Retrieval of %(url)s failed: %(exception)s') % {'url': url, 'exception': e}

from django.db import models

from django.db.models import Q

from django.db.models.query import QuerySet

from django.utils.translation import gettext_lazy as _

from authentic2.compat_lasso import lasso

    ]

)

ACCEPTED_NAME_ID_FORMAT_LENGTH = sum(len(x) for x, y in NAME_ID_FORMATS.items()) + len(NAME_ID_FORMATS) - 1

    def clean(self):

        super().clean()

        if p is None:

            raise ValidationError(_('Invalid metadata file'))

        self.entity_id = p.providerId

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

from django.utils.functional import keep_lazy

from django.utils.text import format_lazy

    ex.: lazy_label(_('Default label'), lambda: app_settings.CUSTOM_LABEL)

    """

from django.conf import settings

from django.shortcuts import resolve_url

from django.urls import reverse

from django.utils.http import urlencode

from django.utils.timezone import now

from django.utils.translation import gettext_lazy as _

            return None, 'hmac signature does not match'

    payload = base64url_decode(str(payload))

    try:

    except ValueError:

        return None, 'invalid payload'

    if client_id and ('aud' not in payload or payload['aud'] != client_id):

from django.conf import settings

from django.core.exceptions import ImproperlyConfigured

from jwcrypto.jwk import JWK, InvalidJWKValue, JWKSet

from jwcrypto.jwt import JWT

    if client.idtoken_algo == client.ALGO_HMAC:

        header = {'alg': 'HS256'}

        k = base64url(client.client_secret.encode('utf-8'))

    elif client.idtoken_algo == client.ALGO_RSA:

        header = {'alg': 'RS256'}

        jwk = get_first_rsa_sig_key()

    if client.identifier_policy in (client.POLICY_PAIRWISE, client.POLICY_PAIRWISE_REVERSIBLE):

        return make_pairwise_sub(client, user, profile=profile)

    elif client.identifier_policy == client.POLICY_UUID:

    elif client.identifier_policy == client.POLICY_EMAIL:

        return user.email

    else:

from django.http import HttpResponse, HttpResponseNotAllowed, JsonResponse

from django.shortcuts import render

from django.urls import reverse

from django.utils.http import urlencode

from django.utils.timezone import now, utc

from django.utils.translation import gettext as _

    error_description = _('Wrong client secret')

    def __init__(self, *args, wrong_id, **kwargs):

        super().__init__(*args, **kwargs)

    if authorization[0] != 'Basic' or len(authorization) != 2:

        return None, None

    try:

    except Base64Error:

        return None, None

    parts = decoded.split(':')

from django.contrib.contenttypes.models import ContentType

from django.core import mail

from django.urls import reverse

from django.utils.text import slugify

from requests.models import Response

    # login

    client.login(request=None, username='john.doe', password='password')

    response = client.get('/api/user/', HTTP_ORIGIN='http://testserver')

    assert isinstance(data, dict)

    assert set(data.keys()) == {

        'uuid',

from django.test.utils import override_settings

from django.urls import reverse

from django.utils.dateparse import parse_datetime

from django.utils.timezone import now

from jwcrypto.jwk import JWK, JWKSet

from jwcrypto.jwt import JWT

        algs = ['RS256', 'ES256']

    elif oidc_client.idtoken_algo == oidc_client.ALGO_HMAC:

        k = base64.b64encode(oidc_client.client_secret.encode('utf-8'))

        algs = ['HS256']

    else:

        raise NotImplementedError

        algs = ['RS256', 'ES256']

    elif oidc_client.idtoken_algo == oidc_client.ALGO_HMAC:

        k = base64.b64encode(oidc_client.client_secret.encode('utf-8'))

        algs = ['HS256']

    else:

        raise NotImplementedError

        id_token = response.json['id_token']

        k = base64.b64encode(oidc_client.client_secret.encode('utf-8'))

        jwt = JWT(jwt=id_token, key=key)

        claims = json.loads(jwt.claims)

        id_token = response.json['id_token']

        k = base64.b64encode(oidc_client.client_secret.encode('utf-8'))

        jwt = JWT(jwt=id_token, key=key)

        claims = json.loads(jwt.claims)

