From fcda4ab8f6d0236c1fbd45c7c6968a2519cc1154 Mon Sep 17 00:00:00 2001 From: "B. Stack" Date: Fri, 25 Jun 2021 08:09:34 -0400 Subject: enable ldap user resolution and display shortnames App can now display short name of ldap user and also does user lookups in directory using bind credential. --- session_ldap.py | 44 +++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 41 insertions(+), 3 deletions(-) (limited to 'session_ldap.py') diff --git a/session_ldap.py b/session_ldap.py index 423f322..1b2dc12 100644 --- a/session_ldap.py +++ b/session_ldap.py @@ -93,6 +93,44 @@ def get_ldap_user_groups(server_uri, bind_dn, bind_pw,user_dn,user_attrib_member result.append(this_group) return result -def get_ldap_dn_from_krbPrincipalName(server_uri, bind_dn, bind_pw,user_krbPrincipalName): - # goal: return as string the dn - print("stub") +def get_ldap_attrib_from_krbPrincipalName(server_uri = None, bind_dn = "", bind_pw = "", connection = None, search_base = "", user_attrib = "uid", user_krbPrincipalName = "", krbPrincipalName_attrib = "krbPrincipalName"): + if connection and isinstance(connection, ldap3.core.connection.Connection): + conn = connection + else: + server = ldap3.Server(server_uri) + conn = ldap3.Connection(server, auto_bind=True,user=bind_dn, password=bind_pw) + conn.search( + search_base=search_base, + search_scope="SUBTREE", + search_filter=f"({krbPrincipalName_attrib}={user_krbPrincipalName})", + attributes=[user_attrib] + ) + entry = conn.entries[0] + if user_attrib == "dn": + return entry.entry_dn + else: + return entry.entry_attributes_as_dict[entry.entry_attributes[0]][0] + +def get_ldap_username_attrib_from_dn(server_uri = None, bind_dn = "", bind_pw = "", authenticated_user = None, user_match_attrib = "dn", user_dn = None): + # Needs (server_uri, bind_dn, bind_pw, user_dn) or (authenticated_user) + if authenticated_user and isinstance(authenticated_user, ldap3.core.connection.Connection): + conn = authenticated_user + search_base=authenticated_user.extend.standard.who_am_i().replace("dn: ","") + else: + # then we have to use a new connection + server = ldap3.Server(server_uri) + conn = ldap3.Connection(server, auto_bind=True,user=bind_dn, password=bind_pw) + search_base=user_dn, + # so now conn is the connection regardless of how we got there, and search_base + #print(f"DEBUG: search_base {search_base} attributes {user_match_attrib}") + conn.search( + search_base=search_base, + search_scope="BASE", + search_filter="(cn=*)", + attributes=[user_match_attrib] + ) + entry = conn.entries[0] + if user_match_attrib == "dn": + return entry.entry_dn + else: + return entry.entry_attributes_as_dict[entry.entry_attributes[0]][0] -- cgit