diff --git a/app/models.py b/app/models.py index db399e3..fe16422 100644 --- a/app/models.py +++ b/app/models.py @@ -20,6 +20,8 @@ if 'LDAP_TYPE' in app.config.keys(): LDAP_PASSWORD = app.config['LDAP_PASSWORD'] LDAP_SEARCH_BASE = app.config['LDAP_SEARCH_BASE'] LDAP_TYPE = app.config['LDAP_TYPE'] + LDAP_FILTER = app.config['LDAP_FILTER'] + LDAP_USERNAMEFIELD = app.config['LDAP_USERNAMEFIELD'] else: LDAP_TYPE = False @@ -155,7 +157,8 @@ class User(db.Model): return False if LDAP_TYPE == 'ldap': - searchFilter = "cn=%s" % self.username + searchFilter = "(&(%s=%s)%s)" % (LDAP_USERNAMEFIELD, self.username, LDAP_FILTER) + logging.info('Ldap searchFilter "%s"' % searchFilter) else: searchFilter = "(&(objectcategory=person)(samaccountname=%s))" % self.username try: @@ -188,6 +191,7 @@ class User(db.Model): # this might be changed in the future self.firstname = result[0][0][1]['givenName'][0] self.lastname = result[0][0][1]['sn'][0] + self.email = result[0][0][1]['mail'][0] except: self.firstname = self.username self.lastname = '' @@ -214,7 +218,7 @@ class User(db.Model): We will create a local user (in DB) in order to manage user profile such as name, roles,... """ - user = User(username=self.username, firstname=self.firstname, lastname=self.lastname, role_id=self.role_id) + user = User(username=self.username, firstname=self.firstname, lastname=self.lastname, role_id=self.role_id, email=self.email) db.session.add(user) db.session.commit() # assgine user_id to current_user after create in the DB diff --git a/app/templates/login.html b/app/templates/login.html index d15a0ca..e36035b 100644 --- a/app/templates/login.html +++ b/app/templates/login.html @@ -50,7 +50,7 @@
-

Sign In

+

Sign In {{ login_title }}

{% if error %}
@@ -74,7 +74,9 @@
Remember Forgot Password?
+ {% if signup_enabled %} + {% endif %}
diff --git a/app/views.py b/app/views.py index a4a8bb8..fb4ef7a 100644 --- a/app/views.py +++ b/app/views.py @@ -66,7 +66,10 @@ def login(): if request.method == 'GET': LDAP_ENABLED = True if 'LDAP_TYPE' in app.config.keys() else False - return render_template('login.html', ldap_enabled=LDAP_ENABLED) + LOGIN_TITLE = app.config['LOGIN_TITLE'] if 'LOGIN_TITLE' in app.config.keys() else '' + BASIC_ENABLED = app.config['BASIC_ENABLED'] + SIGNUP_ENABLED = app.config['SIGNUP_ENABLED'] + return render_template('login.html', ldap_enabled=LDAP_ENABLED, login_title=LOGIN_TITLE, basic_enabled=BASIC_ENABLED, signup_enabled=SIGNUP_ENABLED) # process login username = request.form['username'] diff --git a/config_template.py b/config_template.py index 0e8f5ae..c8c205d 100644 --- a/config_template.py +++ b/config_template.py @@ -6,6 +6,7 @@ WTF_CSRF_ENABLED = True SECRET_KEY = 'We are the world' BIND_ADDRESS = '127.0.0.1' PORT = 9393 +LOGIN_TITLE = "PDNS" # TIMEOUT - for large zones TIMEOUT = 10 @@ -28,6 +29,13 @@ LDAP_URI = 'ldaps://your-ldap-server:636' LDAP_USERNAME = 'cn=dnsuser,ou=users,ou=services,dc=duykhanh,dc=me' LDAP_PASSWORD = 'dnsuser' LDAP_SEARCH_BASE = 'ou=System Admins,ou=People,dc=duykhanh,dc=me' +# Additional options only if LDAP_TYPE=ldap +LDAP_USERNAMEFIELD = 'uid' +LDAP_FILTER = '(objectClass=inetorgperson)' + +#Default Auth +BASIC_ENABLED = True +SIGNUP_ENABLED = True # POWERDNS CONFIG PDNS_STATS_URL = 'http://172.16.214.131:8081/'