|
36 |
import traceback |
36 |
import traceback |
37 |
|
37 |
|
38 |
import ldap |
38 |
import ldap |
39 |
from ldap.filter import escape_filter_chars |
39 |
from ldap.filter import filter_format |
40 |
|
40 |
|
41 |
import notifier |
41 |
import notifier |
42 |
import notifier.signals as signals |
42 |
import notifier.signals as signals |
43 |
import notifier.threads as threads |
43 |
import notifier.threads as threads |
44 |
|
44 |
|
45 |
from univention.uldap import getMachineConnection |
|
|
46 |
from univention.management.console.log import AUTH |
45 |
from univention.management.console.log import AUTH |
|
|
46 |
from univention.management.console.ldap import get_machine_connection |
47 |
from univention.management.console.pam import PamAuth, AuthenticationError, AuthenticationFailed, AuthenticationInformationMissing, PasswordExpired, AccountExpired, PasswordChangeFailed |
47 |
from univention.management.console.pam import PamAuth, AuthenticationError, AuthenticationFailed, AuthenticationInformationMissing, PasswordExpired, AccountExpired, PasswordChangeFailed |
48 |
|
48 |
|
49 |
|
49 |
|
Lines 127-140
def __authenticate_thread(self, username, password, new_password, **custom_promp
|
Link Here
|
---|
|
127 |
|
127 |
|
128 |
def __canonicalize_username(self, username): |
128 |
def __canonicalize_username(self, username): |
129 |
try: |
129 |
try: |
130 |
lo = getMachineConnection() |
130 |
lo, po = get_machine_connection(write=False) |
131 |
attr = 'mailPrimaryAddress' if '@' in username else 'uid' |
131 |
attr = 'mailPrimaryAddress' if '@' in username else 'uid' |
132 |
result = lo.search('%s=%s' % (attr, escape_filter_chars(username)), attr=['uid'], unique=True) |
132 |
result = lo.search(filter_format('(&(%s=%s)(objectClass=person))', (attr, username)), attr=['uid'], unique=True) |
133 |
if result and result[0][1].get('uid'): |
133 |
if result and result[0][1].get('uid'): |
134 |
username = result[0][1]['uid'][0] |
134 |
username = result[0][1]['uid'][0] |
135 |
AUTH.info('Canonicalized username; %r' % (username,)) |
135 |
AUTH.info('Canonicalized username: %r' % (username,)) |
136 |
lo.lo.unbind() |
136 |
except (ldap.LDAPError, IOError, AttributeError) as exc: |
137 |
except (ldap.LDAPError, IOError) as exc: |
|
|
138 |
# /etc/machine.secret missing or LDAP server not reachable |
137 |
# /etc/machine.secret missing or LDAP server not reachable |
139 |
AUTH.warn('Canonicalization of username was not possible: %s' % (exc,)) |
138 |
AUTH.warn('Canonicalization of username was not possible: %s' % (exc,)) |
140 |
except: |
139 |
except: |