Support for ldap3 version 2 or more (changes in the API)

All exception are now in ldap3.core.exceptions, methodes for fetching
attritutes and dn are renamed.
This commit is contained in:
Valentin Samir 2017-03-29 14:31:45 +02:00
parent 443c87fa40
commit 1dba4fea95
2 changed files with 34 additions and 7 deletions

View File

@ -13,6 +13,9 @@ Unreleased
Added Added
----- -----
* Dutch translation * Dutch translation
* Support for ldap3 version 2 or more (changes in the API)
All exception are now in ldap3.core.exceptions, methodes for fetching attritutes and
dn are renamed.
Fixed Fixed
----- -----

View File

@ -27,6 +27,7 @@ except ImportError:
try: # pragma: no cover try: # pragma: no cover
import ldap3 import ldap3
import ldap3.core.exceptions
except ImportError: except ImportError:
ldap3 = None ldap3 = None
@ -297,9 +298,19 @@ class LdapAuthUser(DBAuthUser): # pragma: no cover
settings.CAS_LDAP_USER_QUERY % ldap3.utils.conv.escape_bytes(username), settings.CAS_LDAP_USER_QUERY % ldap3.utils.conv.escape_bytes(username),
attributes=ldap3.ALL_ATTRIBUTES attributes=ldap3.ALL_ATTRIBUTES
) and len(conn.entries) == 1: ) and len(conn.entries) == 1:
user = conn.entries[0].entry_get_attributes_dict() # try the new ldap3>=2 API
# store the user dn try:
user["dn"] = conn.entries[0].entry_get_dn() user = conn.entries[0].entry_attributes_as_dict
# store the user dn
user["dn"] = conn.entries[0].entry_dn
# fallback to ldap3<2 API
except (
ldap3.core.exceptions.LDAPKeyError, # ldap3<1 exception
ldap3.core.exceptions.LDAPAttributeError # ldap3<2 exception
):
user = conn.entries[0].entry_get_attributes_dict()
# store the user dn
user["dn"] = conn.entries[0].entry_get_dn()
if user.get(settings.CAS_LDAP_USERNAME_ATTR): if user.get(settings.CAS_LDAP_USERNAME_ATTR):
self.user = user self.user = user
super(LdapAuthUser, self).__init__(user[settings.CAS_LDAP_USERNAME_ATTR][0]) super(LdapAuthUser, self).__init__(user[settings.CAS_LDAP_USERNAME_ATTR][0])
@ -308,7 +319,7 @@ class LdapAuthUser(DBAuthUser): # pragma: no cover
else: else:
super(LdapAuthUser, self).__init__(username) super(LdapAuthUser, self).__init__(username)
break break
except ldap3.LDAPCommunicationError: except ldap3.core.exceptions.LDAPCommunicationError:
if retry_nb == 2: if retry_nb == 2:
raise raise
@ -336,8 +347,18 @@ class LdapAuthUser(DBAuthUser): # pragma: no cover
settings.CAS_LDAP_USER_QUERY % ldap3.utils.conv.escape_bytes(self.username), settings.CAS_LDAP_USER_QUERY % ldap3.utils.conv.escape_bytes(self.username),
attributes=ldap3.ALL_ATTRIBUTES attributes=ldap3.ALL_ATTRIBUTES
) and len(conn.entries) == 1: ) and len(conn.entries) == 1:
attributes = conn.entries[0].entry_get_attributes_dict() # try the ldap3>=2 API
attributes["dn"] = conn.entries[0].entry_get_dn() try:
attributes = conn.entries[0].entry_attributes_as_dict
# store the user dn
attributes["dn"] = conn.entries[0].entry_dn
# fallback to ldap<2 API
except (
ldap3.core.exceptions.LDAPKeyError, # ldap3<1 exception
ldap3.core.exceptions.LDAPAttributeError # ldap3<2 exception
):
attributes = conn.entries[0].entry_get_attributes_dict()
attributes["dn"] = conn.entries[0].entry_get_dn()
# cache the attributes locally as we wont have access to the user password # cache the attributes locally as we wont have access to the user password
# later. # later.
user = UserAttributes.objects.get_or_create(username=self.username)[0] user = UserAttributes.objects.get_or_create(username=self.username)[0]
@ -346,7 +367,10 @@ class LdapAuthUser(DBAuthUser): # pragma: no cover
finally: finally:
conn.unbind() conn.unbind()
return True return True
except (ldap3.LDAPBindError, ldap3.LDAPCommunicationError): except (
ldap3.core.exceptions.LDAPBindError,
ldap3.core.exceptions.LDAPCommunicationError
):
return False return False
elif self.user and self.user.get(settings.CAS_LDAP_PASSWORD_ATTR): elif self.user and self.user.get(settings.CAS_LDAP_PASSWORD_ATTR):
return check_password( return check_password(