Merge pull request #23 from thomasDOTde/ldapfix-verdel

Fix some issues with LDAP authorization Thanks to @verdel for contribution!
2024-11-09 23:20:27 +00:00 · 2018-02-10 13:11:49 +01:00 · 2018-02-10 13:11:49 +01:00 · e144cf4fd9
commit e144cf4fd9
parent 7e06221e8d 534b9739c2
1 changed files with 17 additions and 7 deletions
--- a/app/models.py
+++ b/app/models.py
@ -9,6 +9,7 @@ import traceback
 import pyotp
 import re
 import dns.reversename
+import sys

 from datetime import datetime
 from distutils.util import strtobool
@ -192,11 +193,13 @@ class User(db.Model):
                logging.error('LDAP authentication is disabled')
                return False

-            searchFilter = "(&(objectcategory=person)(samaccountname=%s))" % self.username
-            if LDAP_TYPE == 'ldap':
-              searchFilter = "(&(%s=%s)%s)" % (LDAP_USERNAMEFIELD, self.username, LDAP_FILTER)
-              logging.info('Ldap searchFilter "%s"' % searchFilter)
+            if LDAP_TYPE == 'ad':
+                searchFilter = "(&(objectcategory=person)(%s=%s)(%s))" % (LDAP_USERNAMEFIELD, self.username, LDAP_FILTER)

+            elif LDAP_TYPE == 'ldap':
+                searchFilter = "(&(%s=%s)(%s))" % (LDAP_USERNAMEFIELD, self.username, LDAP_FILTER)
+
+            logging.info('Ldap searchFilter "%s"' % searchFilter)
            result = self.ldap_search(searchFilter, LDAP_SEARCH_BASE)
            if not result:
                logging.warning('User "%s" does not exist' % self.username)
@ -249,7 +252,7 @@ class User(db.Model):
                        except:
                            logging.error('LDAP group lookup for user "%s" has failed' % self.username)
                    logging.info('User "%s" logged in successfully' % self.username)
-                    
+
                    # create user if not exist in the db
                    if User.query.filter(User.username == self.username).first() == None:
                        try:
@ -257,6 +260,13 @@ class User(db.Model):
                            # this might be changed in the future
                            self.firstname = result[0][0][1]['givenName'][0]
                            self.lastname = result[0][0][1]['sn'][0]
+                            self.email = result[0][0][1]['mail'][0]
+
+                            if sys.version_info < (3,):
+                              if isinstance(self.firstname, str):
+                                  self.firstname = self.firstname.decode('utf-8')
+                              if isinstance(self.lastname, str):
+                                  self.lastname = self.lastname.decode('utf-8')
                        except:
                            self.firstname = self.username
                            self.lastname = ''
@ -266,8 +276,8 @@ class User(db.Model):
                            self.role_id = Role.query.filter_by(name='Administrator').first().id
                        else:
                            self.role_id = Role.query.filter_by(name='User').first().id
-                            
-                        # 
+
+                        #
                        if LDAP_GROUP_SECURITY:
                            if isadmin == True:
                                self.role_id = Role.query.filter_by(name='Administrator').first().id