mirror of
https://github.com/dkmstr/openuds.git
synced 2025-01-21 18:03:54 +03:00
Fixed Regex LDAP accepting altClass as secondary search
This commit is contained in:
parent
1e42bf6cbb
commit
4216d1553a
@ -153,7 +153,7 @@ class RegexLdap(auths.Authenticator):
|
|||||||
res.append(attr)
|
res.append(attr)
|
||||||
return res
|
return res
|
||||||
|
|
||||||
def __processField(self, field: str, attributes: typing.Dict[str, typing.Any]) -> typing.List[str]:
|
def __processField(self, field: str, attributes: typing.MutableMapping[str, typing.Any]) -> typing.List[str]:
|
||||||
res: typing.List[str] = []
|
res: typing.List[str] = []
|
||||||
logger.debug('Attributes: %s', attributes)
|
logger.debug('Attributes: %s', attributes)
|
||||||
for line in field.splitlines():
|
for line in field.splitlines():
|
||||||
@ -253,7 +253,7 @@ class RegexLdap(auths.Authenticator):
|
|||||||
@return: None if username is not found, an dictionary of LDAP entry attributes if found.
|
@return: None if username is not found, an dictionary of LDAP entry attributes if found.
|
||||||
@note: Active directory users contains the groups it belongs to in "memberOf" attribute
|
@note: Active directory users contains the groups it belongs to in "memberOf" attribute
|
||||||
"""
|
"""
|
||||||
return ldaputil.getFirst(
|
user = ldaputil.getFirst(
|
||||||
con=self.__connection(),
|
con=self.__connection(),
|
||||||
base=self._ldapBase,
|
base=self._ldapBase,
|
||||||
objectClass=self._userClass,
|
objectClass=self._userClass,
|
||||||
@ -263,6 +263,26 @@ class RegexLdap(auths.Authenticator):
|
|||||||
sizeLimit=LDAP_RESULT_LIMIT
|
sizeLimit=LDAP_RESULT_LIMIT
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# If user attributes is split, that is, it has more than one "ldap entry", get a second entry filtering by a new attribute
|
||||||
|
# and add result attributes to "main" search.
|
||||||
|
# For example, you can have authentication in an "user" object class and attributes in an "user_attributes" object class.
|
||||||
|
# Note: This is very rare situation, but it ocurrs :)
|
||||||
|
if user and self._altClass:
|
||||||
|
altUser = ldaputil.getFirst(
|
||||||
|
con=self.__connection(),
|
||||||
|
base=self._ldapBase,
|
||||||
|
objectClass=self._altClass,
|
||||||
|
field=self._userIdAttr,
|
||||||
|
value=username,
|
||||||
|
attributes=[self._userIdAttr] + self.__getAttrsFromField(self._userNameAttr) + self.__getAttrsFromField(self._groupNameAttr),
|
||||||
|
sizeLimit=LDAP_RESULT_LIMIT
|
||||||
|
)
|
||||||
|
if altUser:
|
||||||
|
user.update(altUser)
|
||||||
|
|
||||||
|
return user
|
||||||
|
|
||||||
|
|
||||||
def __getGroups(self, user: ldaputil.LDAPResultType):
|
def __getGroups(self, user: ldaputil.LDAPResultType):
|
||||||
grps = self.__processField(self._groupNameAttr, user)
|
grps = self.__processField(self._groupNameAttr, user)
|
||||||
if extra:
|
if extra:
|
||||||
|
@ -40,7 +40,7 @@ from uds.core.util import tools
|
|||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
LDAPResultType = typing.Dict[str, typing.Any]
|
LDAPResultType = typing.MutableMapping[str, typing.Any]
|
||||||
|
|
||||||
class LDAPError(Exception):
|
class LDAPError(Exception):
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
Loading…
x
Reference in New Issue
Block a user