Commit 6c0e7b97 authored by Jens Langhammer's avatar Jens Langhammer

ldap: rewrite Connector to use Source DB Entries

parent 98e10a1c
......@@ -4,6 +4,7 @@ from logging import getLogger
from django.contrib.auth.backends import ModelBackend
from passbook.ldap.ldap_connector import LDAPConnector
from passbook.ldap.models import LDAPSource
LOGGER = getLogger(__name__)
......@@ -15,7 +16,9 @@ class LDAPBackend(ModelBackend):
"""Try to authenticate a user via ldap"""
if 'password' not in kwargs:
return None
if not LDAPConnector.enabled:
return None
_ldap = LDAPConnector()
return _ldap.auth_user(**kwargs)
for source in LDAPSource.objects.filter(enabled=True):
_ldap = LDAPConnector(source)
user = _ldap.auth_user(**kwargs)
if user:
return user
return None
This diff is collapsed.
{
"entries": [
{
"attributes": {
"dSCorePropagationData": [
"1601-01-01 00:00:00+00:00"
],
"distinguishedName": "OU=customers,DC=mock,DC=beryju,DC=org",
"instanceType": 4,
"name": "customers_dev",
"objectCategory": "CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=mock,DC=beryju,DC=org",
"objectClass": [
"top",
"organizationalUnit"
],
"objectGUID": "976832bb-f359-4ebc-b7c4-cb6c2ac171cb",
"ou": [
"customers_dev"
],
"uSNChanged": 139575,
"uSNCreated": 139575,
"whenChanged": "2016-12-26 17:08:44+00:00",
"whenCreated": "2016-12-26 17:08:20+00:00"
},
"dn": "OU=customers,DC=mock,DC=beryju,DC=org",
"raw": {
"dSCorePropagationData": [
"16010101000000.0Z"
],
"distinguishedName": [
"OU=customers,DC=mock,DC=beryju,DC=org"
],
"instanceType": [
"4"
],
"name": [
"customers_dev"
],
"objectCategory": [
"CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=mock,DC=beryju,DC=org"
],
"objectClass": [
"top",
"organizationalUnit"
],
"objectGUID": [
{
"encoded": "uzJol1nzvE63xMtsKsFxyw==",
"encoding": "base64"
}
],
"ou": [
"customers_dev"
],
"uSNChanged": [
"139575"
],
"uSNCreated": [
"139575"
],
"whenChanged": [
"20161226170844.0Z"
],
"whenCreated": [
"20161226170820.0Z"
]
}
},
{
"attributes": {
"accountExpires": "9999-12-31 23:59:59.999999",
"cn": "mockadm",
"codePage": 0,
"countryCode": 0,
"dSCorePropagationData": [
"1601-01-01 00:00:00+00:00"
],
"description": [
"t=1484309644.2392948"
],
"displayName": "mockadm",
"distinguishedName": "CN=mockadm,OU=customers,DC=mock,DC=beryju,DC=org",
"givenName": "admin@admin.admin",
"instanceType": 4,
"mail": "mockadm@mock.beryju.org",
"name": "mockadm",
"objectCategory": "CN=Person,CN=Schema,CN=Configuration,DC=mock,DC=beryju,DC=org",
"objectClass": [
"top",
"person",
"organizationalPerson",
"user"
],
"objectGUID": "d28cd23f-a3bc-40a3-93e4-f47b344197c1",
"objectSid": "S-1-5-21-3376105463-1408393234-2945003003-2175",
"primaryGroupID": 513,
"pwdLastSet": "2017-01-13 12:14:04.251018+00:00",
"sAMAccountName": "mockadm",
"sAMAccountType": 805306368,
"uSNChanged": 179076,
"uSNCreated": 179076,
"userAccountControl": 66050,
"userPrincipalName": "mockadm@mock.beryju.org",
"whenChanged": "2017-01-13 12:27:52+00:00",
"whenCreated": "2017-01-13 12:14:04+00:00",
"userPassword": "b3ryju0rg!"
