Skip to content
Snippets Groups Projects
Commit ea9aa850 authored by Julian Rother's avatar Julian Rother
Browse files

Adapt code to ldapserver API changes

parent 2709bea1
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 13 additions and 13 deletions
server.py
+ 13
13
View file @ ea9aa850
...@@ -6,7 +6,7 @@ from cachecontrol import CacheControl ...@@ -6,7 +6,7 @@ from cachecontrol import CacheControl
from cachecontrol.heuristics import ExpiresAfter from cachecontrol.heuristics import ExpiresAfter
from ldapserver import SimpleLDAPRequestHandler from ldapserver import SimpleLDAPRequestHandler
from ldapserver.dn import DN, RDN from ldapserver.dn import DN
from ldapserver.ldap import FilterEqual, FilterAnd from ldapserver.ldap import FilterEqual, FilterAnd
from ldapserver.directory import BaseDirectory, SimpleFilterMixin, StaticDirectory, eval_ldap_filter from ldapserver.directory import BaseDirectory, SimpleFilterMixin, StaticDirectory, eval_ldap_filter
from ldapserver.util import encode_attribute, CaseInsensitiveDict from ldapserver.util import encode_attribute, CaseInsensitiveDict
...@@ -51,9 +51,9 @@ class UserDirectory(SimpleFilterMixin, BaseDirectory): ...@@ -51,9 +51,9 @@ class UserDirectory(SimpleFilterMixin, BaseDirectory):
sn=[encode_attribute(' ')], sn=[encode_attribute(' ')],
uid=[encode_attribute(user['loginname'])], uid=[encode_attribute(user['loginname'])],
uidNumber=[encode_attribute(user['id'])], uidNumber=[encode_attribute(user['id'])],
memberOf=[encode_attribute(DN(RDN(cn=group)) + self.group_dn_base) for group in user['groups']], memberOf=[encode_attribute(DN(cn=group) + self.group_dn_base) for group in user['groups']],
) )
dn = str(DN(RDN(uid=user['loginname'])) + self.dn_base) dn = str(DN(uid=user['loginname']) + self.dn_base)
return dn, attributes return dn, attributes
def get_best_api_param(self, expr): def get_best_api_param(self, expr):
...@@ -64,7 +64,7 @@ class UserDirectory(SimpleFilterMixin, BaseDirectory): ...@@ -64,7 +64,7 @@ class UserDirectory(SimpleFilterMixin, BaseDirectory):
if isinstance(expr, FilterEqual) and expr.attribute.lower() == 'mail': if isinstance(expr, FilterEqual) and expr.attribute.lower() == 'mail':
return 'email', expr.value return 'email', expr.value
if isinstance(expr, FilterEqual) and expr.attribute.lower() == 'memberof': if isinstance(expr, FilterEqual) and expr.attribute.lower() == 'memberof':
group_dn = DN(expr.value.decode()) group_dn = DN.from_str(expr.value.decode())
if group_dn.is_direct_child_of(self.group_dn_base) and len(group_dn[0]) == 1 and group_dn[0][0].attribute == 'cn': if group_dn.is_direct_child_of(self.group_dn_base) and len(group_dn[0]) == 1 and group_dn[0][0].attribute == 'cn':
return 'group', group_dn[0][0].value return 'group', group_dn[0][0].value
if isinstance(expr, FilterAnd): if isinstance(expr, FilterAnd):
...@@ -88,7 +88,7 @@ class UserDirectory(SimpleFilterMixin, BaseDirectory): ...@@ -88,7 +88,7 @@ class UserDirectory(SimpleFilterMixin, BaseDirectory):
def filter_equal(self, attribute, value): def filter_equal(self, attribute, value):
if attribute == 'memberof': if attribute == 'memberof':
value = str(DN(value.decode())).encode() value = str(DN.from_str(value.decode())).encode()
return super().filter_equal(attribute, value) return super().filter_equal(attribute, value)
class GroupDirectory(SimpleFilterMixin, BaseDirectory): class GroupDirectory(SimpleFilterMixin, BaseDirectory):
...@@ -107,9 +107,9 @@ class GroupDirectory(SimpleFilterMixin, BaseDirectory): ...@@ -107,9 +107,9 @@ class GroupDirectory(SimpleFilterMixin, BaseDirectory):
cn=[encode_attribute(group['name'])], cn=[encode_attribute(group['name'])],
description=[encode_attribute(' ')], description=[encode_attribute(' ')],
gidNumber=[encode_attribute(group['id'])], gidNumber=[encode_attribute(group['id'])],
uniqueMember=[encode_attribute(DN(RDN(uid=user)) + self.user_dn_base) for user in group['members']], uniqueMember=[encode_attribute(DN(uid=user) + self.user_dn_base) for user in group['members']],
