Merge pull request #23 from thomasDOTde/ldapfix-verdel

Fix some issues with LDAP authorization Thanks to @verdel for contribution!
2025-01-29 21:24:40 +00:00 · 2018-02-10 13:11:49 +01:00 · 2018-02-10 13:11:49 +01:00 · e144cf4fd9
commit e144cf4fd9
parent 7e06221e8d 534b9739c2
1 changed files with 17 additions and 7 deletions
--- a/app/models.py
+++ b/app/models.py
@ -9,6 +9,7 @@ import traceback
 import pyotp
 import re
 import dns.reversename
 import sys
 from datetime import datetime
 from distutils.util import strtobool
@ -192,11 +193,13 @@ class User(db.Model):
                logging.error('LDAP authentication is disabled')
                return False
-            searchFilter = "(&(objectcategory=person)(samaccountname=%s))" % self.username
+            if LDAP_TYPE == 'ad':
-            if LDAP_TYPE == 'ldap':
+                searchFilter = "(&(objectcategory=person)(%s=%s)(%s))" % (LDAP_USERNAMEFIELD, self.username, LDAP_FILTER)
              searchFilter = "(&(%s=%s)%s)" % (LDAP_USERNAMEFIELD, self.username, LDAP_FILTER)
              logging.info('Ldap searchFilter "%s"' % searchFilter)
            elif LDAP_TYPE == 'ldap':
                searchFilter = "(&(%s=%s)(%s))" % (LDAP_USERNAMEFIELD, self.username, LDAP_FILTER)
            logging.info('Ldap searchFilter "%s"' % searchFilter)
            result = self.ldap_search(searchFilter, LDAP_SEARCH_BASE)
            if not result:
                logging.warning('User "%s" does not exist' % self.username)
@ -257,6 +260,13 @@ class User(db.Model):
                            # this might be changed in the future
                            self.firstname = result[0][0][1]['givenName'][0]
                            self.lastname = result[0][0][1]['sn'][0]
                            self.email = result[0][0][1]['mail'][0]
                            if sys.version_info < (3,):
                              if isinstance(self.firstname, str):
                                  self.firstname = self.firstname.decode('utf-8')
                              if isinstance(self.lastname, str):
                                  self.lastname = self.lastname.decode('utf-8')
                        except:
                            self.firstname = self.username
                            self.lastname = ''