cwinfo/powerdns-admin
5
0
Fork 0
mirror of https://github.com/cwinfo/powerdns-admin.git synced 2024-11-09 23:20:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'hotfix-ldap' of https://github.com/verdel/PowerDNS-Admin into ldapfix-verdel

Browse Source
This commit is contained in:
thomasDOTde 2018-02-10 13:01:04 +01:00
commit 534b9739c2
1 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
app/models.py
View File

@ -9,6 +9,7 @@ import traceback
import pyotp import pyotp
import re import re
import dns.reversename import dns.reversename
import sys
from datetime import datetime from datetime import datetime
from distutils.util import strtobool from distutils.util import strtobool
@ -192,11 +193,13 @@ class User(db.Model):
logging.error('LDAP authentication is disabled') logging.error('LDAP authentication is disabled')
return False return False
searchFilter = "(&(objectcategory=person)(samaccountname=%s))" % self.username if LDAP_TYPE == 'ad':
if LDAP_TYPE == 'ldap': searchFilter = "(&(objectcategory=person)(%s=%s)(%s))" % (LDAP_USERNAMEFIELD, self.username, LDAP_FILTER)
searchFilter = "(&(%s=%s)%s)" % (LDAP_USERNAMEFIELD, self.username, LDAP_FILTER)
logging.info('Ldap searchFilter "%s"' % searchFilter)
elif LDAP_TYPE == 'ldap':
searchFilter = "(&(%s=%s)(%s))" % (LDAP_USERNAMEFIELD, self.username, LDAP_FILTER)
logging.info('Ldap searchFilter "%s"' % searchFilter)
result = self.ldap_search(searchFilter, LDAP_SEARCH_BASE) result = self.ldap_search(searchFilter, LDAP_SEARCH_BASE)
if not result: if not result:
logging.warning('User "%s" does not exist' % self.username) logging.warning('User "%s" does not exist' % self.username)
@ -249,7 +252,7 @@ class User(db.Model):
except: except:
logging.error('LDAP group lookup for user "%s" has failed' % self.username) logging.error('LDAP group lookup for user "%s" has failed' % self.username)
logging.info('User "%s" logged in successfully' % self.username) logging.info('User "%s" logged in successfully' % self.username)
# create user if not exist in the db # create user if not exist in the db
if User.query.filter(User.username == self.username).first() == None: if User.query.filter(User.username == self.username).first() == None:
try: try:
@ -257,6 +260,13 @@ class User(db.Model):
# this might be changed in the future # this might be changed in the future
self.firstname = result[0][0][1]['givenName'][0] self.firstname = result[0][0][1]['givenName'][0]
self.lastname = result[0][0][1]['sn'][0] self.lastname = result[0][0][1]['sn'][0]
self.email = result[0][0][1]['mail'][0]
if sys.version_info < (3,):
if isinstance(self.firstname, str):
self.firstname = self.firstname.decode('utf-8')
if isinstance(self.lastname, str):
self.lastname = self.lastname.decode('utf-8')
except: except:
self.firstname = self.username self.firstname = self.username
self.lastname = '' self.lastname = ''
@ -266,8 +276,8 @@ class User(db.Model):
self.role_id = Role.query.filter_by(name='Administrator').first().id self.role_id = Role.query.filter_by(name='Administrator').first().id
else: else:
self.role_id = Role.query.filter_by(name='User').first().id self.role_id = Role.query.filter_by(name='User').first().id
# #
if LDAP_GROUP_SECURITY: if LDAP_GROUP_SECURITY:
if isadmin == True: if isadmin == True:
self.role_id = Role.query.filter_by(name='Administrator').first().id self.role_id = Role.query.filter_by(name='Administrator').first().id