Merge branch 'ldap-rewrite' into 'master'
LDAP rewrite See merge request BeryJu.org/passbook!28
This commit is contained in:
commit
78c74cd469
|
@ -1,8 +1,9 @@
|
||||||
"""passbook LDAP Authentication Backend"""
|
"""passbook LDAP Authentication Backend"""
|
||||||
from django.contrib.auth.backends import ModelBackend
|
from django.contrib.auth.backends import ModelBackend
|
||||||
|
from django.http import HttpRequest
|
||||||
from structlog import get_logger
|
from structlog import get_logger
|
||||||
|
|
||||||
from passbook.sources.ldap.ldap_connector import LDAPConnector
|
from passbook.sources.ldap.connector import Connector
|
||||||
from passbook.sources.ldap.models import LDAPSource
|
from passbook.sources.ldap.models import LDAPSource
|
||||||
|
|
||||||
LOGGER = get_logger()
|
LOGGER = get_logger()
|
||||||
|
@ -11,12 +12,13 @@ LOGGER = get_logger()
|
||||||
class LDAPBackend(ModelBackend):
|
class LDAPBackend(ModelBackend):
|
||||||
"""Authenticate users against LDAP Server"""
|
"""Authenticate users against LDAP Server"""
|
||||||
|
|
||||||
def authenticate(self, **kwargs):
|
def authenticate(self, request: HttpRequest, **kwargs):
|
||||||
"""Try to authenticate a user via ldap"""
|
"""Try to authenticate a user via ldap"""
|
||||||
if 'password' not in kwargs:
|
if 'password' not in kwargs:
|
||||||
return None
|
return None
|
||||||
for source in LDAPSource.objects.filter(enabled=True):
|
for source in LDAPSource.objects.filter(enabled=True):
|
||||||
_ldap = LDAPConnector(source)
|
LOGGER.debug("LDAP Auth attempt", source=source)
|
||||||
|
_ldap = Connector(source)
|
||||||
user = _ldap.auth_user(**kwargs)
|
user = _ldap.auth_user(**kwargs)
|
||||||
if user:
|
if user:
|
||||||
return user
|
return user
|
||||||
|
|
158
passbook/sources/ldap/connector.py
Normal file
158
passbook/sources/ldap/connector.py
Normal file
|
@ -0,0 +1,158 @@
|
||||||
|
"""Wrapper for ldap3 to easily manage user"""
|
||||||
|
from typing import Any, Dict, Optional
|
||||||
|
|
||||||
|
import ldap3
|
||||||
|
import ldap3.core.exceptions
|
||||||
|
from structlog import get_logger
|
||||||
|
|
||||||
|
from passbook.core.models import Group, User
|
||||||
|
from passbook.sources.ldap.models import LDAPSource
|
||||||
|
|
||||||
|
LOGGER = get_logger()
|
||||||
|
|
||||||
|
|
||||||
|
class Connector:
|
||||||
|
"""Wrapper for ldap3 to easily manage user authentication and creation"""
|
||||||
|
|
||||||
|
_server: ldap3.Server
|
||||||
|
_connection = ldap3.Connection
|
||||||
|
_source: LDAPSource
|
||||||
|
|
||||||
|
def __init__(self, source: LDAPSource):
|
||||||
|
self._source = source
|
||||||
|
self._server = ldap3.Server(source.server_uri) # Implement URI parsing
|
||||||
|
|
||||||
|
def bind(self):
|
||||||
|
"""Bind using Source's Credentials"""
|
||||||
|
self._connection = ldap3.Connection(self._server, raise_exceptions=True,
|
||||||
|
user=self._source.bind_cn,
|
||||||
|
password=self._source.bind_password)
|
||||||
|
|
||||||
|
self._connection.bind()
|
||||||
|
if self._source.start_tls:
|
||||||
|
self._connection.start_tls()
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def encode_pass(password: str) -> bytes:
|
||||||
|
"""Encodes a plain-text password so it can be used by AD"""
|
||||||
|
return '"{}"'.format(password).encode('utf-16-le')
|
||||||
|
|
||||||
|
@property
|
||||||
|
def base_dn_users(self) -> str:
|
||||||
|
"""Shortcut to get full base_dn for user lookups"""
|
||||||
|
return ','.join([self._source.additional_user_dn, self._source.base_dn])
|
||||||
|
|
||||||
|
@property
|
||||||
|
def base_dn_groups(self) -> str:
|
||||||
|
"""Shortcut to get full base_dn for group lookups"""
|
||||||
|
return ','.join([self._source.additional_group_dn, self._source.base_dn])
|
||||||
|
|
||||||
|
def sync_groups(self):
|
||||||
|
"""Iterate over all LDAP Groups and create passbook_core.Group instances"""
|
||||||
|
if not self._source.sync_groups:
|
||||||
|
LOGGER.debug("Group syncing is disabled for this Source")
|
||||||
|
return
|
||||||
|
groups = self._connection.extend.standard.paged_search(
|
||||||
|
search_base=self.base_dn_groups,
|
||||||
|
search_filter=self._source.group_object_filter,
|
||||||
|
search_scope=ldap3.SUBTREE,
|
||||||
|
attributes=ldap3.ALL_ATTRIBUTES)
|
||||||
|
for group in groups:
|
||||||
|
attributes = group.get('attributes', {})
|
||||||
|
_, created = Group.objects.update_or_create(
|
||||||
|
attributes__ldap_uniq=attributes.get(self._source.object_uniqueness_field, ''),
|
||||||
|
parent=self._source.sync_parent_group,
|
||||||
|
# defaults=self._build_object_properties(attributes),
|
||||||
|
defaults={
|
||||||
|
'name': attributes.get('name', ''),
|
||||||
|
'attributes': {
|
||||||
|
'ldap_uniq': attributes.get(self._source.object_uniqueness_field, ''),
|
||||||
|
'distinguishedName': attributes.get('distinguishedName')
|
||||||
|
}
|
||||||
|
}
|
||||||
|
)
|
||||||
|
LOGGER.debug("Synced group", group=attributes.get('name', ''), created=created)
|
||||||
|
|
||||||
|
def sync_users(self):
|
||||||
|
"""Iterate over all LDAP Users and create passbook_core.User instances"""
|
||||||
|
users = self._connection.extend.standard.paged_search(
|
||||||
|
search_base=self.base_dn_users,
|
||||||
|
search_filter=self._source.user_object_filter,
|
||||||
|
search_scope=ldap3.SUBTREE,
|
||||||
|
attributes=ldap3.ALL_ATTRIBUTES)
|
||||||
|
for user in users:
|
||||||
|
attributes = user.get('attributes', {})
|
||||||
|
_, created = User.objects.update_or_create(
|
||||||
|
attributes__ldap_uniq=attributes.get(self._source.object_uniqueness_field, ''),
|
||||||
|
defaults=self._build_object_properties(attributes),
|
||||||
|
)
|
||||||
|
LOGGER.debug("Synced User", user=attributes.get('name', ''), created=created)
|
||||||
|
|
||||||
|
def sync_membership(self):
|
||||||
|
"""Iterate over all Users and assign Groups using memberOf Field"""
|
||||||
|
users = self._connection.extend.standard.paged_search(
|
||||||
|
search_base=self.base_dn_users,
|
||||||
|
search_filter=self._source.user_object_filter,
|
||||||
|
search_scope=ldap3.SUBTREE,
|
||||||
|
attributes=[
|
||||||
|
self._source.user_group_membership_field,
|
||||||
|
self._source.object_uniqueness_field])
|
||||||
|
group_cache: Dict[str, Group] = {}
|
||||||
|
for user in users:
|
||||||
|
member_of = user.get('attributes', {}).get(self._source.user_group_membership_field, [])
|
||||||
|
uniq = user.get('attributes', {}).get(self._source.object_uniqueness_field, [])
|
||||||
|
for group_dn in member_of:
|
||||||
|
# Check if group_dn is within our base_dn_groups, and skip if not
|
||||||
|
if not group_dn.endswith(self.base_dn_groups):
|
||||||
|
continue
|
||||||
|
# Check if we fetched the group already, and if not cache it for later
|
||||||
|
if group_dn not in group_cache:
|
||||||
|
groups = Group.objects.filter(attributes__distinguishedName=group_dn)
|
||||||
|
if not groups.exists():
|
||||||
|
LOGGER.warning("Group does not exist in our DB yet, run sync_groups first.",
|
||||||
|
group=group_dn)
|
||||||
|
return
|
||||||
|
group_cache[group_dn] = groups.first()
|
||||||
|
group = group_cache[group_dn]
|
||||||
|
users = User.objects.filter(attributes__ldap_uniq=uniq)
|
||||||
|
group.user_set.add(*list(users))
|
||||||
|
# Now that all users are added, lets write everything
|
||||||
|
for _, group in group_cache.items():
|
||||||
|
group.save()
|
||||||
|
LOGGER.debug("Successfully updated group membership")
|
||||||
|
|
||||||
|
def _build_object_properties(self, attributes: Dict[str, Any]) -> Dict[str, Dict[Any, Any]]:
|
||||||
|
properties = {
|
||||||
|
'attributes': {}
|
||||||
|
}
|
||||||
|
for mapping in self._source.property_mappings.all().select_subclasses():
|
||||||
|
properties[mapping.object_field] = attributes.get(mapping.ldap_property, '')
|
||||||
|
if self._source.object_uniqueness_field in attributes:
|
||||||
|
properties['attributes']['ldap_uniq'] = \
|
||||||
|
attributes.get(self._source.object_uniqueness_field)
|
||||||
|
properties['attributes']['distinguishedName'] = attributes.get('distinguishedName')
|
||||||
|
return properties
|
||||||
|
|
||||||
|
def auth_user(self, password: str, **filters: Dict[str, str]) -> Optional[User]:
|
||||||
|
"""Try to bind as either user_dn or mail with password.
|
||||||
|
Returns True on success, otherwise False"""
|
||||||
|
users = User.objects.filter(**filters)
|
||||||
|
if not users.exists():
|
||||||
|
return None
|
||||||
|
user = users.first()
|
||||||
|
if 'distinguishedName' not in user.attributes:
|
||||||
|
LOGGER.debug("User doesn't have DN set, assuming not LDAP imported.", user=user)
|
||||||
|
return None
|
||||||
|
# Try to bind as new user
|
||||||
|
LOGGER.debug("Attempting Binding as user", user=user)
|
||||||
|
try:
|
||||||
|
temp_connection = ldap3.Connection(self._server,
|
||||||
|
user=user.attributes.get('distinguishedName'),
|
||||||
|
password=password, raise_exceptions=True)
|
||||||
|
temp_connection.bind()
|
||||||
|
return user
|
||||||
|
except ldap3.core.exceptions.LDAPInvalidCredentialsResult as exception:
|
||||||
|
LOGGER.debug("LDAPInvalidCredentialsResult", user=user)
|
||||||
|
except ldap3.core.exceptions.LDAPException as exception:
|
||||||
|
LOGGER.warning(exception)
|
||||||
|
return None
|
|
@ -5,8 +5,7 @@ from django.contrib.admin.widgets import FilteredSelectMultiple
|
||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
|
|
||||||
from passbook.admin.forms.source import SOURCE_FORM_FIELDS
|
from passbook.admin.forms.source import SOURCE_FORM_FIELDS
|
||||||
from passbook.core.forms.policies import GENERAL_FIELDS
|
from passbook.sources.ldap.models import LDAPPropertyMapping, LDAPSource
|
||||||
from passbook.sources.ldap.models import LDAPGroupMembershipPolicy, LDAPSource
|
|
||||||
|
|
||||||
|
|
||||||
class LDAPSourceForm(forms.ModelForm):
|
class LDAPSourceForm(forms.ModelForm):
|
||||||
|
@ -15,36 +14,56 @@ class LDAPSourceForm(forms.ModelForm):
|
||||||
class Meta:
|
class Meta:
|
||||||
|
|
||||||
model = LDAPSource
|
model = LDAPSource
|
||||||
fields = SOURCE_FORM_FIELDS + ['server_uri', 'bind_cn', 'bind_password',
|
fields = SOURCE_FORM_FIELDS + [
|
||||||
'type', 'domain', 'base_dn', 'create_user',
|
'server_uri',
|
||||||
'reset_password']
|
'bind_cn',
|
||||||
|
'bind_password',
|
||||||
|
'start_tls',
|
||||||
|
'base_dn',
|
||||||
|
'additional_user_dn',
|
||||||
|
'additional_group_dn',
|
||||||
|
'user_object_filter',
|
||||||
|
'group_object_filter',
|
||||||
|
'user_group_membership_field',
|
||||||
|
'object_uniqueness_field',
|
||||||
|
'sync_groups',
|
||||||
|
'sync_parent_group',
|
||||||
|
'property_mappings',
|
||||||
|
]
|
||||||
widgets = {
|
widgets = {
|
||||||
'name': forms.TextInput(),
|
'name': forms.TextInput(),
|
||||||
'server_uri': forms.TextInput(),
|
'server_uri': forms.TextInput(),
|
||||||
'bind_cn': forms.TextInput(),
|
'bind_cn': forms.TextInput(),
|
||||||
'bind_password': forms.TextInput(),
|
'bind_password': forms.TextInput(),
|
||||||
'domain': forms.TextInput(),
|
|
||||||
'base_dn': forms.TextInput(),
|
'base_dn': forms.TextInput(),
|
||||||
'policies': FilteredSelectMultiple(_('policies'), False)
