1 files changed, 54 insertions, 6 deletions

diff --git a/session_ldap.py b/session_ldap.py
index d12f008..423f322 100644
--- a/session_ldap.py
+++ b/session_ldap.py
@@ -8,15 +8,27 @@
 import ldap3
 from ldap3.core.exceptions import LDAPBindError, LDAPPasswordIsMandatoryError
 
-def authenticated_user(server_uri, user_format, username, password):
-   user = user_format.replace("%s",username)
+def list_matching_users(server_uri, bind_dn, bind_pw,user_base, username, user_match_attrib):
+   search_filter=f"({user_match_attrib}={username})"
+   server = ldap3.Server(server_uri)
+   conn = ldap3.Connection(server, auto_bind=True,user=bind_dn, password=bind_pw)
+   conn.search(
+      search_base=user_base,
+      search_filter=search_filter)
+   print(f"DEBUG: search_base {user_base}")
+   print(f"DEBUG: search_filter {search_filter}")
+   result = []
+   for i in conn.entries:
+      result.append(i.entry_dn)
+   print(f"DEBUG: result {result}")
+   return result
+
+def authenticated_user(server_uri, user_dn, password):
    print(f"server_uri: {server_uri}")
-   print(f"username: {username}")
-   print(f"user_format: {user_format}")
-   print(f"user: {user}")
+   print(f"user_dn: {user_dn}")
    try:
       server = ldap3.Server(server_uri)
-      conn = ldap3.Connection(server, auto_bind=True, user=user, password=password)
+      conn = ldap3.Connection(server, auto_bind=True, user=user_dn, password=password)
       return conn
    except LDAPBindError as e:
       if 'invalidCredentials' in str(e):
@@ -48,3 +60,39 @@ def list_ldap_servers_for_domain(domain):
    if not len(namelist):
       namelist.append(domain)
    return namelist
+
+def get_ldap_user_groups(server_uri, bind_dn, bind_pw,user_dn,user_attrib_memberof,group_name_attrib,group_base):
+   server = ldap3.Server(server_uri)
+   conn = ldap3.Connection(server, auto_bind=True,user=bind_dn, password=bind_pw)
+   conn.search(
+      search_base=user_dn,
+      search_filter="(cn=*)", # this has the potential to not work in a directory where CN is not a part of any dn?
+      search_scope="BASE",
+      attributes=[user_attrib_memberof]
+   )
+   these_groups = conn.entries[0].entry_attributes_as_dict[user_attrib_memberof]
+   #print(f"DEBUG: these_groups={these_groups}")
+   result = []
+   for group in these_groups:
+      #print(f"DEBUG: will check for value {group_base} in {group}")
+      if group_base in group:
+         if group_name_attrib == "dn":
+            #print(f"DEBUG: just add group via dn {group}")
+            result.append(group)
+         else:
+            # we need to lookup this group and pick the attribute of it the admin wants.
+            #print(f"DEBUG: need to lookup group {group} and extract attrib {group_name_attrib}")
+            conn.search(
+               search_base=group,
+               search_filter="(objectClass=*)",
+               search_scope="BASE",
+               attributes=[group_name_attrib]
+            )
+            this_group=conn.entries[0].entry_attributes_as_dict[group_name_attrib][0]
+            #print(f"DEBUG: Group {group} identified as attrib {group_name_attrib}={this_group}")
+            result.append(this_group)
+   return result
+
+def get_ldap_dn_from_krbPrincipalName(server_uri, bind_dn, bind_pw,user_krbPrincipalName):
+   # goal: return as string the dn
+   print("stub")