) )
dn = str(DN(RDN(cn=group['name'])) + self.dn_base) dn = str(DN(cn=group['name']) + self.dn_base)
return dn, attributes return dn, attributes
def get_best_api_param(self, expr): def get_best_api_param(self, expr):
...@@ -118,7 +118,7 @@ class GroupDirectory(SimpleFilterMixin, BaseDirectory): ...@@ -118,7 +118,7 @@ class GroupDirectory(SimpleFilterMixin, BaseDirectory):
elif isinstance(expr, FilterEqual) and expr.attribute.lower() == 'gidnumber': elif isinstance(expr, FilterEqual) and expr.attribute.lower() == 'gidnumber':
return 'id', expr.value return 'id', expr.value
elif isinstance(expr, FilterEqual) and expr.attribute.lower() == 'uniquemember': elif isinstance(expr, FilterEqual) and expr.attribute.lower() == 'uniquemember':
user_dn = DN(expr.value.decode()) user_dn = DN.from_str(expr.value.decode())
if user_dn.is_direct_child_of(self.user_dn_base) and len(user_dn[0]) == 1 and user_dn[0][0].attribute == 'uid': if user_dn.is_direct_child_of(self.user_dn_base) and len(user_dn[0]) == 1 and user_dn[0][0].attribute == 'uid':
return 'member', user_dn[0][0].value return 'member', user_dn[0][0].value
if isinstance(expr, FilterAnd): if isinstance(expr, FilterAnd):
...@@ -142,7 +142,7 @@ class GroupDirectory(SimpleFilterMixin, BaseDirectory): ...@@ -142,7 +142,7 @@ class GroupDirectory(SimpleFilterMixin, BaseDirectory):
def filter_equal(self, attribute, value): def filter_equal(self, attribute, value):
if attribute == 'uniquemember': if attribute == 'uniquemember':
value = str(DN(value.decode())).encode() value = str(DN.from_str(value.decode())).encode()
return super().filter_equal(attribute, value) return super().filter_equal(attribute, value)
class RequestHandler(SimpleLDAPRequestHandler): class RequestHandler(SimpleLDAPRequestHandler):
...@@ -171,7 +171,7 @@ class RequestHandler(SimpleLDAPRequestHandler): ...@@ -171,7 +171,7 @@ class RequestHandler(SimpleLDAPRequestHandler):
def do_bind_simple_authenticated(self, dn, password): def do_bind_simple_authenticated(self, dn, password):
print('BIND plain', dn) print('BIND plain', dn)
dn = DN(dn) dn = DN.from_str(dn)
if dn == self.bind_dn and password == self.bind_password: if dn == self.bind_dn and password == self.bind_password:
return True return True
if not dn.is_direct_child_of(DN('ou=users') + self.dn_base) or len(dn[0]) != 1 or dn[0][0].attribute != 'uid': if not dn.is_direct_child_of(DN('ou=users') + self.dn_base) or len(dn[0]) != 1 or dn[0][0].attribute != 'uid':
...@@ -200,7 +200,7 @@ class RequestHandler(SimpleLDAPRequestHandler): ...@@ -200,7 +200,7 @@ class RequestHandler(SimpleLDAPRequestHandler):
yield from self.group_directory.search(baseobj, scope, filter) yield from self.group_directory.search(baseobj, scope, filter)
def main(config): def main(config):
dn_base = DN(config['dn_base']) dn_base = DN.from_str(config['dn_base'])
api = UffdAPI(config['api_baseurl'], config['api_key'], config.get('cache_ttl', 60)) api = UffdAPI(config['api_baseurl'], config['api_key'], config.get('cache_ttl', 60))
user_directory = UserDirectory(api, dn_base) user_directory = UserDirectory(api, dn_base)
group_directory = GroupDirectory(api, dn_base) group_directory = GroupDirectory(api, dn_base)
...@@ -210,8 +210,8 @@ def main(config): ...@@ -210,8 +210,8 @@ def main(config):
'objectClass': ['top', 'dcObject', 'organization'], 'objectClass': ['top', 'dcObject', 'organization'],
'structuralObjectClass': ['organization'], 'structuralObjectClass': ['organization'],
} }
for attr, value in dn_base[0]: for rdnassertion in dn_base[0]:
base_attrs[attr] = [value] base_attrs[rdnassertion.attribute] = [rdnassertion.value]
static_directory.add(dn_base, base_attrs) static_directory.add(dn_base, base_attrs)
static_directory.add(DN('ou=users') + dn_base, { static_directory.add(DN('ou=users') + dn_base, {
'ou': ['users'], 'ou': ['users'],
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Impressum - Datenschutzerklärung