From 0436d69ea63e6896809ae225cadd95dd866ae56f Mon Sep 17 00:00:00 2001 From: Vadim Aleksandrov Date: Fri, 9 Feb 2018 15:41:19 +0300 Subject: [PATCH] Adding the ability to use 'LDAP_USERNAMEFIELD' and 'LDAP_FILTER' in case of use with Active Directory for authorization --- app/models.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/app/models.py b/app/models.py index 39875e7..6f7e1af 100644 --- a/app/models.py +++ b/app/models.py @@ -187,11 +187,13 @@ class User(db.Model): logging.error('LDAP authentication is disabled') return False - searchFilter = "(&(objectcategory=person)(samaccountname=%s))" % self.username - if LDAP_TYPE == 'ldap': - searchFilter = "(&(%s=%s)(%s))" % (LDAP_USERNAMEFIELD, self.username, LDAP_FILTER) - logging.info('Ldap searchFilter "%s"' % searchFilter) + if LDAP_TYPE == 'ad': + searchFilter = "(&(objectcategory=person)(%s=%s)(%s))" % (LDAP_USERNAMEFIELD, self.username, LDAP_FILTER) + elif LDAP_TYPE == 'ldap': + searchFilter = "(&(%s=%s)(%s))" % (LDAP_USERNAMEFIELD, self.username, LDAP_FILTER) + + logging.info('Ldap searchFilter "%s"' % searchFilter) result = self.ldap_search(searchFilter, LDAP_SEARCH_BASE) if not result: logging.warning('User "%s" does not exist' % self.username)