Allow logins with fully qualified user names.

2024-11-17 19:39:11 +01:00 · 2016-03-21 23:35:11 +01:00 · 2016-03-21 23:35:11 +01:00 · be26efa343
commit be26efa343
parent 59962f53a1
2 changed files with 9 additions and 4 deletions
--- a/config.cfg.example
+++ b/config.cfg.example
@ -3,11 +3,12 @@ SECRET_KEY = "CHANGE!ME"
 SESSION_TIMEOUT = 3600

 LDAP_URI = "ldaps://ldap.example.com"
-LDAP_BASE = "ou=people,dc=example,dc=com"
+LDAP_BASE = "dc=example,dc=com"
+
+USER_DN = "cn={user},ou=people,dc=example,dc=com"

 ADMINS = [ "cn=admin,ou=people,dc=example,dc=com" ]

-CREATE_DN = "cn={user},ou=people,dc=example,dc=com"
 CREATE_ATTRS = {
 	'objectClass' : ['top', 'inetOrgPerson', 'organizationalPerson', 'person', 'posixAccount'],
 	'cn' : '{user}',
--- a/index.py
+++ b/index.py
@ -85,7 +85,7 @@ def create():
 				'gn' : form.gn.data,
 				'sn' : form.sn.data,
 			}
-			dn = app.config.get('CREATE_DN').format(**d)
+			dn = app.config.get('USER_DN').format(**d)
 			attrs = {}
 			for k,v in app.config.get('CREATE_ATTRS').iteritems():
 				if type(v) == str:
@ -138,7 +138,11 @@ def login():
 	form = LoginForm()

 	if form.validate_on_submit():
-		user = 'cn=' + form.user.data + ',' + app.config.get('LDAP_BASE','')
+		user = "" 
+		if form.user.data.endswith(app.config.get('LDAP_BASE','')):
+			user = form.user.data
+		else:
+			user = app.config.get('USER_DN').format(user=form.user.data)
 		pswd = form.pswd.data
 		l = ldap.initialize(app.config.get('LDAP_URI', 'ldaps://127.0.0.1'))
 		try: