Implement getInfo, optionally enabled through config

author: Dominik George <nik@naturalnet.de> 2014-08-04 23:20:33 +0400
committer: Dominik George <nik@naturalnet.de> 2014-08-04 23:20:33 +0400
commit: b90fc0b2b2c42c021f8bfc58cd0e548e7f95f31f (patch)
tree: 50686396d42a384b3085682f3700772ec56401df
parent: fb4f211f8edbef447f81f523e8c929ccf3e18c79 (diff)
2 files changed, 40 insertions, 4 deletions
diff --git a/Authenticators/LDAP/LDAPauth.ini b/Authenticators/LDAP/LDAPauth.ini
index efc6cdf..cd0ddf6 100644
--- a/Authenticators/LDAP/LDAPauth.ini
+++ b/Authenticators/LDAP/LDAPauth.ini
@@ -29,6 +29,9 @@ number_attr = roomNumber
 display_attr = displayName
 group_cn = cn=mumble,ou=Groups,dc=example,dc=com
 group_attr = uniqueMember
+; Uncomment and set below to provide more info from LDAP
+; provide_info = true
+; mail_attr = mail
 
 ;Murmur configuration
 [murmur]
diff --git a/Authenticators/LDAP/LDAPauth.py b/Authenticators/LDAP/LDAPauth.py
index dda9810..2be0166 100644
--- a/Authenticators/LDAP/LDAPauth.py
+++ b/Authenticators/LDAP/LDAPauth.py
@@ -141,7 +141,9 @@ default = { 'ldap':(('ldap_uri', str, 'ldap://127.0.0.1'),
                     ('number_attr', str, 'RoomNumber'),
                     ('display_attr', str, 'displayName'),
                     ('group_cn', str, 'ou=Groups,dc=example,dc=org'),
-                    ('group_attr', str, 'member')),
+                    ('group_attr', str, 'member'),
+                    ('provide_info', x2bool, False),
+                    ('mail_attr', str, 'mail')),
 
             'user':(('id_offset', int, 1000000000),
                     ('reject_on_error', x2bool, True),
@@ -537,9 +539,40 @@ def do_main_program():
             Gets called to fetch user specific information
             """
             
-            # We do not expose any additional information so always fall through
-            debug('getInfo for %d -> denied', id)
-            return (False, None)
+            if not cfg.ldap.provide_info:
+                # We do not expose any additional information so always fall through
+                debug('getInfo for %d -> denied', id)
+                return (False, None)
+
+            ldap_conn = ldap.initialize(cfg.ldap.ldap_uri, 0)
+
+            # Bind if configured, else do explicit anonymous bind
+            if cfg.ldap.bind_dn and cfg.ldap.bind_pass:
+                ldap_conn.simple_bind_s(cfg.ldap.bind_dn, cfg.ldap.bind_pass)
+            else:
+                ldap_conn.simple_bind_s()
+
+            name = self.idToName(id)
+
+            res = ldap_conn.search_s(cfg.ldap.users_dn,
+                                    ldap.SCOPE_SUBTREE,
+                                    '(%s=%s)' % (cfg.ldap.display_attr, name),
+                                    [cfg.ldap.display_attr,
+                                     cfg.ldap.mail_attr    
+                                    ])
+            
+            #If user found, return info
+            if len(res) == 1:
+                info = {}
+
+                if cfg.ldap.mail_attr in res[0][1]:
+                    info['UserEmail'] = res[0][1][cfg.ldap.mail_attr][0]
+
+                debug('nameToId %s -> %s', name, repr(info))
+            else:
+                debug('nameToId %s -> ?', name)
+                return (False, None)
+
 
     
         @fortifyIceFu(-2)
author	Dominik George <nik@naturalnet.de>	2014-08-04 23:20:33 +0400
committer	Dominik George <nik@naturalnet.de>	2014-08-04 23:20:33 +0400
commit	b90fc0b2b2c42c021f8bfc58cd0e548e7f95f31f (patch)
tree	50686396d42a384b3085682f3700772ec56401df
parent	fb4f211f8edbef447f81f523e8c929ccf3e18c79 (diff)