Changed LDAP code to work with Active Directory

043e3023 · Julian Rother · 399a086d · 043e3023 · 043e3023
Commit 043e3023 authored 8 years ago by Julian Rother
--- a/db.py
+++ b/db.py
@@ -152,24 +152,15 @@ if 'LDAP_HOST' in config:
 	def ldapauth(user, password):
 		user = LDAP_USERRE.sub(r'', user.lower())
 		try:
-			conn = ldap3.Connection(ldap3.Server(config['LDAP_HOST'], port=config['LDAP_PORT'], use_ssl=True), 'uid=%s,ou=users,dc=fsmpi,dc=rwth-aachen,dc=de'%user, password, auto_bind=True)
-			groups = []
-			if conn.search("ou=groups,dc=fsmpi,dc=rwth-aachen,dc=de", "(&(cn=*)(memberUid=%s))"%user, attributes=['cn']):
-				groups = [e['attributes']['cn'][0] for e in conn.response]
+			conn = ldap3.Connection(ldap3.Server(config['LDAP_HOST'], port=config['LDAP_PORT'], use_ssl=True), 'fsmpi\\%s'%user, password, auto_bind=True)
+		except ldap3.core.exceptions.LDAPBindError:
+			return {}, []
+		conn.search("cn=users,dc=fsmpi,dc=rwth-aachen,dc=de", "(cn=%s)"%user, attributes=['memberOf', 'givenName', 'sn'])
+		info = dict(conn.response[0]['attributes'])
+		info['uid'] = user
+		groups = [g.split(',')[0].split('=')[-1] for g in info['memberOf']]
 		conn.unbind()
-			return user, groups
-		except ldap3.core.exceptions.LDAPExceptionError:
-			return None, []
-
-	def ldapget(user):
-		user = LDAP_USERRE.sub(r'', user.lower())
-		conn = ldap3.Connection(ldap3.Server(config['LDAP_HOST'], port=config['LDAP_PORT'], use_ssl=True), auto_bind=True)
-		conn.search("ou=users,dc=fsmpi,dc=rwth-aachen,dc=de", "(uid=%s)"%user,
-				attributes=ldap3.ALL_ATTRIBUTES)
-		if not conn.response:
-			return {}
-		e = conn.response[0]
-		return {'uid': user, 'givenName': e['attributes']['givenName'][0], 'sn':e['attributes']['sn'][0]}
+		return info, groups

 else:
 	notldap = {
@@ -180,9 +171,5 @@ else:
 	def ldapauth(user, password):
 		user = LDAP_USERRE.sub(r'', user.lower())
 		if config.get('DEBUG') and user in notldap and password == notldap[user][0]:
-			return user, notldap[user][1]
-		return None, []
-
-	def ldapget(user):
-		user = LDAP_USERRE.sub(r'', user.lower())
-		return notldap[user][2]
+			return notldap[user][2], notldap[user][1]
+		return {}, []
--- a/server.py
+++ b/server.py
@@ -72,7 +72,7 @@ app.jinja_env.globals['gitversion'] = { 'hash': output[1], 'longhash': output[0]
 if not config.get('SECRET_KEY', None):
 	config['SECRET_KEY'] = os.urandom(24)

-from db import query, modify, show, searchquery, ldapauth, ldapget
+from db import query, modify, show, searchquery, ldapauth

 mod_endpoints = []

@@ -502,17 +502,18 @@ def search():
 	return render_template('search.html', searchtext=request.args['q'], courses=courses, lectures=lectures)

 def check_mod(user, groups):
-	return user and 'users' in groups
+	return user and 'fachschaft' in groups

 @app.route('/internal/login', methods=['GET', 'POST'])
 def login():
 	if request.method == 'GET':
 		return render_template('login.html')
-	user, groups = ldapauth(request.form.get('user'), request.form.get('password'))
+	userinfo, groups = ldapauth(request.form.get('user'), request.form.get('password'))
+	user = userinfo.get('uid')
 	if not check_mod(user, groups):
 		flash('Login fehlgeschlagen!')
 		return render_template('login.html')
-	session['user'] = ldapget(user)
+	session['user'] = userinfo
 	dbuser = query('SELECT * FROM users WHERE name = ?', user)
 	if not dbuser:
 		modify('INSERT INTO users (name, realname, fsacc, level, calendar_key, rfc6238) VALUES (?, ?, ?, 1, "", "")', user, session['user']['givenName'], user)