sources/ldap: check for existence of vendor fields before falling back
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> #1521
This commit is contained in:
parent
5da7d9a573
commit
03369e2338
|
@ -16,6 +16,8 @@ class FreeIPA(BaseLDAPSynchronizer):
|
||||||
|
|
||||||
def check_pwd_last_set(self, attributes: dict[str, Any], user: User, created: bool):
|
def check_pwd_last_set(self, attributes: dict[str, Any], user: User, created: bool):
|
||||||
"""Check krbLastPwdChange"""
|
"""Check krbLastPwdChange"""
|
||||||
|
if "krbLastPwdChange" not in attributes:
|
||||||
|
return
|
||||||
pwd_last_set: datetime = attributes.get("krbLastPwdChange", datetime.now())
|
pwd_last_set: datetime = attributes.get("krbLastPwdChange", datetime.now())
|
||||||
pwd_last_set = pwd_last_set.replace(tzinfo=UTC)
|
pwd_last_set = pwd_last_set.replace(tzinfo=UTC)
|
||||||
if created or pwd_last_set >= user.password_change_date:
|
if created or pwd_last_set >= user.password_change_date:
|
||||||
|
|
15
authentik/sources/ldap/sync/vendor/ms_ad.py
vendored
15
authentik/sources/ldap/sync/vendor/ms_ad.py
vendored
|
@ -48,6 +48,8 @@ class MicrosoftActiveDirectory(BaseLDAPSynchronizer):
|
||||||
|
|
||||||
def ms_check_pwd_last_set(self, attributes: dict[str, Any], user: User, created: bool):
|
def ms_check_pwd_last_set(self, attributes: dict[str, Any], user: User, created: bool):
|
||||||
"""Check pwdLastSet"""
|
"""Check pwdLastSet"""
|
||||||
|
if "pwdLastSet" not in attributes:
|
||||||
|
return
|
||||||
pwd_last_set: datetime = attributes.get("pwdLastSet", datetime.now())
|
pwd_last_set: datetime = attributes.get("pwdLastSet", datetime.now())
|
||||||
pwd_last_set = pwd_last_set.replace(tzinfo=UTC)
|
pwd_last_set = pwd_last_set.replace(tzinfo=UTC)
|
||||||
if created or pwd_last_set >= user.password_change_date:
|
if created or pwd_last_set >= user.password_change_date:
|
||||||
|
@ -63,8 +65,11 @@ class MicrosoftActiveDirectory(BaseLDAPSynchronizer):
|
||||||
|
|
||||||
def ms_check_uac(self, attributes: dict[str, Any], user: User):
|
def ms_check_uac(self, attributes: dict[str, Any], user: User):
|
||||||
"""Check userAccountControl"""
|
"""Check userAccountControl"""
|
||||||
if uac_bit := attributes.get("userAccountControl", None):
|
if "userAccountControl" not in attributes:
|
||||||
# uac_bit: int = attributes.get("userAccountControl")
|
return
|
||||||
uac = UserAccountControl(uac_bit)
|
# Default from https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity
|
||||||
user.is_active = UserAccountControl.ACCOUNTDISABLE not in uac
|
# /useraccountcontrol-manipulate-account-properties
|
||||||
user.save()
|
uac_bit = attributes.get("userAccountControl", 512)
|
||||||
|
uac = UserAccountControl(uac_bit)
|
||||||
|
user.is_active = UserAccountControl.ACCOUNTDISABLE not in uac
|
||||||
|
user.save()
|
||||||
|
|
Reference in a new issue