enable ldap user resolution and display shortnames

App can now display short name of ldap user and also does user lookups in directory using bind credential.
author: B. Stack <bgstack15@gmail.com> 2021-06-25 08:09:34 -0400
committer: B. Stack <bgstack15@gmail.com> 2021-06-25 09:41:07 -0400
commit: fcda4ab8f6d0236c1fbd45c7c6968a2519cc1154 (patch)
tree: a7af112e609e0086418988db83ff91e2919ed84e /session_ldap.py
parent: WIP: convert ldap to use bind credential (diff)
download: session_app-fcda4ab8f6d0236c1fbd45c7c6968a2519cc1154.tar.gz
session_app-fcda4ab8f6d0236c1fbd45c7c6968a2519cc1154.tar.bz2
session_app-fcda4ab8f6d0236c1fbd45c7c6968a2519cc1154.zip
1 files changed, 41 insertions, 3 deletions
diff --git a/session_ldap.py b/session_ldap.py
index 423f322..1b2dc12 100644
--- a/session_ldap.py
+++ b/session_ldap.py
@@ -93,6 +93,44 @@ def get_ldap_user_groups(server_uri, bind_dn, bind_pw,user_dn,user_attrib_member
             result.append(this_group)
    return result
 
-def get_ldap_dn_from_krbPrincipalName(server_uri, bind_dn, bind_pw,user_krbPrincipalName):
-   # goal: return as string the dn
-   print("stub")
+def get_ldap_attrib_from_krbPrincipalName(server_uri = None, bind_dn = "", bind_pw = "", connection = None, search_base = "", user_attrib = "uid", user_krbPrincipalName = "", krbPrincipalName_attrib = "krbPrincipalName"):
+   if connection and isinstance(connection, ldap3.core.connection.Connection):
+      conn = connection
+   else:
+      server = ldap3.Server(server_uri)
+      conn = ldap3.Connection(server, auto_bind=True,user=bind_dn, password=bind_pw)
+   conn.search(
+      search_base=search_base,
+      search_scope="SUBTREE",
+      search_filter=f"({krbPrincipalName_attrib}={user_krbPrincipalName})",
+      attributes=[user_attrib]
+   )
+   entry = conn.entries[0]
+   if user_attrib == "dn":
+      return entry.entry_dn
+   else:
+      return entry.entry_attributes_as_dict[entry.entry_attributes[0]][0]
+
+def get_ldap_username_attrib_from_dn(server_uri = None, bind_dn = "", bind_pw = "", authenticated_user = None, user_match_attrib = "dn", user_dn = None):
+   # Needs (server_uri, bind_dn, bind_pw, user_dn) or (authenticated_user)
+   if authenticated_user and isinstance(authenticated_user, ldap3.core.connection.Connection):
+      conn = authenticated_user
+      search_base=authenticated_user.extend.standard.who_am_i().replace("dn: ","")
+   else:
+      # then we have to use a new connection
+      server = ldap3.Server(server_uri)
+      conn = ldap3.Connection(server, auto_bind=True,user=bind_dn, password=bind_pw)
+      search_base=user_dn,
+   # so now conn is the connection regardless of how we got there, and search_base
+   #print(f"DEBUG: search_base {search_base} attributes {user_match_attrib}")
+   conn.search(
+      search_base=search_base,
+      search_scope="BASE",
+      search_filter="(cn=*)",
+      attributes=[user_match_attrib]
+   )
+   entry = conn.entries[0]
+   if user_match_attrib == "dn":
+      return entry.entry_dn
+   else:
+      return entry.entry_attributes_as_dict[entry.entry_attributes[0]][0]
author	B. Stack <bgstack15@gmail.com>	2021-06-25 08:09:34 -0400
committer	B. Stack <bgstack15@gmail.com>	2021-06-25 09:41:07 -0400
commit	fcda4ab8f6d0236c1fbd45c7c6968a2519cc1154 (patch)
tree	a7af112e609e0086418988db83ff91e2919ed84e /session_ldap.py
parent	WIP: convert ldap to use bind credential (diff)
download	session_app-fcda4ab8f6d0236c1fbd45c7c6968a2519cc1154.tar.gz session_app-fcda4ab8f6d0236c1fbd45c7c6968a2519cc1154.tar.bz2 session_app-fcda4ab8f6d0236c1fbd45c7c6968a2519cc1154.zip