NunoSempere/calibre-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'ldap_import/feat/ldap-import-user-identifier' into master

Browse Source 
# Conflicts:
#	cps/admin.py
This commit is contained in:
Ozzieisaacs 2020-12-03 16:01:15 +01:00
commit 56505457eb
4 changed files with 67 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
cps/admin.py
View File

@ -566,6 +566,7 @@ def _configuration_ldap_helper(to_save, gdriveError):
reboot_required |= _config_string(to_save, "config_ldap_user_object") reboot_required |= _config_string(to_save, "config_ldap_user_object")
reboot_required |= _config_string(to_save, "config_ldap_group_object_filter") reboot_required |= _config_string(to_save, "config_ldap_group_object_filter")
reboot_required |= _config_string(to_save, "config_ldap_group_members_field") reboot_required |= _config_string(to_save, "config_ldap_group_members_field")
reboot_required |= _config_string(to_save, "config_ldap_member_user_object")
reboot_required |= _config_checkbox(to_save, "config_ldap_openldap") reboot_required |= _config_checkbox(to_save, "config_ldap_openldap")
reboot_required |= _config_int(to_save, "config_ldap_encryption") reboot_required |= _config_int(to_save, "config_ldap_encryption")
reboot_required |= _config_string(to_save, "config_ldap_cacert_path") reboot_required |= _config_string(to_save, "config_ldap_cacert_path")
@ -608,14 +609,26 @@ def _configuration_ldap_helper(to_save, gdriveError):
gdriveError) gdriveError)
if config.config_ldap_user_object.count("(") != config.config_ldap_user_object.count(")"): if config.config_ldap_user_object.count("(") != config.config_ldap_user_object.count(")"):
return reboot_required, _configuration_result(_('LDAP User Object Filter Has Unmatched Parenthesis'), return reboot_required, _configuration_result(_('LDAP User Object Filter Has Unmatched Parenthesis'),
gdriveError) gdriveError)
if to_save["ldap_import_user_filter"] == '0':
config.config_ldap_member_user_object = ""
else:
if config.config_ldap_member_user_object.count("%s") != 1:
return reboot_required, \
_configuration_result(_('LDAP Member User Filter needs to Have One "%s" Format Identifier'),
gdriveError)
if config.config_ldap_member_user_object.count("(") != config.config_ldap_member_user_object.count(")"):
return reboot_required, _configuration_result(_('LDAP Member User Filter Has Unmatched Parenthesis'),
gdriveError)
if config.config_ldap_cacert_path or config.config_ldap_cert_path or config.config_ldap_key_path: if config.config_ldap_cacert_path or config.config_ldap_cert_path or config.config_ldap_key_path:
if not (os.path.isfile(config.config_ldap_cacert_path) and if not (os.path.isfile(config.config_ldap_cacert_path) and
os.path.isfile(config.config_ldap_cert_path) and os.path.isfile(config.config_ldap_cert_path) and
os.path.isfile(config.config_ldap_key_path)): os.path.isfile(config.config_ldap_key_path)):
return reboot_required, \ return reboot_required, \
_configuration_result(_('LDAP CACertificate, Certificate or Key Location is not Valid, Please Enter Correct Path'), _configuration_result(_('LDAP CACertificate, Certificate or Key Location is not Valid, '
'Please Enter Correct Path'),
gdriveError) gdriveError)
return reboot_required, None return reboot_required, None

1
cps/config_sql.py
View File

@ -113,6 +113,7 @@ class _Settings(_Base):
config_ldap_key_path = Column(String, default="") config_ldap_key_path = Column(String, default="")
config_ldap_dn = Column(String, default='dc=example,dc=org') config_ldap_dn = Column(String, default='dc=example,dc=org')
config_ldap_user_object = Column(String, default='uid=%s') config_ldap_user_object = Column(String, default='uid=%s')
config_ldap_member_user_object = Column(String, default='') #
config_ldap_openldap = Column(Boolean, default=True) config_ldap_openldap = Column(Boolean, default=True)
config_ldap_group_object_filter = Column(String, default='(&(objectclass=posixGroup)(cn=%s))') config_ldap_group_object_filter = Column(String, default='(&(objectclass=posixGroup)(cn=%s))')
config_ldap_group_members_field = Column(String, default='memberUid') config_ldap_group_members_field = Column(String, default='memberUid')

14
cps/templates/config_edit.html
View File

@ -331,6 +331,20 @@
<label for="config_ldap_group_members_field">{{_('LDAP Group Members Field')}}</label> <label for="config_ldap_group_members_field">{{_('LDAP Group Members Field')}}</label>
<input type="text" class="form-control" id="config_ldap_group_members_field" name="config_ldap_group_members_field" value="{% if config.config_ldap_group_members_field != None %}{{ config.config_ldap_group_members_field }}{% endif %}" autocomplete="off"> <input type="text" class="form-control" id="config_ldap_group_members_field" name="config_ldap_group_members_field" value="{% if config.config_ldap_group_members_field != None %}{{ config.config_ldap_group_members_field }}{% endif %}" autocomplete="off">
</div> </div>
<div class="form-group">
<label for="ldap_import_user_filter">{{_('LDAP Authentication')}}</label>
<select name="ldap_import_user_filter" id="ldap_import_user_filter" class="form-control" data-control="ldap_member_user_object">
<option value="0" {% if config.config_ldap_member_user_object == "" %}selected{% endif %}>{{ _('Autodetect') }}</option>
<option value="1" {% if config.config_ldap_member_user_object %}selected{% endif %}>{{ _('Custom Filter') }}</option>
</select>
</div>
<div data-related="ldap_member_user_object-1">
<div class="form-group">
<label for="config_ldap_member_user_object">{{_('LDAP Member User Filter')}}</label>
<input type="text" class="form-control" id="config_ldap_member_user_object" name="config_ldap_member_user_object" value="{% if config.config_ldap_member_user_object != None %}{{ config.config_ldap_member_user_object }}{% endif %}" autocomplete="off">
</div>
</div>
</div> </div>
{% endif %} {% endif %}
{% if feature_support['oauth'] %} {% if feature_support['oauth'] %}

52
cps/web.py
View File

@ -323,31 +323,34 @@ def import_ldap_users():
showtext['text'] = _(u'Error: No user returned in response of LDAP server') showtext['text'] = _(u'Error: No user returned in response of LDAP server')
return json.dumps(showtext) return json.dumps(showtext)
imported = 0
for username in new_users: for username in new_users:
user = username.decode('utf-8') user = username.decode('utf-8')
if '=' in user: if '=' in user:
match = re.search("([a-zA-Z0-9-]+)=%s", config.config_ldap_user_object, re.IGNORECASE | re.UNICODE) # if member object field is empty take user object as filter
if match: try:
match_filter = match.group(1) if config.config_ldap_member_user_object:
match = re.search(match_filter + "=([\d\s\w-]+)", user, re.IGNORECASE | re.UNICODE) user_identifier = extract_user_identifier(user, config.config_ldap_member_user_object)
if match:
user = match.group(1)
else: else:
log.warning("Could Not Parse LDAP User: %s", user) user_identifier = extract_user_identifier(user, config.config_ldap_user_object)
continue
else: except Exception as e:
log.warning("Could Not Parse LDAP User: %s", user) log.warning(e)
continue continue
if ub.session.query(ub.User).filter(ub.User.nickname == user.lower()).first(): else:
log.warning("LDAP User: %s Already in Database", user) user_identifier = user
if ub.session.query(ub.User).filter(ub.User.nickname == user_identifier.lower()).first():
log.warning("LDAP User: %s Already in Database", user_identifier)
continue continue
user_data = services.ldap.get_object_details(user=user, user_data = services.ldap.get_object_details(user=user_identifier,
group=None, group=None,
query_filter=None, query_filter=None,
dn_only=False) dn_only=False)
if user_data: if user_data:
content = ub.User() content = ub.User()
content.nickname = user # user_login_field = extract_dynamic_field_from_filter(user, config.config_ldap_user_object)
content.nickname = user_identifier # user_data[user_login_field][0].decode('utf-8')
content.password = '' # dummy password which will be replaced by ldap one content.password = '' # dummy password which will be replaced by ldap one
if 'mail' in user_data: if 'mail' in user_data:
content.email = user_data['mail'][0].decode('utf-8') content.email = user_data['mail'][0].decode('utf-8')
@ -365,6 +368,7 @@ def import_ldap_users():
ub.session.add(content) ub.session.add(content)
try: try:
ub.session.commit() ub.session.commit()
imported +=1
except Exception as e: except Exception as e:
log.warning("Failed to create LDAP user: %s - %s", user, e) log.warning("Failed to create LDAP user: %s - %s", user, e)
ub.session.rollback() ub.session.rollback()
@ -373,10 +377,28 @@ def import_ldap_users():
log.warning("LDAP User: %s Not Found", user) log.warning("LDAP User: %s Not Found", user)
showtext['text'] = _(u'At Least One LDAP User Not Found in Database') showtext['text'] = _(u'At Least One LDAP User Not Found in Database')
if not showtext: if not showtext:
showtext['text'] = _(u'User Successfully Imported') showtext['text'] = _(u'{} User Successfully Imported'.format(imported))
return json.dumps(showtext) return json.dumps(showtext)
def extract_user_data_from_field(user, field):
match = re.search(field + "=([\d\s\w-]+)", user, re.IGNORECASE | re.UNICODE)
if match:
return match.group(1)
else:
raise Exception("Could Not Parse LDAP User: %s", user)
# CN=Firstname LastName,OU=Laba,OU=...,DC=...,DC=...
# CN=user displayname,OU=ouname1,OU=ouname2,OU=ouname3,DC=domain,DC=domain
def extract_user_identifier(user, filter):
match = re.search("([a-zA-Z0-9-]+)=%s", filter, re.IGNORECASE | re.UNICODE)
if match:
dynamic_field = match.group(1)
else:
raise Exception("Could Not Parse LDAP User: %s", user)
return extract_user_data_from_field(user, dynamic_field)
# ################################### data provider functions ######################################################### # ################################### data provider functions #########################################################