--- a/management/univention-directory-manager-modules/modules/univention/admin/uldap.py +++ a/management/univention-directory-manager-modules/modules/univention/admin/uldap.py @@ -251,6 +251,8 @@ def __init__(self, host='localhost', port=None, base='', binddn='', bindpw='', s self.licensetypes = ['UCS'] def bind(self, binddn, bindpw): + self.binddn = binddn + self.bindpw = bindpw try: self.lo.bind(binddn, bindpw) except ldap.INVALID_CREDENTIALS: --- a/management/univention-management-console/src/univention/management/console/base.py +++ a/management/univention-management-console/src/univention/management/console/base.py @@ -112,6 +112,7 @@ def query(self, request): import ldap import ldap.sasl import sys +import re from univention.lib.i18n import Translation @@ -345,8 +346,13 @@ def bind_user_connection(self, lo): ldap.sasl.CB_PASS: self._password }, 'SAML') lo.lo.lo.sasl_interactive_bind_s('', saml) + binddn = re.sub('^dn:', '', lo.lo.lo.whoami_s()) + lo.binddn = binddn + lo.lo.binddn = binddn else: lo.lo.bind(self._user_dn, self._password) + lo.binddn = lo.lo.binddn + lo.bindpw = lo.lo.bindpw def require_password(self): if self.auth_type is not None: --- a/ucs-school-lib/python/models/school.py +++ a/ucs-school-lib/python/models/school.py @@ -407,7 +407,7 @@ class School(UCSSchoolHelperAbstractClass): schools.append(cls.from_dn(cls(name=ou).dn, lo)) except noObject: pass - return cls._filter_local_schools(schools) + return cls._filter_local_schools(schools, lo) if 'ou=' in lo.binddn: # user has no ucsschoolSchool attribute (not migrated yet) @@ -418,7 +418,7 @@ class School(UCSSchoolHelperAbstractClass): logger.debug('Schools from binddn: Found an OU in the LDAP binddn. Restricting schools to only show %s', school_dn) school = cls.from_dn(school_dn, None, lo) logger.debug('Schools from binddn: Found school: %r', school) - return cls._filter_local_schools([school]) + return cls._filter_local_schools([school], lo) logger.warning('Schools from binddn: Unable to identify OU of this account - showing all local OUs!') return School.get_all(lo) --- a/ucs-school-lib/python/schoolldap.py +++ a/ucs-school-lib/python/schoolldap.py @@ -361,6 +361,8 @@ class SchoolBaseModule(Base): user_dn = None MODULE.warn('Cannot read /etc/machine.secret: %s' % (exc,)) lo.lo.bind(user_dn, password) + lo.binddn = user_dn + lo.binpw = password return return super(SchoolBaseModule, self).bind_user_connection(lo)