now store user groups in session, for display

author: B. Stack <bgstack15@gmail.com> 2021-06-25 11:16:43 -0400
committer: B. Stack <bgstack15@gmail.com> 2021-06-25 11:18:19 -0400
commit: 8c6a9cbcf966c8d6d38f65cd3dc8095543ad9270 (patch)
tree: 16b5a08975939ef3abfd4aaf67b8dd85f9251183 /session_ldap.py
parent: enable ldap user resolution and display shortnames (diff)
download: session_app-8c6a9cbcf966c8d6d38f65cd3dc8095543ad9270.tar.gz
session_app-8c6a9cbcf966c8d6d38f65cd3dc8095543ad9270.tar.bz2
session_app-8c6a9cbcf966c8d6d38f65cd3dc8095543ad9270.zip
1 files changed, 23 insertions, 13 deletions
diff --git a/session_ldap.py b/session_ldap.py
index 1b2dc12..b60bc8b 100644
--- a/session_ldap.py
+++ b/session_ldap.py
@@ -8,13 +8,22 @@
 import ldap3
 from ldap3.core.exceptions import LDAPBindError, LDAPPasswordIsMandatoryError
 
-def list_matching_users(server_uri, bind_dn, bind_pw,user_base, username, user_match_attrib):
-   search_filter=f"({user_match_attrib}={username})"
+def get_ldap_connection(server_uri, bind_dn, bind_pw):
    server = ldap3.Server(server_uri)
    conn = ldap3.Connection(server, auto_bind=True,user=bind_dn, password=bind_pw)
+   return conn
+
+def list_matching_users(server_uri= "", bind_dn = "", bind_pw = "", connection = None, user_base = "", username = "", user_match_attrib = ""):
+   search_filter=f"({user_match_attrib}={username})"
+   if connection and isinstance(connection, ldap3.core.connection.Connection):
+      conn = connection
+   else:
+      conn = get_ldap_connection(server_uri, bind_dn, bind_pw)
    conn.search(
       search_base=user_base,
-      search_filter=search_filter)
+      search_filter=search_filter,
+      search_scope="SUBTREE"
+   )
    print(f"DEBUG: search_base {user_base}")
    print(f"DEBUG: search_filter {search_filter}")
    result = []
@@ -27,8 +36,7 @@ def authenticated_user(server_uri, user_dn, password):
    print(f"server_uri: {server_uri}")
    print(f"user_dn: {user_dn}")
    try:
-      server = ldap3.Server(server_uri)
-      conn = ldap3.Connection(server, auto_bind=True, user=user_dn, password=password)
+      conn = get_ldap_connection(server_uri, user_dn, password)
       return conn
    except LDAPBindError as e:
       if 'invalidCredentials' in str(e):
@@ -61,9 +69,12 @@ def list_ldap_servers_for_domain(domain):
       namelist.append(domain)
    return namelist
 
-def get_ldap_user_groups(server_uri, bind_dn, bind_pw,user_dn,user_attrib_memberof,group_name_attrib,group_base):
-   server = ldap3.Server(server_uri)
-   conn = ldap3.Connection(server, auto_bind=True,user=bind_dn, password=bind_pw)
+def get_ldap_user_groups(server_uri = "", bind_dn = "", bind_pw = "", connection = None, user_dn = "", user_attrib_memberof = "memberof", group_name_attrib = "uid", group_base = ""):
+   if connection and isinstance(connection, ldap3.core.connection.Connection):
+      conn = connection
+   else:
+      conn = get_ldap_connection(server_uri, bind_dn, bind_pw)
+   # so now we have a connection
    conn.search(
       search_base=user_dn,
       search_filter="(cn=*)", # this has the potential to not work in a directory where CN is not a part of any dn?
@@ -97,8 +108,7 @@ def get_ldap_attrib_from_krbPrincipalName(server_uri = None, bind_dn = "", bind_
    if connection and isinstance(connection, ldap3.core.connection.Connection):
       conn = connection
    else:
-      server = ldap3.Server(server_uri)
-      conn = ldap3.Connection(server, auto_bind=True,user=bind_dn, password=bind_pw)
+      conn = get_ldap_connection(server_uri, bind_dn, bind_pw)
    conn.search(
       search_base=search_base,
       search_scope="SUBTREE",
@@ -111,15 +121,15 @@ def get_ldap_attrib_from_krbPrincipalName(server_uri = None, bind_dn = "", bind_
    else:
       return entry.entry_attributes_as_dict[entry.entry_attributes[0]][0]
 
-def get_ldap_username_attrib_from_dn(server_uri = None, bind_dn = "", bind_pw = "", authenticated_user = None, user_match_attrib = "dn", user_dn = None):
+def get_ldap_username_attrib_from_dn(server_uri = None, bind_dn = "", bind_pw = "", authenticated_user = None, user_match_attrib = "dn", user_dn = ""):
    # Needs (server_uri, bind_dn, bind_pw, user_dn) or (authenticated_user)
    if authenticated_user and isinstance(authenticated_user, ldap3.core.connection.Connection):
       conn = authenticated_user
       search_base=authenticated_user.extend.standard.who_am_i().replace("dn: ","")
    else:
       # then we have to use a new connection
-      server = ldap3.Server(server_uri)
-      conn = ldap3.Connection(server, auto_bind=True,user=bind_dn, password=bind_pw)
+      conn = get_ldap_connection(server_uri, bind_dn, bind_pw)
+   if user_dn:
       search_base=user_dn,
    # so now conn is the connection regardless of how we got there, and search_base
    #print(f"DEBUG: search_base {search_base} attributes {user_match_attrib}")
author	B. Stack <bgstack15@gmail.com>	2021-06-25 11:16:43 -0400
committer	B. Stack <bgstack15@gmail.com>	2021-06-25 11:18:19 -0400
commit	8c6a9cbcf966c8d6d38f65cd3dc8095543ad9270 (patch)
tree	16b5a08975939ef3abfd4aaf67b8dd85f9251183 /session_ldap.py
parent	enable ldap user resolution and display shortnames (diff)
download	session_app-8c6a9cbcf966c8d6d38f65cd3dc8095543ad9270.tar.gz session_app-8c6a9cbcf966c8d6d38f65cd3dc8095543ad9270.tar.bz2 session_app-8c6a9cbcf966c8d6d38f65cd3dc8095543ad9270.zip