},
"dn": "CN=mockadm,OU=customers,DC=mock,DC=beryju,DC=org",
"raw": {
"accountExpires": [
"9223372036854775807"
],
"cn": [
"mockadm"
],
"codePage": [
"0"
],
"countryCode": [
"0"
],
"dSCorePropagationData": [
"16010101000000.0Z"
],
"description": [
"t=1484309644.2392948"
],
"displayName": [
"mockadm"
],
"distinguishedName": [
"CN=mockadm,OU=customers,DC=mock,DC=beryju,DC=org"
],
"givenName": [
"admin@admin.admin"
],
"instanceType": [
"4"
],
"mail": [
"admin@admin.admin"
],
"name": [
"mockadm"
],
"objectCategory": [
"CN=Person,CN=Schema,CN=Configuration,DC=mock,DC=beryju,DC=org"
],
"objectClass": [
"top",
"person",
"organizationalPerson",
"user"
],
"objectGUID": [
{
"encoded": "P9KM0ryjo0CT5PR7NEGXwQ==",
"encoding": "base64"
}
],
"objectSid": [
{
"encoded": "AQUAAAAAAAUVAAAA90c7yRJg8lP7LYmvfwgAAA==",
"encoding": "base64"
}
],
"primaryGroupID": [
"513"
],
"sAMAccountName": [
"mockadm"
],
"sAMAccountType": [
"805306368"
],
"uSNChanged": [
"179076"
],
"uSNCreated": [
"179076"
],
"userAccountControl": [
"66050"
],
"userPrincipalName": [
"mockadm@mock.beryju.org"
],
"whenChanged": [
"20170113122752.0Z"
],
"whenCreated": [
"20170113121404.0Z"
],
"userPassword": [
"b3ryju0rg!"
]
}
}
]
}
\ No newline at end of file
"""passbook ldap settings"""
import os
from django.test import TestCase
from passbook.core.models import User
# from supervisr.mod.auth.ldap.forms import GeneralSettingsForm
from passbook.ldap.ldap_connector import LDAPConnector
class TestAccountLDAP(TestCase):
"""passbook ldap settings"""
def setUp(self):
os.environ['RECAPTCHA_TESTING'] = 'True'
# FIXME: Loading mock settings from different config file
# Setting.set('domain', 'mock.beryju.org')
# Setting.set('base', 'OU=customers,DC=mock,DC=beryju,DC=org')
# Setting.set('server', 'dc1.mock.beryju.org')
# Setting.set('server:tls', False)
# Setting.set('mode', GeneralSettingsForm.MODE_CREATE_USERS)
# Setting.set('bind:user', 'CN=mockadm,OU=customers,DC=mock,DC=beryju,DC=org')
# Setting.set('bind:password', 'b3ryju0rg!')
self.ldap = LDAPConnector(mock=True)
self.password = 'b3ryju0rg!'
self.user = User.objects.create_user(
username='test@test.test',
email='test@test.test',
first_name='Test user')
self.user.save()
self.user.is_active = False
self.user.set_password(self.password)
self.user.save()
self.assertTrue(self.ldap.create_ldap_user(self.user, self.password))
def test_change_password(self):
"""Test ldap change_password"""
self.assertTrue(self.ldap.change_password('b4ryju1rg!', mail=self.user.email))
self.assertTrue(self.ldap.change_password('b3ryju0rg!', mail=self.user.email))
def test_disable_enable(self):
"""Test ldap enable and disable"""
self.assertTrue(self.ldap.disable_user(mail=self.user.email))
self.assertTrue(self.ldap.enable_user(mail=self.user.email))
def test_email_used(self):
"""Test ldap is_email_used"""
self.assertTrue(self.ldap.is_email_used(self.user.email))
def test_auth(self):
"""Test ldap auth"""
# self.assertTrue(self.ldap.auth_user(self.password, mail=self.user.email))
......@@ -61,30 +61,36 @@ passbook:
remember_age: 2592000 # 60 * 60 * 24 * 30, one month
# Provider-specific settings
ldap:
# Completely enable or disable LDAP provider
enabled: false
# AD Domain, used to generate `userPrincipalName`
domain: corp.contoso.com
# Base DN in which passbook should look for users
base_dn: dn=corp,dn=contoso,dn=com
# LDAP field which is used to set the django username
username_field: sAMAccountName
# LDAP server to connect to, can be set to `<domain_name>`
server:
name: corp.contoso.com
use_tls: false
# Bind credentials, used for account creation
bind:
username: Administraotr@corp.contoso.com
password: VerySecurePassword!
# # Completely enable or disable LDAP provider
# enabled: false
# # AD Domain, used to generate `userPrincipalName`
# domain: corp.contoso.com
# # Base DN in which passbook should look for users
# base_dn: dn=corp,dn=contoso,dn=com
# # LDAP field which is used to set the django username
# username_field: sAMAccountName
# # LDAP server to connect to, can be set to `<domain_name>`
# server:
# name: corp.contoso.com
# use_tls: false
# # Bind credentials, used for account creation
# bind:
# username: Administraotr@corp.contoso.com
# password: VerySecurePassword!
# Which field from `uid_fields` maps to which LDAP Attribute
login_field_map:
username: sAMAccountName
email: mail # or userPrincipalName
# Create new users in LDAP upon sign-up
create_users: true
# Reset LDAP password when user reset their password
reset_password: true
user_attribute_map:
active_directory:
sAMAccountName: username
mail: email
given_name: first_name
name: last_name
# # Create new users in LDAP upon sign-up
# create_users: true
# # Reset LDAP password when user reset their password
# reset_password: true
oauth_client:
# List of python packages with sources types to load.
types:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment