|
|
|---|
| 36 |
import traceback |
36 |
import traceback |
| 37 |
|
37 |
|
| 38 |
import ldap |
38 |
import ldap |
| 39 |
from ldap.filter import escape_filter_chars |
39 |
from ldap.filter import filter_format |
| 40 |
|
40 |
|
| 41 |
import notifier |
41 |
import notifier |
| 42 |
import notifier.signals as signals |
42 |
import notifier.signals as signals |
| 43 |
import notifier.threads as threads |
43 |
import notifier.threads as threads |
| 44 |
|
44 |
|
| 45 |
from univention.uldap import getMachineConnection |
|
|
| 46 |
from univention.management.console.log import AUTH |
45 |
from univention.management.console.log import AUTH |
|
|
46 |
from univention.management.console.ldap import get_machine_connection |
| 47 |
from univention.management.console.pam import PamAuth, AuthenticationError, AuthenticationFailed, AuthenticationInformationMissing, PasswordExpired, AccountExpired, PasswordChangeFailed |
47 |
from univention.management.console.pam import PamAuth, AuthenticationError, AuthenticationFailed, AuthenticationInformationMissing, PasswordExpired, AccountExpired, PasswordChangeFailed |
| 48 |
|
48 |
|
| 49 |
|
49 |
|
|
Lines 127-140
def __authenticate_thread(self, username, password, new_password, **custom_promp
|
Link Here
|
|---|
|
|---|
| 127 |
|
127 |
|
| 128 |
def __canonicalize_username(self, username): |
128 |
def __canonicalize_username(self, username): |
| 129 |
try: |
129 |
try: |
| 130 |
lo = getMachineConnection() |
130 |
lo, po = get_machine_connection(write=False) |
| 131 |
attr = 'mailPrimaryAddress' if '@' in username else 'uid' |
131 |
attr = 'mailPrimaryAddress' if '@' in username else 'uid' |
| 132 |
result = lo.search('%s=%s' % (attr, escape_filter_chars(username)), attr=['uid'], unique=True) |
132 |
result = lo.search(filter_format('(&(%s=%s)(objectClass=person))', (attr, username)), attr=['uid'], unique=True) |
| 133 |
if result and result[0][1].get('uid'): |
133 |
if result and result[0][1].get('uid'): |
| 134 |
username = result[0][1]['uid'][0] |
134 |
username = result[0][1]['uid'][0] |
| 135 |
AUTH.info('Canonicalized username; %r' % (username,)) |
135 |
AUTH.info('Canonicalized username: %r' % (username,)) |
| 136 |
lo.lo.unbind() |
136 |
except (ldap.LDAPError, IOError, AttributeError) as exc: |
| 137 |
except (ldap.LDAPError, IOError) as exc: |
|
|
| 138 |
# /etc/machine.secret missing or LDAP server not reachable |
137 |
# /etc/machine.secret missing or LDAP server not reachable |
| 139 |
AUTH.warn('Canonicalization of username was not possible: %s' % (exc,)) |
138 |
AUTH.warn('Canonicalization of username was not possible: %s' % (exc,)) |
| 140 |
except: |
139 |
except: |