From be26efa3437c59654ded3d9c3474030fd0948f9b Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Mon, 21 Mar 2016 23:35:11 +0100 Subject: [PATCH] Allow logins with fully qualified user names. --- config.cfg.example | 5 +++-- index.py | 8 ++++++-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/config.cfg.example b/config.cfg.example index cb23bf2..56a49a8 100644 --- a/config.cfg.example +++ b/config.cfg.example @@ -3,11 +3,12 @@ SECRET_KEY = "CHANGE!ME" SESSION_TIMEOUT = 3600 LDAP_URI = "ldaps://ldap.example.com" -LDAP_BASE = "ou=people,dc=example,dc=com" +LDAP_BASE = "dc=example,dc=com" + +USER_DN = "cn={user},ou=people,dc=example,dc=com" ADMINS = [ "cn=admin,ou=people,dc=example,dc=com" ] -CREATE_DN = "cn={user},ou=people,dc=example,dc=com" CREATE_ATTRS = { 'objectClass' : ['top', 'inetOrgPerson', 'organizationalPerson', 'person', 'posixAccount'], 'cn' : '{user}', diff --git a/index.py b/index.py index 029f64b..c0d84d8 100755 --- a/index.py +++ b/index.py @@ -85,7 +85,7 @@ def create(): 'gn' : form.gn.data, 'sn' : form.sn.data, } - dn = app.config.get('CREATE_DN').format(**d) + dn = app.config.get('USER_DN').format(**d) attrs = {} for k,v in app.config.get('CREATE_ATTRS').iteritems(): if type(v) == str: @@ -138,7 +138,11 @@ def login(): form = LoginForm() if form.validate_on_submit(): - user = 'cn=' + form.user.data + ',' + app.config.get('LDAP_BASE','') + user = "" + if form.user.data.endswith(app.config.get('LDAP_BASE','')): + user = form.user.data + else: + user = app.config.get('USER_DN').format(user=form.user.data) pswd = form.pswd.data l = ldap.initialize(app.config.get('LDAP_URI', 'ldaps://127.0.0.1')) try: