From de62f54de8cb38f1912861c431ae0c840cac1b23 Mon Sep 17 00:00:00 2001
From: Julian Rother <julianr@fsmpi.rwth-aachen.de>
Date: Thu, 25 Feb 2021 16:10:06 +0100
Subject: [PATCH] Readded ldap starttls support after accidentally removing it
 in a721ff1

---
 uffd/ldap.py          | 3 ++-
 uffd/session/views.py | 6 ++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/uffd/ldap.py b/uffd/ldap.py
index 67e627c9..2bbbaf67 100644
--- a/uffd/ldap.py
+++ b/uffd/ldap.py
@@ -46,7 +46,8 @@ class FlaskLDAPMapper(LDAPMapper):
 				current_app.ldap_mock.bind()
 			return current_app.ldap_mock
 		server = ldap3.Server(current_app.config["LDAP_SERVICE_URL"], get_info=ldap3.ALL)
+		auto_bind = ldap3.AUTO_BIND_TLS_BEFORE_BIND if current_app.config["LDAP_SERVICE_USE_STARTTLS"] else True
 		return ldap3.Connection(server, current_app.config["LDAP_SERVICE_BIND_DN"],
-		                        current_app.config["LDAP_SERVICE_BIND_PASSWORD"], auto_bind=True)
+		                        current_app.config["LDAP_SERVICE_BIND_PASSWORD"], auto_bind=auto_bind)
 
 ldap = FlaskLDAPMapper()
diff --git a/uffd/session/views.py b/uffd/session/views.py
index cad80b2d..a235e3fc 100644
--- a/uffd/session/views.py
+++ b/uffd/session/views.py
@@ -6,6 +6,7 @@ from flask import Blueprint, render_template, request, url_for, redirect, flash,
 
 import ldap3
 from ldap3.core.exceptions import LDAPBindError, LDAPPasswordIsMandatoryError
+from ldapalchemy.core import encode_filter
 
 from uffd.user.models import User
 from uffd.ldap import ldap
@@ -31,11 +32,12 @@ def login_get_user(loginname, password):
 			return None
 	else:
 		server = ldap3.Server(current_app.config["LDAP_SERVICE_URL"], get_info=ldap3.ALL)
+		auto_bind = ldap3.AUTO_BIND_TLS_BEFORE_BIND if current_app.config["LDAP_SERVICE_USE_STARTTLS"] else True
 		try:
-			conn = ldap3.Connection(server, dn, password, auto_bind=True)
+			conn = ldap3.Connection(server, dn, password, auto_bind=auto_bind)
 		except (LDAPBindError, LDAPPasswordIsMandatoryError):
 			return None
-	conn.search(conn.user, '(objectClass=person)')
+	conn.search(conn.user, encode_filter(current_app.config["LDAP_USER_SEARCH_FILTER"]))
 	if len(conn.entries) != 1:
 		return None
 	return User.query.get(dn)
-- 
GitLab