Merge branch 'hotfix-ldap' of https://github.com/verdel/PowerDNS-Admin into ldapfix-verdel

This commit is contained in:
thomasDOTde 2018-02-10 13:01:04 +01:00
commit 534b9739c2

View File

@ -9,6 +9,7 @@ import traceback
import pyotp
import re
import dns.reversename
import sys
from datetime import datetime
from distutils.util import strtobool
@ -192,11 +193,13 @@ class User(db.Model):
logging.error('LDAP authentication is disabled')
return False
searchFilter = "(&(objectcategory=person)(samaccountname=%s))" % self.username
if LDAP_TYPE == 'ldap':
searchFilter = "(&(%s=%s)%s)" % (LDAP_USERNAMEFIELD, self.username, LDAP_FILTER)
logging.info('Ldap searchFilter "%s"' % searchFilter)
if LDAP_TYPE == 'ad':
searchFilter = "(&(objectcategory=person)(%s=%s)(%s))" % (LDAP_USERNAMEFIELD, self.username, LDAP_FILTER)
elif LDAP_TYPE == 'ldap':
searchFilter = "(&(%s=%s)(%s))" % (LDAP_USERNAMEFIELD, self.username, LDAP_FILTER)
logging.info('Ldap searchFilter "%s"' % searchFilter)
result = self.ldap_search(searchFilter, LDAP_SEARCH_BASE)
if not result:
logging.warning('User "%s" does not exist' % self.username)
@ -249,7 +252,7 @@ class User(db.Model):
except:
logging.error('LDAP group lookup for user "%s" has failed' % self.username)
logging.info('User "%s" logged in successfully' % self.username)
# create user if not exist in the db
if User.query.filter(User.username == self.username).first() == None:
try:
@ -257,6 +260,13 @@ class User(db.Model):
# this might be changed in the future
self.firstname = result[0][0][1]['givenName'][0]
self.lastname = result[0][0][1]['sn'][0]
self.email = result[0][0][1]['mail'][0]
if sys.version_info < (3,):
if isinstance(self.firstname, str):
self.firstname = self.firstname.decode('utf-8')
if isinstance(self.lastname, str):
self.lastname = self.lastname.decode('utf-8')
except:
self.firstname = self.username
self.lastname = ''
@ -266,8 +276,8 @@ class User(db.Model):
self.role_id = Role.query.filter_by(name='Administrator').first().id
else:
self.role_id = Role.query.filter_by(name='User').first().id
#
#
if LDAP_GROUP_SECURITY:
if isadmin == True:
self.role_id = Role.query.filter_by(name='Administrator').first().id