    token_url = make_url('oidc-token')

    if oidc_client.idtoken_algo == OIDCClient.ALGO_HMAC:

        k = base64url(oidc_client.client_secret.encode('utf-8'))

    elif oidc_client.idtoken_algo == OIDCClient.ALGO_RSA:

        jwk = get_first_rsa_sig_key()

    elif oidc_client.idtoken_algo == OIDCClient.ALGO_EC:

import pytest

from django.contrib.auth import get_user_model

from django.urls import reverse

from django.utils.timezone import now

from jwcrypto.jwk import JWK

from jwcrypto.jwt import JWT

    assert access_token

    id_token = response.json['id_token']

    k = base64.b64encode(oidc_client.client_secret.encode('utf-8'))

    algs = ['HS256']

    jwt = JWT(jwt=id_token, key=key, algs=algs)

    claims = json.loads(jwt.claims)

    access_token = query['access_token'][0]

    id_token = query['id_token'][0]

    k = base64.b64encode(oidc_client.client_secret.encode('utf-8'))

    algs = ['HS256']

    jwt = JWT(jwt=id_token, key=key, algs=algs)

    claims = json.loads(jwt.claims)

        )

    id_token = response.json['id_token']

    k = base64.b64encode(oidc_client.client_secret.encode('utf-8'))

    algs = ['HS256']

    jwt = JWT(jwt=id_token, key=key, algs=algs)

    claims = json.loads(jwt.claims)

from django.test.client import Client

from django.test.utils import override_settings

from django.urls import reverse

from django.utils.translation import gettext as _

from rest_framework import status, test

        activation_url = get_link_from_mail(mail.outbox[-1])

        response = client.get(activation_url, follow=True)

        self.assertEqual(response.status_code, status.HTTP_200_OK)

        self.assertEqual(User.objects.count(), user_count + 1)

        response = client.get(reverse('auth_homepage'))

        self.assertContains(response, username)

        activation_url = get_link_from_mail(mail.outbox[0])

        response = client.get(activation_url, follow=True)

        self.assertEqual(response.status_code, status.HTTP_200_OK)

        self.assertEqual(User.objects.count(), user_count + 1)

        response = client.get(reverse('auth_homepage'))

        self.assertContains(response, username)

        activation_url = get_link_from_mail(activation_mail1)

        response = client.get(activation_url, follow=True)

        self.assertEqual(response.status_code, status.HTTP_200_OK)

        self.assertEqual(User.objects.count(), user_count + 1)

        response = client.get(reverse('auth_homepage'))

        self.assertContains(response, username)

from django.db import IntegrityError, transaction

from django.http import QueryDict

from django.urls import reverse

from django.utils.timezone import now, utc

from httmock import HTTMock, urlmatch

from jwcrypto.common import base64url_decode, base64url_encode, json_encode

            else:  # hmac

                jwt = JWT(header={'alg': 'HS256'}, claims=id_token)

                k = base64url_encode(oidc_provider.client_secret.encode('utf-8'))

            content = {

                'access_token': '1234',

from django.contrib.auth import get_user_model

from django.test.client import Client, RequestFactory

from django.test.utils import override_settings

from authentic2.a2_rbac.models import Role

from authentic2.a2_rbac.utils import get_default_ou

        client = Client()

        response = client.get('/idp/cas/login')

        self.assertEqual(response.status_code, 400)

        response = client.get('/idp/cas/login', {constants.SERVICE_PARAM: 'http://google.com/'})

        self.assertRedirectsComplex(response, 'http://google.com/')

        response = client.get(

            user=self.user,

            service=self.service,

        )

    def test_role_access_control_granted(self):

        client = Client()

        )

        self.assertEqual(response.status_code, 200)

        self.assertEqual(response['content-type'], 'text/plain')

        # Verify ticket has been deleted

        with self.assertRaises(Ticket.DoesNotExist):

