In particular:
* Properly escape usernames before passing them to LDAP
* Error out if the user can't be found
In theory, neither should be an issue, because this should only get called if
certs are in use, so the username should be sane and present in LDAP.
Thanks to Anders for bringing the first issue to my attention.
+import ldap
+import ldap.filter
from django.contrib.auth.middleware import RemoteUserMiddleware
from django.contrib.auth.backends import RemoteUserBackend
from django.contrib.auth.middleware import RemoteUserMiddleware
from django.contrib.auth.backends import RemoteUserBackend
def configure_user(self, user, ):
username = user.username
user.password = "ScriptsSSLAuth"
def configure_user(self, user, ):
username = user.username
user.password = "ScriptsSSLAuth"
con = ldap.open('ldap.mit.edu')
con.simple_bind_s("", "")
dn = "dc=mit,dc=edu"
fields = ['cn', 'sn', 'givenName', 'mail', ]
con = ldap.open('ldap.mit.edu')
con.simple_bind_s("", "")
dn = "dc=mit,dc=edu"
fields = ['cn', 'sn', 'givenName', 'mail', ]
- result = con.search_s('dc=mit,dc=edu', ldap.SCOPE_SUBTREE, 'uid=%s'%username, fields)
+ userfilter = ldap.filter.filter_format('uid=%s', [username])
+ result = con.search_s('dc=mit,dc=edu', ldap.SCOPE_SUBTREE, userfilter, fields)
if len(result) == 1:
user.first_name = result[0][1]['givenName'][0]
user.last_name = result[0][1]['sn'][0]
if len(result) == 1:
user.first_name = result[0][1]['givenName'][0]
user.last_name = result[0][1]['sn'][0]
user.groups.add(auth.models.Group.objects.get(name='mit'))
except ObjectDoesNotExist:
print "Failed to retrieve mit group"
user.groups.add(auth.models.Group.objects.get(name='mit'))
except ObjectDoesNotExist:
print "Failed to retrieve mit group"
+ else:
+ raise ValueError, ("Could not find user with username '%s' (filter '%s')"%(username, userfilter))
try:
user.groups.add(auth.models.Group.objects.get(name='autocreated'))
except ObjectDoesNotExist:
try:
user.groups.add(auth.models.Group.objects.get(name='autocreated'))
except ObjectDoesNotExist: