Support for ldap3 version 2 or more (changes in the API)

All exception are now in ldap3.core.exceptions, methodes for fetching
attritutes and dn are renamed.
This commit is contained in:
Valentin Samir 2017-03-29 14:31:45 +02:00
parent 443c87fa40
commit 1dba4fea95
2 changed files with 34 additions and 7 deletions

View File

@ -13,6 +13,9 @@ Unreleased
Added
-----
* Dutch translation
* Support for ldap3 version 2 or more (changes in the API)
All exception are now in ldap3.core.exceptions, methodes for fetching attritutes and
dn are renamed.
Fixed
-----

View File

@ -27,6 +27,7 @@ except ImportError:
try: # pragma: no cover
import ldap3
import ldap3.core.exceptions
except ImportError:
ldap3 = None
@ -297,6 +298,16 @@ class LdapAuthUser(DBAuthUser): # pragma: no cover
settings.CAS_LDAP_USER_QUERY % ldap3.utils.conv.escape_bytes(username),
attributes=ldap3.ALL_ATTRIBUTES
) and len(conn.entries) == 1:
# try the new ldap3>=2 API
try:
user = conn.entries[0].entry_attributes_as_dict
# store the user dn
user["dn"] = conn.entries[0].entry_dn
# fallback to ldap3<2 API
except (
ldap3.core.exceptions.LDAPKeyError, # ldap3<1 exception
ldap3.core.exceptions.LDAPAttributeError # ldap3<2 exception
):
user = conn.entries[0].entry_get_attributes_dict()
# store the user dn
user["dn"] = conn.entries[0].entry_get_dn()
@ -308,7 +319,7 @@ class LdapAuthUser(DBAuthUser): # pragma: no cover
else:
super(LdapAuthUser, self).__init__(username)
break
except ldap3.LDAPCommunicationError:
except ldap3.core.exceptions.LDAPCommunicationError:
if retry_nb == 2:
raise
@ -336,6 +347,16 @@ class LdapAuthUser(DBAuthUser): # pragma: no cover
settings.CAS_LDAP_USER_QUERY % ldap3.utils.conv.escape_bytes(self.username),
attributes=ldap3.ALL_ATTRIBUTES
) and len(conn.entries) == 1:
# try the ldap3>=2 API
try:
attributes = conn.entries[0].entry_attributes_as_dict
# store the user dn
attributes["dn"] = conn.entries[0].entry_dn
# fallback to ldap<2 API
except (
ldap3.core.exceptions.LDAPKeyError, # ldap3<1 exception
ldap3.core.exceptions.LDAPAttributeError # ldap3<2 exception
):
attributes = conn.entries[0].entry_get_attributes_dict()
attributes["dn"] = conn.entries[0].entry_get_dn()
# cache the attributes locally as we wont have access to the user password
@ -346,7 +367,10 @@ class LdapAuthUser(DBAuthUser): # pragma: no cover
finally:
conn.unbind()
return True
except (ldap3.LDAPBindError, ldap3.LDAPCommunicationError):
except (
ldap3.core.exceptions.LDAPBindError,
ldap3.core.exceptions.LDAPCommunicationError
):
return False
elif self.user and self.user.get(settings.CAS_LDAP_PASSWORD_ATTR):
return check_password(