From d345805be74e20a37ae3f0e80483a98ee44e9e06 Mon Sep 17 00:00:00 2001
From: Serghei MIHAI <smihai@entrouvert.com>
Date: Wed, 7 Jan 2015 11:22:12 +0100
Subject: [PATCH 1/2] ldap_backend: username computed from user dn

---
 authentic2/backends/ldap_backend.py | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/authentic2/backends/ldap_backend.py b/authentic2/backends/ldap_backend.py
index 898c608..b652d14 100644
--- a/authentic2/backends/ldap_backend.py
+++ b/authentic2/backends/ldap_backend.py
@@ -79,7 +79,7 @@ _DEFAULTS = {
     # realm for selecting an ldap configuration or formatting usernames
     'realm': 'ldap',
     # template for building username
-    'username_template': '{username}@{realm}',
+    'username_template': '{uid}@{realm}',
     # allow to match multiple user records
     'multimatch': True,
     # update username on all login, use with CAUTION !! only if you know that
@@ -430,7 +430,7 @@ class LDAPBackend(object):
                     log.error('user bind failed: authz_id not found %r', ', '.join(authz_ids))
                     if block['replicas']:
                         break
-                return self._return_user(uri, authz_id, username, password, conn, block)
+                return self._return_user(uri, authz_id, password, conn, block)
             except ldap.SERVER_DOWN:
                 log.error('ldap authentication error: %r is down', uri)
             finally:
@@ -456,10 +456,13 @@ class LDAPBackend(object):
     def backend_name(self):
         return '%s.%s' % (__name__, self.__class__.__name__)
 
-    def create_username(self, uri, dn, username, password, conn, block, attributes):
+    def create_username(self, uri, dn, conn, block, attributes):
         '''Build a username using the configured template'''
         username_template = unicode(block['username_template'])
-        return username_template.format(username=username, uri=uri,
+        # create the uid from user's dn
+        uid = dn.split(',')[0]
+        uid = uid.split('=')[1]
+        return username_template.format(uid=uid, uri=uri,
                 block=block, realm=block['realm'], **attributes)
 
     def save_user(self, user, username):
@@ -762,14 +765,13 @@ class LDAPBackend(object):
                         .delete()
 
     @commit_on_success
-    def _return_user(self, uri, dn, username, password, conn, block):
+    def _return_user(self, uri, dn, password, conn, block):
         attributes = self.get_ldap_attributes(block, conn, dn)
         if attributes is None:
             # attributes retrieval failed
             return
         log.debug('retrieved attributes for %r: %r', dn, attributes)
-        username = self.create_username(uri, dn, username, password, conn,
-                block, attributes)
+        username = self.create_username(uri, dn, conn, block, attributes)
         if block['transient']:
             return self._return_transient_user(uri, dn, username, password,
                     conn, block, attributes)
-- 
2.1.4