|
'additional_user_dn': forms.TextInput(),
|
||||||
|
'additional_group_dn': forms.TextInput(),
|
||||||
|
'user_object_filter': forms.TextInput(),
|
||||||
|
'group_object_filter': forms.TextInput(),
|
||||||
|
'user_group_membership_field': forms.TextInput(),
|
||||||
|
'object_uniqueness_field': forms.TextInput(),
|
||||||
|
'policies': FilteredSelectMultiple(_('policies'), False),
|
||||||
|
'property_mappings': FilteredSelectMultiple(_('Property Mappings'), False)
|
||||||
}
|
}
|
||||||
labels = {
|
labels = {
|
||||||
'server_uri': _('Server URI'),
|
'server_uri': _('Server URI'),
|
||||||
'bind_cn': _('Bind CN'),
|
'bind_cn': _('Bind CN'),
|
||||||
|
'start_tls': _('Enable Start TLS'),
|
||||||
'base_dn': _('Base DN'),
|
'base_dn': _('Base DN'),
|
||||||
|
'additional_user_dn': _('Addition User DN'),
|
||||||
|
'additional_group_dn': _('Addition Group DN'),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
class LDAPGroupMembershipPolicyForm(forms.ModelForm):
|
class LDAPPropertyMappingForm(forms.ModelForm):
|
||||||
"""LDAPGroupMembershipPolicy Form"""
|
"""LDAP Property Mapping form"""
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
|
|
||||||
model = LDAPGroupMembershipPolicy
|
model = LDAPPropertyMapping
|
||||||
fields = GENERAL_FIELDS + ['dn', ]
|
fields = ['name', 'ldap_property', 'object_field']
|
||||||
widgets = {
|
widgets = {
|
||||||
'name': forms.TextInput(),
|
'name': forms.TextInput(),
|
||||||
'dn': forms.TextInput(),
|
'ldap_property': forms.TextInput(),
|
||||||
}
|
'object_field': forms.TextInput(),
|
||||||
labels = {
|
|
||||||
'dn': _('DN')
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,293 +0,0 @@
|
||||||
"""Wrapper for ldap3 to easily manage user"""
|
|
||||||
from time import time
|
|
||||||
|
|
||||||
import ldap3
|
|
||||||
import ldap3.core.exceptions
|
|
||||||
from structlog import get_logger
|
|
||||||
|
|
||||||
from passbook.core.models import User
|
|
||||||
from passbook.lib.config import CONFIG
|
|
||||||
from passbook.sources.ldap.models import LDAPSource
|
|
||||||
|
|
||||||
LOGGER = get_logger()
|
|
||||||
|
|
||||||
USERNAME_FIELD = CONFIG.y('ldap.username_field', 'sAMAccountName')
|
|
||||||
LOGIN_FIELD = CONFIG.y('ldap.login_field', 'userPrincipalName')
|
|
||||||
|
|
||||||
|
|
||||||
class LDAPConnector:
|
|
||||||
"""Wrapper for ldap3 to easily manage user authentication and creation"""
|
|
||||||
|
|
||||||
_server = None
|
|
||||||
_connection = None
|
|
||||||
_source = None
|
|
||||||
|
|
||||||
def __init__(self, source: LDAPSource):
|
|
||||||
self._source = source
|
|
||||||
|
|
||||||
if not self._source.enabled:
|
|
||||||
LOGGER.debug("LDAP not Enabled")
|
|
||||||
|
|
||||||
# if not con_args:
|
|
||||||
# con_args = {}
|
|
||||||
# if not server_args:
|
|
||||||
# server_args = {}
|
|
||||||
# Either use mock argument or test is in argv
|
|
||||||
# if mock or any('test' in arg for arg in sys.argv):
|
|
||||||
# self.mock = True
|
|
||||||
# self.create_users_enabled = True
|
|
||||||
# con_args['client_strategy'] = ldap3.MOCK_SYNC
|
|
||||||
# server_args['get_info'] = ldap3.OFFLINE_AD_2012_R2
|
|
||||||
# if self.mock:
|
|
||||||
# json_path = os.path.join(os.path.dirname(__file__), 'tests', 'ldap_mock.json')
|
|
||||||
# self._connection.strategy.entries_from_json(json_path)
|
|
||||||
|
|
||||||
self._server = ldap3.Server(source.server_uri) # Implement URI parsing
|
|
||||||
self._connection = ldap3.Connection(self._server, raise_exceptions=True,
|
|
||||||
user=source.bind_cn,
|
|
||||||
password=source.bind_password)
|
|
||||||
|
|
||||||
self._connection.bind()
|
|
||||||
# if CONFIG.y('ldap.server.use_tls'):
|
|
||||||
# self._connection.start_tls()
|
|
||||||
|
|
||||||
# @staticmethod
|
|
||||||
# def cleanup_mock():
|
|
||||||
# """Cleanup mock files which are not this PID's"""
|
|
||||||
# pid = os.getpid()
|
|
||||||
# json_path = os.path.join(os.path.dirname(__file__), 'test', 'ldap_mock_%d.json' % pid)
|
|
||||||
# os.unlink(json_path)
|
|
||||||
# LOGGER.debug("Cleaned up LDAP Mock from PID %d", pid)
|
|
||||||
|
|
||||||
# def apply_db(self):
|
|
||||||
# """Check if any unapplied LDAPModification's are left"""
|
|
||||||
# to_apply = LDAPModification.objects.filter(_purgeable=False)
|
|
||||||
# for obj in to_apply:
|
|
||||||
# try:
|
|
||||||
# if obj.action == LDAPModification.ACTION_ADD:
|
|
||||||
# self._connection.add(obj.dn, obj.data)
|
|
||||||
# elif obj.action == LDAPModification.ACTION_MODIFY:
|
|
||||||
# self._connection.modify(obj.dn, obj.data)
|
|
||||||
|
|
||||||
# # Object has been successfully applied to LDAP
|
|
||||||
# obj.delete()
|
|
||||||
# except ldap3.core.exceptions.LDAPException as exc:
|
|
||||||
# LOGGER.error(exc)
|
|
||||||
# LOGGER.debug("Recovered %d Modifications from DB.", len(to_apply))
|
|
||||||
|
|
||||||
# @staticmethod
|
|
||||||
# def handle_ldap_error(object_dn, action, data):
|
|
||||||
# """Custom Handler for LDAP methods to write LDIF to DB"""
|
|
||||||
# LDAPModification.objects.create(
|
|
||||||
# dn=object_dn,
|
|
||||||
# action=action,
|
|
||||||
# data=data)
|
|
||||||
|
|
||||||
# @property
|
|
||||||
# def enabled(self):
|
|
||||||
# """Returns whether LDAP is enabled or not"""
|
|
||||||
# return CONFIG.y('ldap.enabled')
|
|
||||||
|
|
||||||
@staticmethod
|
|
||||||
def encode_pass(password):
|
|
||||||
"""Encodes a plain-text password so it can be used by AD"""
|
|
||||||
return '"{}"'.format(password).encode('utf-16-le')
|
|
||||||
|
|
||||||
def generate_filter(self, **fields):
|
|
||||||
"""Generate LDAP filter from **fields."""
|
|
||||||
filters = []
|
|
||||||
for item, value in fields.items():
|
|
||||||
filters.append("(%s=%s)" % (item, value))
|
|
||||||
ldap_filter = "(&%s)" % "".join(filters)
|
|
||||||
LOGGER.debug("Constructed filter: '%s'", ldap_filter)
|
|
||||||
return ldap_filter
|
|
||||||
|
|
||||||
def lookup(self, ldap_filter: str):
|
|
||||||
"""Search email in LDAP and return the DN.
|
|
||||||
Returns False if nothing was found."""
|
|
||||||
try:
|
|
||||||
self._connection.search(self._source.search_base, ldap_filter)
|
|
||||||
results = self._connection.response
|
|
||||||
if len(results) >= 1:
|
|
||||||
if 'dn' in results[0]:
|
|
||||||
return str(results[0]['dn'])
|
|
||||||
except ldap3.core.exceptions.LDAPNoSuchObjectResult as exc:
|
|
||||||
LOGGER.warning(exc)
|
|
||||||
return False
|
|
||||||
except ldap3.core.exceptions.LDAPInvalidDnError as exc:
|
|
||||||
LOGGER.warning(exc)
|
|
||||||
return False
|
|
||||||
return False
|
|
||||||
|
|
||||||
def _get_or_create_user(self, user_data):
|
|
||||||
"""Returns a Django user for the given LDAP user data.
|
|
||||||
If the user does not exist, then it will be created."""
|
|
||||||
attributes = user_data.get("attributes")
|
|
||||||
if attributes is None:
|
|
||||||
LOGGER.warning("LDAP user attributes empty")
|
|
||||||
return None
|
|
||||||
# Create the user data.
|
|
||||||
field_map = {
|
|
||||||
'username': '%(' + USERNAME_FIELD + ')s',
|
|
||||||
'name': '%(givenName)s %(sn)s',
|
|
||||||
'email': '%(mail)s',
|
|
||||||
}
|
|
||||||
user_fields = {}
|
|
||||||
for dj_field, ldap_field in field_map.items():
|
|
||||||
user_fields[dj_field] = ldap_field % attributes
|
|
||||||
|
|
||||||
# Update or create the user.
|
|
||||||
user, created = User.objects.update_or_create(
|
|
||||||
defaults=user_fields,
|
|
||||||
username=user_fields.pop('username', "")
|
|
||||||
)
|
|
||||||
|
|
||||||
# Update groups
|
|
||||||
# if 'memberOf' in attributes:
|
|
||||||
# applicable_groups = LDAPGroupMapping.objects.f
|
|
||||||
# ilter(ldap_dn__in=attributes['memberOf'])
|
|
||||||
# for group in applicable_groups:
|
|
||||||
# if group.group not in user.groups.all():
|
|
||||||
# user.groups.add(group.group)
|
|
||||||
# user.save()
|
|
||||||
|
|
||||||
# If the user was created, set them an unusable password.
|
|
||||||
if created:
|
|
||||||
user.set_unusable_password()
|
|
||||||
user.save()
|
|
||||||
# All done!
|
|
||||||
LOGGER.debug("LDAP user lookup succeeded")
|
|
||||||
return user
|
|
||||||
|
|
||||||
def auth_user(self, password, **filters):
|
|
||||||
"""Try to bind as either user_dn or mail with password.
|
|
||||||
Returns True on success, otherwise False"""
|
|
||||||
filters.pop('request')
|
|
||||||
if not self._source.enabled:
|
|
||||||
return None
|
|
||||||
# FIXME: Adapt user_uid
|
|
||||||
# email = filters.pop(CONFIG.y('passport').get('ldap').get, '')
|
|
||||||
email = filters.pop('email')
|
|
||||||
user_dn = self.lookup(self.generate_filter(**{LOGIN_FIELD: email}))
|
|
||||||
if not user_dn:
|
|
||||||
return None
|
|
||||||
# Try to bind as new user
|
|
||||||
LOGGER.debug("Binding as '%s'", user_dn)
|
|
||||||
try:
|
|
||||||
temp_connection = ldap3.Connection(self._server, user=user_dn,
|
|
||||||
password=password, raise_exceptions=True)
|
|
||||||
temp_connection.bind()
|
|
||||||
if self._connection.search(
|
|
||||||
search_base=self._source.search_base,
|
|
||||||
search_filter=self.generate_filter(**{LOGIN_FIELD: email}),
|
|
||||||
search_scope=ldap3.SUBTREE,
|
|
||||||
attributes=[ldap3.ALL_ATTRIBUTES, ldap3.ALL_OPERATIONAL_ATTRIBUTES],
|
|
||||||
get_operational_attributes=True,
|
|
||||||
size_limit=1,
|
|
||||||
):
|
|
||||||
response = self._connection.response[0]
|
|
||||||
# If user has no email set in AD, use UPN
|
|
||||||
if 'mail' not in response.get('attributes'):
|
|
||||||
response['attributes']['mail'] = response['attributes']['userPrincipalName']
|
|
||||||
return self._get_or_create_user(response)
|
|
||||||
LOGGER.warning("LDAP user lookup failed")
|
|
||||||
return None
|
|
||||||
except ldap3.core.exceptions.LDAPInvalidCredentialsResult as exception:
|
|
||||||
LOGGER.debug("User '%s' failed to login (Wrong credentials)", user_dn)
|
|
||||||
except ldap3.core.exceptions.LDAPException as exception:
|
|
||||||
LOGGER.warning(exception)
|
|
||||||
return None
|
|
||||||
|
|
||||||
def is_email_used(self, mail):
|
|
||||||
"""Checks whether an email address is already registered in LDAP"""
|
|
||||||
if self._source.create_user:
|
|
||||||
return self.lookup(self.generate_filter(mail=mail))
|
|
||||||
return False
|
|
||||||
|
|
||||||
def create_ldap_user(self, user, raw_password):
|
|
||||||
"""Creates a new LDAP User from a django user and raw_password.
|
|
||||||
Returns True on success, otherwise False"""
|
|
||||||
if self._source.create_user:
|
|
||||||
LOGGER.debug("User creation not enabled")
|
|
||||||
return False
|
|
||||||
# The dn of our new entry/object
|
|
||||||
username = user.pk.hex # UUID without dashes
|
|
||||||
# sAMAccountName is limited to 20 chars
|
|
||||||
# https://msdn.microsoft.com/en-us/library/ms679635.aspx
|
|
||||||
username_trunk = username[:20] if len(username) > 20 else username
|
|
||||||
# AD doesn't like sAMAccountName's with . at the end
|
|
||||||
username_trunk = username_trunk[:-1] if username_trunk[-1] == '.' else username_trunk
|
|
||||||
user_dn = 'cn=' + username + ',' + self._source.search_base
|
|
||||||
LOGGER.debug('New DN: %s', user_dn)
|
|
||||||
attrs = {
|
|
||||||
'distinguishedName': str(user_dn),
|
|
||||||
'cn': str(username),
|
|
||||||
'description': 't=' + str(time()),
|
|
||||||
'sAMAccountName': str(username_trunk),
|
|
||||||
'givenName': str(user.name),
|
|
||||||
'displayName': str(user.username),
|
|
||||||
'name': str(user.name),
|
|
||||||
'mail': str(user.email),
|
|
||||||
'userPrincipalName': str(username + '@' + self._source.domain),
|
|
||||||
'objectClass': ['top', 'person', 'organizationalPerson', 'user'],
|
|
||||||
}
|
|
||||||
try:
|
|
||||||
self._connection.add(user_dn, attributes=attrs)
|
|
||||||
except ldap3.core.exceptions.LDAPException as exception:
|
|
||||||
LOGGER.warning("Failed to create user ('%s'), saved to DB", exception)
|
|
||||||
# LDAPConnector.handle_ldap_error(user_dn, LDAPModification.ACTION_ADD, attrs)
|
|
||||||
LOGGER.debug("Signed up user %s", user.email)
|
|
||||||
return self.change_password(raw_password, mail=user.email)
|
|
||||||
|
|
||||||
def _do_modify(self, diff, **fields):
|
|
||||||
"""Do the LDAP modification itself"""
|
|
||||||
user_dn = self.lookup(self.generate_filter(**fields))
|
|
||||||
try:
|
|
||||||
self._connection.modify(user_dn, diff)
|
|
||||||
except ldap3.core.exceptions.LDAPException as exception:
|
|
||||||
LOGGER.warning("Failed to modify %s ('%s'), saved to DB", user_dn, exception)
|
|
||||||
# LDAPConnector.handle_ldap_error(user_dn, LDAPModification.ACTION_MODIFY, diff)
|
|
||||||
LOGGER.debug("modified account '%s' [%s]", user_dn, ','.join(diff.keys()))
|
|
||||||
return 'result' in self._connection.result and self._connection.result['result'] == 0
|
|
||||||
|
|
||||||
def disable_user(self, **fields):
|
|
||||||
"""Disables LDAP user based on mail or user_dn.
|
|
||||||
Returns True on success, otherwise False"""
|
|
||||||
diff = {
|
|
||||||
'userAccountControl': [(ldap3.MODIFY_REPLACE, [str(66050)])],
|
|
||||||
}
|
|
||||||
return self._do_modify(diff, **fields)
|
|
||||||
|
|
||||||
def enable_user(self, **fields):
|
|
||||||
"""Enables LDAP user based on mail or user_dn.
|
|
||||||
Returns True on success, otherwise False"""
|
|
||||||
diff = {
|
|
||||||
'userAccountControl': [(ldap3.MODIFY_REPLACE, [str(66048)])],
|
|
||||||
}
|
|
||||||
return self._do_modify(diff, **fields)
|
|
||||||
|
|
||||||
def change_password(self, new_password, **fields):
|
|
||||||
"""Changes LDAP user's password based on mail or user_dn.