            Ticket.objects.get()

from django.core.files import File

from django.template import Context, Template

from django.urls import reverse

from django.utils.translation import gettext as _

from authentic2.a2_rbac.models import OrganizationalUnit, Role

                name_id = login.assertion.subject.nameID

                if self.sp.default_name_id_format == 'username':

                    assert name_id.format == lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED

                elif self.sp.default_name_id_format == 'uuid':

                    assert name_id.format == lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED

                else:

                    raise NotImplementedError(

                        'unknown default_name_id_format %s' % self.sp.default_name_id_format

                    func.nid_format,

                )

                return {

                    for at in assertion.attributeStatement[0].attribute

                }

    assert edpt is not None

    node = lasso.Node.newFromXmlNode(force_str(ET.tostring(edpt)))

    assert isinstance(node, lasso.Saml2NameID)

    assert node.format == lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT

    assert node.nameQualifier == 'http://testserver/idp/saml2/metadata'

    assert len(attributes[edu_name]) == 1

    node = lasso.Node.newFromXmlNode(force_str(list(attributes[edu_name])[0]))

    assert isinstance(node, lasso.Saml2NameID)

    assert node.format == lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT

    assert node.nameQualifier == 'http://testserver/idp/saml2/metadata'

    assert node.spNameQualifier == 'https://sp.com/'

    assert len(attributes['edupersontargetedid']) == 1

    node = lasso.Node.newFromXmlNode(force_str(list(attributes['edupersontargetedid'])[0]))

    assert isinstance(node, lasso.Saml2NameID)

    assert node.format == lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT

    assert node.nameQualifier == 'http://testserver/idp/saml2/metadata'

    assert node.spNameQualifier == 'https://sp.com/'

from django.core.exceptions import ImproperlyConfigured

from django.urls import reverse

from django.utils import timezone

from ldap.dn import escape_dn_chars

from ldaptools.slapd import Slapd, has_slapd

    settings.LDAP_AUTH_SETTINGS = [

        {

            'url': [slapd.ldap_url],

            'bindpw': PASS,

            'basedn': 'o=ôrga',

            'use_tls': False,

    settings.LDAP_AUTH_SETTINGS = [

        {

            'url': [slapd.ldap_url],

            'basedn': 'o=ôrga',

            'use_tls': False,

            'attributes': ['uid', 'carLicense'],

    settings.LDAP_AUTH_SETTINGS = [

        {

            'url': [slapd.ldap_url],

            'basedn': 'o=ôrga',

            'use_tls': False,

            'attributes': ['uid', 'carLicense'],

    settings.LDAP_AUTH_SETTINGS = [

        {

            'url': [slapd.ldap_url],

            'basedn': 'o=ôrga',

            'use_tls': False,

            'user_can_change_password': False,

    settings.LDAP_AUTH_SETTINGS = [

        {

            'url': [slapd_ppolicy.ldap_url],

            'basedn': 'o=ôrga',

            'use_tls': False,

            'attributes': ['carLicense'],

    settings.LDAP_AUTH_SETTINGS = [

        {

            'url': [slapd.ldap_url],

            'bindpw': PASS,

            'basedn': 'o=ôrga',

            'ou_slug': ou1.slug,

    settings.LDAP_AUTH_SETTINGS = [

        {

            'url': [slapd.ldap_url],

            'bindpw': PASS,

            'basedn': 'o=ôrga',

            'use_tls': False,

    settings.LDAP_AUTH_SETTINGS = [

        {

            'url': [slapd.ldap_url],

            'basedn': 'o=ôrga',

            'use_tls': False,

            'attributes': ['carLicense'],

    settings.LDAP_AUTH_SETTINGS = [

        {

            'url': [slapd.ldap_url],

            'bindpw': 'passé',

            'basedn': 'o=ôrga',

            'use_tls': False,

import django_tables2 as tables

from django.urls import reverse

from webtest import Upload

from authentic2.a2_rbac.models import OrganizationalUnit, Role

    export_response = response.click('CSV', href='/export/')

    reader = csv.reader(

    )

    rows = [row for row in reader]

    export_response = search_response.click('CSV', href='/export/')

    reader = csv.reader(

    )

    rows = [row for row in reader]

from django.shortcuts import resolve_url

from django.test import TestCase

from django.urls import reverse

from lxml import etree

from authentic2 import models

def basic_authorization_header(user, password=None):

    cred = '%s:%s' % (user.username, password or user.username)

    b64_cred = base64.b64encode(cred.encode('utf-8'))

def get_response_form(response, form='form'):