diff options
author | Jan Klass <kissaki@posteo.de> | 2019-09-01 13:00:37 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-09-01 13:00:37 +0300 |
commit | f3e410a2d3fb398c8b0578615d3bf0815efacbad (patch) | |
tree | 191825605781241acb95f2e85377d9ff3f6d9b8c | |
parent | 5886ca6ccaf5d201514d020554e4a4abbeda8119 (diff) | |
parent | 5aad4c1f4c966a3bd8a36895a7d2a2862f8c1c40 (diff) |
Merge PR #17: LdapAuth: Fix setting name
Rename misleading and wrong group_cn option to group_dn
CN (commonName) is a single qualifier (as can be seen in the example value).
DN (distinguished name) is the full path.
-rw-r--r-- | Authenticators/LDAP/LDAPauth.ini | 2 | ||||
-rw-r--r-- | Authenticators/LDAP/LDAPauth.py | 6 |
2 files changed, 4 insertions, 4 deletions
diff --git a/Authenticators/LDAP/LDAPauth.ini b/Authenticators/LDAP/LDAPauth.ini index a0b22f5..05f8c7b 100644 --- a/Authenticators/LDAP/LDAPauth.ini +++ b/Authenticators/LDAP/LDAPauth.ini @@ -27,7 +27,7 @@ discover_dn = false username_attr = uid number_attr = roomNumber display_attr = displayName -group_cn = cn=mumble,ou=Groups,dc=example,dc=com +group_dn = cn=mumble,ou=Groups,dc=example,dc=com group_attr = uniqueMember ; Uncomment and set below to provide more info from LDAP ; provide_info = True diff --git a/Authenticators/LDAP/LDAPauth.py b/Authenticators/LDAP/LDAPauth.py index 04c62de..0598d03 100644 --- a/Authenticators/LDAP/LDAPauth.py +++ b/Authenticators/LDAP/LDAPauth.py @@ -140,7 +140,7 @@ default = { 'ldap':(('ldap_uri', str, 'ldap://127.0.0.1'), ('username_attr', str, 'uid'), ('number_attr', str, 'RoomNumber'), ('display_attr', str, 'displayName'), - ('group_cn', str, 'ou=Groups,dc=example,dc=org'), + ('group_dn', str, 'ou=Groups,dc=example,dc=org'), ('group_attr', str, 'member'), ('provide_info', x2bool, False), ('mail_attr', str, 'mail'), @@ -519,11 +519,11 @@ def do_main_program(): debug('User match found, display "' + displayName + '" with UID ' + repr(uid)) # Optionally check groups. - if cfg.ldap.group_cn != "" : + if cfg.ldap.group_dn != "" : debug('Checking group membership for ' + name) #Search for user in group - res = ldap_conn.search_s(cfg.ldap.group_cn, ldap.SCOPE_SUBTREE, '(%s=%s)' % (cfg.ldap.group_attr, user_dn), [cfg.ldap.number_attr, cfg.ldap.display_attr]) + res = ldap_conn.search_s(cfg.ldap.group_dn, ldap.SCOPE_SUBTREE, '(%s=%s)' % (cfg.ldap.group_attr, user_dn), [cfg.ldap.number_attr, cfg.ldap.display_attr]) # Check if the user is a member of the group if len(res) < 1: |