|
|
||||||
Returns True on success, otherwise False"""
|
|
||||||
diff = {
|
|
||||||
'unicodePwd': [(ldap3.MODIFY_REPLACE, [LDAPConnector.encode_pass(new_password)])],
|
|
||||||
}
|
|
||||||
return self._do_modify(diff, **fields)
|
|
||||||
|
|
||||||
def add_to_group(self, group_dn, **fields):
|
|
||||||
"""Adds mail or user_dn to group_dn
|
|
||||||
Returns True on success, otherwise False"""
|
|
||||||
user_dn = self.lookup(**fields)
|
|
||||||
diff = {
|
|
||||||
'member': [(ldap3.MODIFY_ADD), [user_dn]]
|
|
||||||
}
|
|
||||||
return self._do_modify(diff, user_dn=group_dn)
|
|
||||||
|
|
||||||
def remove_from_group(self, group_dn, **fields):
|
|
||||||
"""Removes mail or user_dn from group_dn
|
|
||||||
Returns True on success, otherwise False"""
|
|
||||||
user_dn = self.lookup(**fields)
|
|
||||||
diff = {
|
|
||||||
'member': [(ldap3.MODIFY_DELETE), [user_dn]]
|
|
||||||
}
|
|
||||||
return self._do_modify(diff, user_dn=group_dn)
|
|
|
@ -1,5 +1,6 @@
|
||||||
# Generated by Django 2.2.6 on 2019-10-07 14:07
|
# Generated by Django 2.2.6 on 2019-10-08 20:43
|
||||||
|
|
||||||
|
import django.core.validators
|
||||||
import django.db.models.deletion
|
import django.db.models.deletion
|
||||||
from django.db import migrations, models
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
@ -13,18 +14,33 @@ class Migration(migrations.Migration):
|
||||||
]
|
]
|
||||||
|
|
||||||
operations = [
|
operations = [
|
||||||
|
migrations.CreateModel(
|
||||||
|
name='LDAPPropertyMapping',
|
||||||
|
fields=[
|
||||||
|
('propertymapping_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.PropertyMapping')),
|
||||||
|
('ldap_property', models.TextField()),
|
||||||
|
('object_field', models.TextField()),
|
||||||
|
],
|
||||||
|
options={
|
||||||
|
'abstract': False,
|
||||||
|
},
|
||||||
|
bases=('passbook_core.propertymapping',),
|
||||||
|
),
|
||||||
migrations.CreateModel(
|
migrations.CreateModel(
|
||||||
name='LDAPSource',
|
name='LDAPSource',
|
||||||
fields=[
|
fields=[
|
||||||
('source_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.Source')),
|
('source_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.Source')),
|
||||||
('server_uri', models.TextField()),
|
('server_uri', models.URLField(validators=[django.core.validators.URLValidator(schemes=['ldap', 'ldaps'])])),
|
||||||
('bind_cn', models.TextField()),
|
('bind_cn', models.TextField()),
|
||||||
('bind_password', models.TextField()),
|
('bind_password', models.TextField()),
|
||||||
('type', models.CharField(choices=[('ad', 'Active Directory'), ('generic', 'Generic')], max_length=20)),
|
('start_tls', models.BooleanField(default=False)),
|
||||||
('domain', models.TextField()),
|
|
||||||
('base_dn', models.TextField()),
|
('base_dn', models.TextField()),
|
||||||
('create_user', models.BooleanField(default=False)),
|
('additional_user_dn', models.TextField(help_text='Prepended to Base DN for User-queries.')),
|
||||||
('reset_password', models.BooleanField(default=True)),
|
('additional_group_dn', models.TextField(help_text='Prepended to Base DN for Group-queries.')),
|
||||||
|
('user_object_filter', models.TextField()),
|
||||||
|
('group_object_filter', models.TextField()),
|
||||||
|
('sync_groups', models.BooleanField(default=True)),
|
||||||
|
('sync_parent_group', models.ForeignKey(blank=True, default=None, on_delete=django.db.models.deletion.SET_DEFAULT, to='passbook_core.Group')),
|
||||||
],
|
],
|
||||||
options={
|
options={
|
||||||
'verbose_name': 'LDAP Source',
|
'verbose_name': 'LDAP Source',
|
||||||
|
@ -32,17 +48,4 @@ class Migration(migrations.Migration):
|
||||||
},
|
},
|
||||||
bases=('passbook_core.source',),
|
bases=('passbook_core.source',),
|
||||||
),
|
),
|
||||||
migrations.CreateModel(
|
|
||||||
name='LDAPGroupMembershipPolicy',
|
|
||||||
fields=[
|
|
||||||
('policy_ptr', models.OneToOneField(auto_created=True, on_delete=django.db.models.deletion.CASCADE, parent_link=True, primary_key=True, serialize=False, to='passbook_core.Policy')),
|
|
||||||
('dn', models.TextField()),
|
|
||||||
('source', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='passbook_sources_ldap.LDAPSource')),
|
|
||||||
],
|
|
||||||
options={
|
|
||||||
'verbose_name': 'LDAP Group Membership Policy',
|
|
||||||
'verbose_name_plural': 'LDAP Group Membership Policys',
|
|
||||||
},
|
|
||||||
bases=('passbook_core.policy',),
|
|
||||||
),
|
|
||||||
]
|
]
|
||||||
|
|
17
passbook/sources/ldap/migrations/0002_auto_20191011_0825.py
Normal file
17
passbook/sources/ldap/migrations/0002_auto_20191011_0825.py
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
# Generated by Django 2.2.6 on 2019-10-11 08:25
|
||||||
|
|
||||||
|
from django.db import migrations
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('passbook_sources_ldap', '0001_initial'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AlterModelOptions(
|
||||||
|
name='ldappropertymapping',
|
||||||
|
options={'verbose_name': 'LDAP Property Mapping', 'verbose_name_plural': 'LDAP Property Mappings'},
|
||||||
|
),
|
||||||
|
]
|
32
passbook/sources/ldap/migrations/0003_auto_20191011_0825.py
Normal file
32
passbook/sources/ldap/migrations/0003_auto_20191011_0825.py
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
# Generated by Django 2.2.6 on 2019-10-11 08:25
|
||||||
|
|
||||||
|
from django.apps.registry import Apps
|
||||||
|
from django.db import migrations
|
||||||
|
|
||||||
|
|
||||||
|
def create_default_ad_property_mappings(apps: Apps, schema_editor):
|
||||||
|
LDAPPropertyMapping = apps.get_model('passbook_sources_ldap', 'LDAPPropertyMapping')
|
||||||
|
mapping = {
|
||||||
|
'name': 'name',
|
||||||
|
'givenName': 'first_name',
|
||||||
|
'sn': 'last_name',
|
||||||
|
'sAMAccountName': 'username',
|
||||||
|
'mail': 'email'
|
||||||
|
}
|
||||||
|
for ldap_property, object_field in mapping.items():
|
||||||
|
LDAPPropertyMapping.objects.get_or_create(
|
||||||
|
ldap_property=ldap_property,
|
||||||
|
object_field=object_field,
|
||||||
|
defaults={
|
||||||
|
'name': f"Autogenerated LDAP Mapping: {ldap_property} -> {object_field}"
|
||||||
|
})
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('passbook_sources_ldap', '0002_auto_20191011_0825'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.RunPython(create_default_ad_property_mappings)
|
||||||
|
]
|
25
passbook/sources/ldap/migrations/0004_auto_20191011_0839.py
Normal file
25
passbook/sources/ldap/migrations/0004_auto_20191011_0839.py
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
# Generated by Django 2.2.6 on 2019-10-11 08:39
|
||||||
|
|
||||||
|
import django.core.validators
|
||||||
|
import django.db.models.deletion
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('passbook_sources_ldap', '0003_auto_20191011_0825'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='ldapsource',
|
||||||
|
name='server_uri',
|
||||||
|
field=models.TextField(validators=[django.core.validators.URLValidator(schemes=['ldap', 'ldaps'])]),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='ldapsource',
|
||||||
|
name='sync_parent_group',
|
||||||
|
field=models.ForeignKey(blank=True, default=None, null=True, on_delete=django.db.models.deletion.SET_DEFAULT, to='passbook_core.Group'),
|
||||||
|
),
|
||||||
|
]
|
33
passbook/sources/ldap/migrations/0005_auto_20191011_1059.py
Normal file
33
passbook/sources/ldap/migrations/0005_auto_20191011_1059.py
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
# Generated by Django 2.2.6 on 2019-10-11 10:59
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('passbook_sources_ldap', '0004_auto_20191011_0839'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AddField(
|
||||||
|
model_name='ldapsource',
|
||||||
|
name='object_uniqueness_field',
|
||||||
|
field=models.TextField(default='objectSid', help_text='Field which contains a unique Identifier.'),
|
||||||
|
),
|
||||||
|
migrations.AddField(
|
||||||
|
model_name='ldapsource',
|
||||||
|
name='user_group_membership_field',
|
||||||
|
field=models.TextField(default='memberOf', help_text='Field which contains Groups of user.'),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='ldapsource',
|
||||||
|
name='group_object_filter',
|
||||||
|
field=models.TextField(default='(objectCategory=Group)', help_text='Consider Objects matching this filter to be Groups.'),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='ldapsource',
|
||||||
|
name='user_object_filter',
|
||||||
|
field=models.TextField(default='(objectCategory=Person)', help_text='Consider Objects matching this filter to be Users.'),
|
||||||
|
),
|
||||||
|
]
|
|
@ -1,30 +1,36 @@
|
||||||
"""passbook LDAP Models"""
|
"""passbook LDAP Models"""
|
||||||
|
|
||||||
|
from django.core.validators import URLValidator
|
||||||
from django.db import models
|
from django.db import models
|
||||||
from django.utils.translation import gettext as _
|
from django.utils.translation import gettext as _
|
||||||
|
|
||||||
from passbook.core.models import Policy, Source, User
|
from passbook.core.models import Group, PropertyMapping, Source
|
||||||
|
|
||||||
|
|
||||||
class LDAPSource(Source):
|
class LDAPSource(Source):
|
||||||
"""LDAP Authentication source"""
|
"""LDAP Authentication source"""
|
||||||
|
|
||||||
TYPE_ACTIVE_DIRECTORY = 'ad'
|
server_uri = models.TextField(validators=[URLValidator(schemes=['ldap', 'ldaps'])])
|
||||||
TYPE_GENERIC = 'generic'
|
|
||||||
TYPES = (
|
|
||||||
(TYPE_ACTIVE_DIRECTORY, _('Active Directory')),
|
|
||||||
(TYPE_GENERIC, _('Generic')),
|
|
||||||
)
|
|
||||||
|
|
||||||
server_uri = models.TextField()
|
|
||||||
bind_cn = models.TextField()
|
bind_cn = models.TextField()
|
||||||
bind_password = models.TextField()
|
bind_password = models.TextField()
|
||||||
type = models.CharField(max_length=20, choices=TYPES)
|
start_tls = models.BooleanField(default=False)
|
||||||
|
|
||||||
domain = models.TextField()
|
|
||||||
base_dn = models.TextField()
|
base_dn = models.TextField()
|
||||||
create_user = models.BooleanField(default=False)
|
additional_user_dn = models.TextField(help_text=_('Prepended to Base DN for User-queries.'))
|
||||||
reset_password = models.BooleanField(default=True)
|
additional_group_dn = models.TextField(help_text=_('Prepended to Base DN for Group-queries.'))
|
||||||
|
|
||||||
|
user_object_filter = models.TextField(default="(objectCategory=Person)", help_text=_(
|
||||||
|
'Consider Objects matching this filter to be Users.'))
|
||||||
|
user_group_membership_field = models.TextField(default="memberOf", help_text=_(
|
||||||
|
"Field which contains Groups of user."))
|
||||||
|
group_object_filter = models.TextField(default="(objectCategory=Group)", help_text=_(
|
||||||
|
'Consider Objects matching this filter to be Groups.'))
|
||||||
|
object_uniqueness_field = models.TextField(default="objectSid", help_text=_(
|
||||||
|
'Field which contains a unique Identifier.'))
|
||||||
|
|
||||||
|
sync_groups = models.BooleanField(default=True)
|
||||||
|
sync_parent_group = models.ForeignKey(Group, blank=True, null=True,
|
||||||
|
default=None, on_delete=models.SET_DEFAULT)
|
||||||
|
|
||||||
form = 'passbook.sources.ldap.forms.LDAPSourceForm'
|
form = 'passbook.sources.ldap.forms.LDAPSourceForm'
|
||||||
|
|
||||||
|
@ -37,19 +43,19 @@ class LDAPSource(Source):
|
||||||
verbose_name = _('LDAP Source')
|
verbose_name = _('LDAP Source')
|
||||||
verbose_name_plural = _('LDAP Sources')
|
verbose_name_plural = _('LDAP Sources')
|
||||||
|
|
||||||
class LDAPGroupMembershipPolicy(Policy):
|
|
||||||
"""Policy to check if a user is in a certain LDAP Group"""
|
|
||||||
|
|
||||||
dn = models.TextField()
|
class LDAPPropertyMapping(PropertyMapping):
|
||||||
source = models.ForeignKey('LDAPSource', on_delete=models.CASCADE)
|
"""Map LDAP Property to User or Group object"""
|
||||||
|
|
||||||
form = 'passbook.sources.ldap.forms.LDAPGroupMembershipPolicyForm'
|
ldap_property = models.TextField()
|
||||||
|
object_field = models.TextField()
|
||||||
|
|
||||||
def passes(self, user: User):
|
form = 'passbook.sources.ldap.forms.LDAPPropertyMappingForm'
|
||||||
"""Check if user instance passes this policy"""
|
|
||||||
raise NotImplementedError()
|
def __str__(self):
|
||||||
|
return f"LDAP Property Mapping {self.ldap_property} -> {self.object_field}"
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
|
|
||||||
verbose_name = _('LDAP Group Membership Policy')
|
verbose_name = _('LDAP Property Mapping')
|
||||||
verbose_name_plural = _('LDAP Group Membership Policys')
|
verbose_name_plural = _('LDAP Property Mappings')
|
||||||
|
|
|
@ -1,5 +1,13 @@
|
||||||
"""LDAP Settings"""
|
"""LDAP Settings"""
|
||||||
|
from celery.schedules import crontab
|
||||||
|
|
||||||
AUTHENTICATION_BACKENDS = [
|
AUTHENTICATION_BACKENDS = [
|
||||||
'passbook.sources.ldap.auth.LDAPBackend',
|
'passbook.sources.ldap.auth.LDAPBackend',
|
||||||
]
|
]
|
||||||
|
|
||||||
|
CELERY_BEAT_SCHEDULE = {
|
||||||
|
'sync': {
|
||||||
|
'task': 'passbook.sources.ldap.tasks.sync',
|
||||||
|
'schedule': crontab(minute=0) # Run every hour
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
31
passbook/sources/ldap/tasks.py
Normal file
31
passbook/sources/ldap/tasks.py
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
"""LDAP Sync tasks"""
|
||||||
|
from passbook.root.celery import CELERY_APP
|
||||||
|
from passbook.sources.ldap.connector import Connector
|
||||||
|
from passbook.sources.ldap.models import LDAPSource
|
||||||
|
|
||||||
|
|
||||||
|
@CELERY_APP.task()
|
||||||
|
def sync_groups(source_pk: int):
|
||||||
|
"""Sync LDAP Groups on background worker"""
|
||||||
|
source = LDAPSource.objects.get(pk=source_pk)
|
||||||
|
connector = Connector(source)
|
||||||
|
connector.bind()
|
||||||
|
connector.sync_groups()
|
||||||
|
|
||||||
|
@CELERY_APP.task()
|
||||||
|
def sync_users(source_pk: int):
|
||||||
|
"""Sync LDAP Users on background worker"""
|
||||||
|
source = LDAPSource.objects.get(pk=source_pk)
|
||||||
|
connector = Connector(source)
|
||||||
|
connector.bind()
|
||||||
|
connector.sync_users()
|
||||||
|
|
||||||
|
@CELERY_APP.task()
|
||||||
|
def sync():
|
||||||
|
"""Sync all sources"""
|
||||||
|
for source in LDAPSource.objects.filter(enabled=True):
|
||||||
|
connector = Connector(source)
|
||||||
|
connector.bind()
|
||||||
|
connector.sync_users()
|
||||||
|
connector.sync_groups()
|
||||||
|
connector.sync_membership()
|
|
@ -1,33 +0,0 @@
|
||||||
{% extends "_admin/module_default.html" %}
|
|
||||||
|
|
||||||
{% load i18n %}
|
|
||||||
{% load utils %}
|
|
||||||
|
|
||||||
{% block title %}
|
|
||||||
{% title "Settings" %}
|
|
||||||
{% endblock %}
|
|
||||||
|
|
||||||
{% block module_content %}
|
|
||||||
<h2><clr-icon shape="application" size="32"></clr-icon>{% trans 'LDAP connection' %}</h2>
|
|
||||||
<div class="row">
|
|
||||||
<div class="col-md-12">
|
|
||||||
<div class="card">
|
|
||||||
<form role="form" method="POST">
|
|
||||||
<div class="card-block">
|
|
||||||
<h3><clr-icon shape="cog" size="32"></clr-icon>{% trans 'General settings' %}</h3>
|
|
||||||
{% include 'partials/form.html' with form=general %}
|
|
||||||
<h3><clr-icon shape="connect" size="32"></clr-icon>{% trans 'Connection settings' %}</h3>
|
|
||||||
{% include 'partials/form.html' with form=connection %}
|
|
||||||
<h3><clr-icon shape="certificate" size="32"></clr-icon>{% trans 'Authentication backend ' %}</h3>
|
|
||||||
{% include 'partials/form.html' with form=authentication %}
|
|
||||||
<h3><clr-icon shape="users" size="32"></clr-icon>{% trans 'Create users settings' %}</h3>
|
|
||||||
{% include 'partials/form.html' with form=create_users %}
|
|
||||||
</div>
|
|
||||||
<div class="card-footer">
|
|
||||||
<button type="submit" value="general" class="btn btn-sm btn-primary">{% trans 'Update' %}</button>
|
|
||||||
</div>
|
|
||||||
</form>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
{% endblock %}
|
|
|
@ -1,9 +0,0 @@
|
||||||
# """passbook LDAP Urls"""
|
|
||||||
|
|
||||||
# from django.conf.urls import url
|
|
||||||
|
|
||||||
# from passbook.mod.auth.ldap import views
|
|
||||||
|
|
||||||
# urlpatterns = [
|
|
||||||
# url(r'^settings/$', views.admin_settings, name='admin_settings'),
|
|
||||||
# ]
|
|
|
@ -1,38 +0,0 @@
|
||||||
# """passbook LDAP Views"""
|
|
||||||
|
|
||||||
|
|
||||||
# from django.contrib import messages
|
|
||||||
# from django.contrib.auth.decorators import login_required, user_passes_test
|
|
||||||
# from django.http import HttpRequest, HttpResponse
|
|
||||||
# from django.shortcuts import redirect, render
|
|
||||||
# from django.urls import reverse
|
|
||||||
# from django.utils.translation import ugettext as _
|
|
||||||
|
|
||||||
# from passbook.sources.ldap.forms import (AuthenticationBackendSettings,
|
|
||||||
# ConnectionSettings,
|
|
||||||
# CreateUsersSettings,
|
|
||||||
# GeneralSettingsForm)
|
|
||||||
|
|
||||||
|
|
||||||
# @login_required
|
|
||||||
# @user_passes_test(lambda u: u.is_superuser)
|
|
||||||
# def admin_settings(request: HttpRequest) -> HttpResponse:
|
|
||||||
# """Default view for modules without admin view"""
|
|
||||||
# form_classes = {
|
|
||||||
# 'general': GeneralSettingsForm,
|
|
||||||
# 'connection': ConnectionSettings,
|
|
||||||
# 'authentication': AuthenticationBackendSettings,
|
|
||||||
# 'create_users': CreateUsersSettings,
|
|
||||||
# }
|
|
||||||
# render_data = {}
|
|
||||||
# for form_key, form_class in form_classes.items():
|
|
||||||
# render_data[form_key] = form_class(request.POST if request.method == 'POST' else None)
|
|
||||||
# if request.method == 'POST':
|
|
||||||
# update_count = 0
|
|
||||||
# for form_key, form_class in form_classes.items():
|
|
||||||
# form = form_class(request.POST)
|
|
||||||
# if form.is_valid():
|
|
||||||
# update_count += form.save()
|
|
||||||
# messages.success(request, _('Successfully updated %d settings.' % update_count))
|
|
||||||
# return redirect(reverse('passbook_ldap:admin_settings'))
|
|
||||||
# return render(request, 'ldap/settings.html', render_data)
|
|
Reference in a new issue