summaryrefslogtreecommitdiff
path: root/session_ldap.py
diff options
context:
space:
mode:
Diffstat (limited to 'session_ldap.py')
-rw-r--r--session_ldap.py44
1 files changed, 41 insertions, 3 deletions
diff --git a/session_ldap.py b/session_ldap.py
index 423f322..1b2dc12 100644
--- a/session_ldap.py
+++ b/session_ldap.py
@@ -93,6 +93,44 @@ def get_ldap_user_groups(server_uri, bind_dn, bind_pw,user_dn,user_attrib_member
result.append(this_group)
return result
-def get_ldap_dn_from_krbPrincipalName(server_uri, bind_dn, bind_pw,user_krbPrincipalName):
- # goal: return as string the dn
- print("stub")
+def get_ldap_attrib_from_krbPrincipalName(server_uri = None, bind_dn = "", bind_pw = "", connection = None, search_base = "", user_attrib = "uid", user_krbPrincipalName = "", krbPrincipalName_attrib = "krbPrincipalName"):
+ if connection and isinstance(connection, ldap3.core.connection.Connection):
+ conn = connection
+ else:
+ server = ldap3.Server(server_uri)
+ conn = ldap3.Connection(server, auto_bind=True,user=bind_dn, password=bind_pw)
+ conn.search(
+ search_base=search_base,
+ search_scope="SUBTREE",
+ search_filter=f"({krbPrincipalName_attrib}={user_krbPrincipalName})",
+ attributes=[user_attrib]
+ )
+ entry = conn.entries[0]
+ if user_attrib == "dn":
+ return entry.entry_dn
+ else:
+ return entry.entry_attributes_as_dict[entry.entry_attributes[0]][0]
+
+def get_ldap_username_attrib_from_dn(server_uri = None, bind_dn = "", bind_pw = "", authenticated_user = None, user_match_attrib = "dn", user_dn = None):
+ # Needs (server_uri, bind_dn, bind_pw, user_dn) or (authenticated_user)
+ if authenticated_user and isinstance(authenticated_user, ldap3.core.connection.Connection):
+ conn = authenticated_user
+ search_base=authenticated_user.extend.standard.who_am_i().replace("dn: ","")
+ else:
+ # then we have to use a new connection
+ server = ldap3.Server(server_uri)
+ conn = ldap3.Connection(server, auto_bind=True,user=bind_dn, password=bind_pw)
+ search_base=user_dn,
+ # so now conn is the connection regardless of how we got there, and search_base
+ #print(f"DEBUG: search_base {search_base} attributes {user_match_attrib}")
+ conn.search(
+ search_base=search_base,
+ search_scope="BASE",
+ search_filter="(cn=*)",
+ attributes=[user_match_attrib]
+ )
+ entry = conn.entries[0]
+ if user_match_attrib == "dn":
+ return entry.entry_dn
+ else:
+ return entry.entry_attributes_as_dict[entry.entry_attributes[0]][0]
bgstack15