diff options
author | Dominik George <nik@naturalnet.de> | 2014-08-04 23:20:33 +0400 |
---|---|---|
committer | Dominik George <nik@naturalnet.de> | 2014-08-04 23:20:33 +0400 |
commit | b90fc0b2b2c42c021f8bfc58cd0e548e7f95f31f (patch) | |
tree | 50686396d42a384b3085682f3700772ec56401df | |
parent | fb4f211f8edbef447f81f523e8c929ccf3e18c79 (diff) |
Implement getInfo, optionally enabled through config
-rw-r--r-- | Authenticators/LDAP/LDAPauth.ini | 3 | ||||
-rw-r--r-- | Authenticators/LDAP/LDAPauth.py | 41 |
2 files changed, 40 insertions, 4 deletions
diff --git a/Authenticators/LDAP/LDAPauth.ini b/Authenticators/LDAP/LDAPauth.ini index efc6cdf..cd0ddf6 100644 --- a/Authenticators/LDAP/LDAPauth.ini +++ b/Authenticators/LDAP/LDAPauth.ini @@ -29,6 +29,9 @@ number_attr = roomNumber display_attr = displayName group_cn = cn=mumble,ou=Groups,dc=example,dc=com group_attr = uniqueMember +; Uncomment and set below to provide more info from LDAP +; provide_info = true +; mail_attr = mail ;Murmur configuration [murmur] diff --git a/Authenticators/LDAP/LDAPauth.py b/Authenticators/LDAP/LDAPauth.py index dda9810..2be0166 100644 --- a/Authenticators/LDAP/LDAPauth.py +++ b/Authenticators/LDAP/LDAPauth.py @@ -141,7 +141,9 @@ default = { 'ldap':(('ldap_uri', str, 'ldap://127.0.0.1'), ('number_attr', str, 'RoomNumber'), ('display_attr', str, 'displayName'), ('group_cn', str, 'ou=Groups,dc=example,dc=org'), - ('group_attr', str, 'member')), + ('group_attr', str, 'member'), + ('provide_info', x2bool, False), + ('mail_attr', str, 'mail')), 'user':(('id_offset', int, 1000000000), ('reject_on_error', x2bool, True), @@ -537,9 +539,40 @@ def do_main_program(): Gets called to fetch user specific information """ - # We do not expose any additional information so always fall through - debug('getInfo for %d -> denied', id) - return (False, None) + if not cfg.ldap.provide_info: + # We do not expose any additional information so always fall through + debug('getInfo for %d -> denied', id) + return (False, None) + + ldap_conn = ldap.initialize(cfg.ldap.ldap_uri, 0) + + # Bind if configured, else do explicit anonymous bind + if cfg.ldap.bind_dn and cfg.ldap.bind_pass: + ldap_conn.simple_bind_s(cfg.ldap.bind_dn, cfg.ldap.bind_pass) + else: + ldap_conn.simple_bind_s() + + name = self.idToName(id) + + res = ldap_conn.search_s(cfg.ldap.users_dn, + ldap.SCOPE_SUBTREE, + '(%s=%s)' % (cfg.ldap.display_attr, name), + [cfg.ldap.display_attr, + cfg.ldap.mail_attr + ]) + + #If user found, return info + if len(res) == 1: + info = {} + + if cfg.ldap.mail_attr in res[0][1]: + info['UserEmail'] = res[0][1][cfg.ldap.mail_attr][0] + + debug('nameToId %s -> %s', name, repr(info)) + else: + debug('nameToId %s -> ?', name) + return (False, None) + @fortifyIceFu(-2) |