0001-manager-display-ldap-information-even-when-erroneous.patch
src/authentic2/manager/templates/authentic2/manager/ldap_details.html | ||
---|---|---|
2 | 2 |
<div class="section manager-ldap"> |
3 | 3 |
<h3>{% trans "LDAP information, realm:" %} {{ ldap.realm }}</h3> |
4 | 4 |
<div class="a2-manager-ldap-{{ ldap.realm }}"> |
5 |
{% if not ldap.error %} |
|
6 |
<h4>{% blocktrans %}Base ldapsearch command{% endblocktrans %}</h4> |
|
7 |
<pre class="a2-manager-ldapsearch">{% if ldap.require_cert != 'demand' %}LDAPTLS_REQCERT={{ldap.require_cert}} {% endif %}ldapsearch -v -H {{ ldap.ldap_uri }} \ |
|
8 |
-D "{{ ldap.binddn }}" \ |
|
9 |
-w "{{ ldap.bindpw }}" \ |
|
10 |
-b "{{ ldap.basedn }}"{% if ldap.user_filter or ldap.sync_ldap_users_filter %} |
|
11 |
"{% firstof ldap.sync_ldap_users_filter ldap.user_filter %}"{% endif %}</pre> |
|
12 |
{% else %} |
|
5 |
{% if ldap.error %} |
|
13 | 6 |
<div class="error"> |
14 |
<p>{% blocktrans %}Error while attempting to connect to LDAP server, base ldapsearch command won't be displayed.{% endblocktrans %}</p>
|
|
7 |
<p>{% blocktrans %}Error while attempting to connect to LDAP server, base ldapsearch command is still displayed but won’t work as such.{% endblocktrans %}</p>
|
|
15 | 8 |
{% if ldap.errmsg %} |
16 | 9 |
<p>{% blocktrans with errmsg=ldap.errmsg %}Server error: {{ errmsg }}{% endblocktrans %}</p> |
17 | 10 |
{% endif %} |
18 | 11 |
</div> |
19 | 12 |
{% endif %} |
13 |
<h4>{% blocktrans %}Base ldapsearch command{% endblocktrans %}</h4> |
|
14 |
<pre class="a2-manager-ldapsearch">{% if ldap.require_cert != 'demand' %}LDAPTLS_REQCERT={{ldap.require_cert}} {% endif %}ldapsearch -v -H {{ ldap.ldap_uri }} \ |
|
15 |
-D "{{ ldap.binddn }}" \ |
|
16 |
-w "{{ ldap.bindpw }}" \ |
|
17 |
-b "{{ ldap.basedn }}"{% if ldap.user_filter or ldap.sync_ldap_users_filter %} |
|
18 |
"{% firstof ldap.sync_ldap_users_filter ldap.user_filter %}"{% endif %}</pre> |
|
20 | 19 |
<h4>{% trans "Configuration" %}</h4> |
21 | 20 |
<pre>{{ ldap.block }}</pre> |
22 | 21 |
</div> |
src/authentic2/manager/views.py | ||
---|---|---|
771 | 771 |
config['error'] = True |
772 | 772 |
config['errmsg'] = str(e) |
773 | 773 |
else: |
774 |
config['block'] = json.dumps(block, indent=2, ensure_ascii=False) |
|
775 | 774 |
# retrieve ldap uri, not directly visible in configuration block |
776 | 775 |
config['ldap_uri'] = conn.get_option(ldap.OPT_URI) |
777 |
# user filters need to be formatted to ldapsearch syntax |
|
778 |
config['user_filter'] = force_str(block.get('user_filter'), '').replace('%s', '*') |
|
779 |
config['sync_ldap_users_filter'] = ( |
|
780 |
force_str(block.get('sync_ldap_users_filter'), '').replace('%s', '*').replace('%s', '*') |
|
781 |
) |
|
776 |
config['block'] = json.dumps(block, indent=2, ensure_ascii=False) |
|
777 |
# user filters need to be formatted to ldapsearch syntax |
|
778 |
config['user_filter'] = force_str(block.get('user_filter'), '').replace('%s', '*') |
|
779 |
config['sync_ldap_users_filter'] = ( |
|
780 |
force_str(block.get('sync_ldap_users_filter'), '').replace('%s', '*').replace('%s', '*') |
|
781 |
) |
|
782 | 782 | |
783 | 783 |
kwargs['ldap_list'].append(config) |
784 | 784 |
return super().get_context_data(**kwargs) |
tests/test_ldap.py | ||
---|---|---|
2231 | 2231 |
assert '-b "o=ôrga"' in ldap_config_text |
2232 | 2232 |
assert '"(|(mail=*)(uid=*))"' in ldap_config_text |
2233 | 2233 | |
2234 |
for opt in [
|
|
2234 |
options = [
|
|
2235 | 2235 |
'active_directory', |
2236 | 2236 |
'attribute_mappings', |
2237 | 2237 |
'attributes', |
... | ... | |
2295 | 2295 |
'user_dn_template', |
2296 | 2296 |
'user_filter', |
2297 | 2297 |
'username_template', |
2298 |
]: |
|
2298 |
] |
|
2299 | ||
2300 |
for opt in options: |
|
2299 | 2301 |
assert opt in ldap_config_text |
2300 | 2302 | |
2301 | 2303 |
assert 'LDAPTLS_REQCERT' not in ldap_config_text |
... | ... | |
2313 | 2315 |
resp = app.get(reverse('a2-manager-tech-info')) |
2314 | 2316 |
ldap_config_text = resp.pyquery('div#a2-manager-tech-info-ldap-list').text() |
2315 | 2317 | |
2316 |
assert 'Base ldapsearch command' not in ldap_config_text
|
|
2318 |
assert 'Base ldapsearch command' in ldap_config_text |
|
2317 | 2319 |
assert 'Error while attempting to connect to LDAP server' in ldap_config_text |
2318 | 2320 |
assert 'Server error: some buggy connection error message' in ldap_config_text |
2321 |
for opt in options: |
|
2322 |
assert opt in ldap_config_text |
|
2319 | 2323 | |
2320 | 2324 | |
2321 | 2325 |
class TestLookup: |
2322 |
- |