ynerant/django-cas-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Support for ldap3 version 2 or more (changes in the API)

Browse Source 
All exception are now in ldap3.core.exceptions, methodes for fetching
attritutes and dn are renamed.
This commit is contained in:
Valentin Samir 2017-03-29 14:31:45 +02:00
parent 443c87fa40
commit 1dba4fea95
2 changed files with 34 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG.rst
View File

@ -13,6 +13,9 @@ Unreleased
Added Added
----- -----
* Dutch translation * Dutch translation
* Support for ldap3 version 2 or more (changes in the API)
All exception are now in ldap3.core.exceptions, methodes for fetching attritutes and
dn are renamed.
Fixed Fixed
----- -----

28
cas_server/auth.py
View File

@ -27,6 +27,7 @@ except ImportError:
try: # pragma: no cover try: # pragma: no cover
import ldap3 import ldap3
import ldap3.core.exceptions
except ImportError: except ImportError:
ldap3 = None ldap3 = None
@ -297,6 +298,16 @@ class LdapAuthUser(DBAuthUser): # pragma: no cover
settings.CAS_LDAP_USER_QUERY % ldap3.utils.conv.escape_bytes(username), settings.CAS_LDAP_USER_QUERY % ldap3.utils.conv.escape_bytes(username),
attributes=ldap3.ALL_ATTRIBUTES attributes=ldap3.ALL_ATTRIBUTES
) and len(conn.entries) == 1: ) and len(conn.entries) == 1:
# try the new ldap3>=2 API
try:
user = conn.entries[0].entry_attributes_as_dict
# store the user dn
user["dn"] = conn.entries[0].entry_dn
# fallback to ldap3<2 API
except (
ldap3.core.exceptions.LDAPKeyError, # ldap3<1 exception
ldap3.core.exceptions.LDAPAttributeError # ldap3<2 exception
):
user = conn.entries[0].entry_get_attributes_dict() user = conn.entries[0].entry_get_attributes_dict()
# store the user dn # store the user dn
user["dn"] = conn.entries[0].entry_get_dn() user["dn"] = conn.entries[0].entry_get_dn()
@ -308,7 +319,7 @@ class LdapAuthUser(DBAuthUser): # pragma: no cover
else: else:
super(LdapAuthUser, self).__init__(username) super(LdapAuthUser, self).__init__(username)
break break
except ldap3.LDAPCommunicationError: except ldap3.core.exceptions.LDAPCommunicationError:
if retry_nb == 2: if retry_nb == 2:
raise raise
@ -336,6 +347,16 @@ class LdapAuthUser(DBAuthUser): # pragma: no cover
settings.CAS_LDAP_USER_QUERY % ldap3.utils.conv.escape_bytes(self.username), settings.CAS_LDAP_USER_QUERY % ldap3.utils.conv.escape_bytes(self.username),
attributes=ldap3.ALL_ATTRIBUTES attributes=ldap3.ALL_ATTRIBUTES
) and len(conn.entries) == 1: ) and len(conn.entries) == 1:
# try the ldap3>=2 API
try:
attributes = conn.entries[0].entry_attributes_as_dict
# store the user dn
attributes["dn"] = conn.entries[0].entry_dn
# fallback to ldap<2 API
except (
ldap3.core.exceptions.LDAPKeyError, # ldap3<1 exception
ldap3.core.exceptions.LDAPAttributeError # ldap3<2 exception
):
attributes = conn.entries[0].entry_get_attributes_dict() attributes = conn.entries[0].entry_get_attributes_dict()
attributes["dn"] = conn.entries[0].entry_get_dn() attributes["dn"] = conn.entries[0].entry_get_dn()
# cache the attributes locally as we wont have access to the user password # cache the attributes locally as we wont have access to the user password
@ -346,7 +367,10 @@ class LdapAuthUser(DBAuthUser): # pragma: no cover
finally: finally:
conn.unbind() conn.unbind()
return True return True
except (ldap3.LDAPBindError, ldap3.LDAPCommunicationError): except (
ldap3.core.exceptions.LDAPBindError,
ldap3.core.exceptions.LDAPCommunicationError
):
return False return False
elif self.user and self.user.get(settings.CAS_LDAP_PASSWORD_ATTR): elif self.user and self.user.get(settings.CAS_LDAP_PASSWORD_ATTR):
return check_password( return check_password(