Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Video AG Infrastruktur
website
Commits
043e3023
Commit
043e3023
authored
May 19, 2017
by
Julian Rother
Browse files
Changed LDAP code to work with Active Directory
parent
399a086d
Changes
2
Hide whitespace changes
Inline
Side-by-side
db.py
View file @
043e3023
...
...
@@ -152,24 +152,15 @@ if 'LDAP_HOST' in config:
def
ldapauth
(
user
,
password
):
user
=
LDAP_USERRE
.
sub
(
r
''
,
user
.
lower
())
try
:
conn
=
ldap3
.
Connection
(
ldap3
.
Server
(
config
[
'LDAP_HOST'
],
port
=
config
[
'LDAP_PORT'
],
use_ssl
=
True
),
'uid=%s,ou=users,dc=fsmpi,dc=rwth-aachen,dc=de'
%
user
,
password
,
auto_bind
=
True
)
groups
=
[]
if
conn
.
search
(
"ou=groups,dc=fsmpi,dc=rwth-aachen,dc=de"
,
"(&(cn=*)(memberUid=%s))"
%
user
,
attributes
=
[
'cn'
]):
groups
=
[
e
[
'attributes'
][
'cn'
][
0
]
for
e
in
conn
.
response
]
conn
.
unbind
()
return
user
,
groups
except
ldap3
.
core
.
exceptions
.
LDAPExceptionError
:
return
None
,
[]
def
ldapget
(
user
):
user
=
LDAP_USERRE
.
sub
(
r
''
,
user
.
lower
())
conn
=
ldap3
.
Connection
(
ldap3
.
Server
(
config
[
'LDAP_HOST'
],
port
=
config
[
'LDAP_PORT'
],
use_ssl
=
True
),
auto_bind
=
True
)
conn
.
search
(
"ou=users,dc=fsmpi,dc=rwth-aachen,dc=de"
,
"(uid=%s)"
%
user
,
attributes
=
ldap3
.
ALL_ATTRIBUTES
)
if
not
conn
.
response
:
return
{}
e
=
conn
.
response
[
0
]
return
{
'uid'
:
user
,
'givenName'
:
e
[
'attributes'
][
'givenName'
][
0
],
'sn'
:
e
[
'attributes'
][
'sn'
][
0
]}
conn
=
ldap3
.
Connection
(
ldap3
.
Server
(
config
[
'LDAP_HOST'
],
port
=
config
[
'LDAP_PORT'
],
use_ssl
=
True
),
'fsmpi
\\
%s'
%
user
,
password
,
auto_bind
=
True
)
except
ldap3
.
core
.
exceptions
.
LDAPBindError
:
return
{},
[]
conn
.
search
(
"cn=users,dc=fsmpi,dc=rwth-aachen,dc=de"
,
"(cn=%s)"
%
user
,
attributes
=
[
'memberOf'
,
'givenName'
,
'sn'
])
info
=
dict
(
conn
.
response
[
0
][
'attributes'
])
info
[
'uid'
]
=
user
groups
=
[
g
.
split
(
','
)[
0
].
split
(
'='
)[
-
1
]
for
g
in
info
[
'memberOf'
]]
conn
.
unbind
()
return
info
,
groups
else
:
notldap
=
{
...
...
@@ -180,9 +171,5 @@ else:
def
ldapauth
(
user
,
password
):
user
=
LDAP_USERRE
.
sub
(
r
''
,
user
.
lower
())
if
config
.
get
(
'DEBUG'
)
and
user
in
notldap
and
password
==
notldap
[
user
][
0
]:
return
user
,
notldap
[
user
][
1
]
return
None
,
[]
def
ldapget
(
user
):
user
=
LDAP_USERRE
.
sub
(
r
''
,
user
.
lower
())
return
notldap
[
user
][
2
]
return
notldap
[
user
][
2
],
notldap
[
user
][
1
]
return
{},
[]
server.py
View file @
043e3023
...
...
@@ -72,7 +72,7 @@ app.jinja_env.globals['gitversion'] = { 'hash': output[1], 'longhash': output[0]
if
not
config
.
get
(
'SECRET_KEY'
,
None
):
config
[
'SECRET_KEY'
]
=
os
.
urandom
(
24
)
from
db
import
query
,
modify
,
show
,
searchquery
,
ldapauth
,
ldapget
from
db
import
query
,
modify
,
show
,
searchquery
,
ldapauth
mod_endpoints
=
[]
...
...
@@ -502,17 +502,18 @@ def search():
return
render_template
(
'search.html'
,
searchtext
=
request
.
args
[
'q'
],
courses
=
courses
,
lectures
=
lectures
)
def
check_mod
(
user
,
groups
):
return
user
and
'
users
'
in
groups
return
user
and
'
fachschaft
'
in
groups
@
app
.
route
(
'/internal/login'
,
methods
=
[
'GET'
,
'POST'
])
def
login
():
if
request
.
method
==
'GET'
:
return
render_template
(
'login.html'
)
user
,
groups
=
ldapauth
(
request
.
form
.
get
(
'user'
),
request
.
form
.
get
(
'password'
))
userinfo
,
groups
=
ldapauth
(
request
.
form
.
get
(
'user'
),
request
.
form
.
get
(
'password'
))
user
=
userinfo
.
get
(
'uid'
)
if
not
check_mod
(
user
,
groups
):
flash
(
'Login fehlgeschlagen!'
)
return
render_template
(
'login.html'
)
session
[
'user'
]
=
ldapget
(
user
)
session
[
'user'
]
=
userinfo
dbuser
=
query
(
'SELECT * FROM users WHERE name = ?'
,
user
)
if
not
dbuser
:
modify
(
'INSERT INTO users (name, realname, fsacc, level, calendar_key, rfc6238) VALUES (?, ?, ?, 1, "", "")'
,
user
,
session
[
'user'
][
'givenName'
],
user
)
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment