1
0
forked from moepman/bk-dss

Allow logins with fully qualified user names.

This commit is contained in:
Markus 2016-03-21 23:35:11 +01:00
parent 59962f53a1
commit be26efa343
2 changed files with 9 additions and 4 deletions

View File

@ -3,11 +3,12 @@ SECRET_KEY = "CHANGE!ME"
SESSION_TIMEOUT = 3600
LDAP_URI = "ldaps://ldap.example.com"
LDAP_BASE = "ou=people,dc=example,dc=com"
LDAP_BASE = "dc=example,dc=com"
USER_DN = "cn={user},ou=people,dc=example,dc=com"
ADMINS = [ "cn=admin,ou=people,dc=example,dc=com" ]
CREATE_DN = "cn={user},ou=people,dc=example,dc=com"
CREATE_ATTRS = {
'objectClass' : ['top', 'inetOrgPerson', 'organizationalPerson', 'person', 'posixAccount'],
'cn' : '{user}',

View File

@ -85,7 +85,7 @@ def create():
'gn' : form.gn.data,
'sn' : form.sn.data,
}
dn = app.config.get('CREATE_DN').format(**d)
dn = app.config.get('USER_DN').format(**d)
attrs = {}
for k,v in app.config.get('CREATE_ATTRS').iteritems():
if type(v) == str:
@ -138,7 +138,11 @@ def login():
form = LoginForm()
if form.validate_on_submit():
user = 'cn=' + form.user.data + ',' + app.config.get('LDAP_BASE','')
user = ""
if form.user.data.endswith(app.config.get('LDAP_BASE','')):
user = form.user.data
else:
user = app.config.get('USER_DN').format(user=form.user.data)
pswd = form.pswd.data
l = ldap.initialize(app.config.get('LDAP_URI', 'ldaps://127.0.0.1'))
try: