def auth(self, username, password):
log.debug("Checking credentials for %s" % username)
- dn = self.get_dn_by_uid(username)
+ dn = self.get_dn(username)
if not dn:
- log.debug("Could not resolve username %s to dn" % username)
+ log.debug("Could not resolve %s to dn" % username)
return False
return self.bind(dn, password)
log.debug("DN for uid %s is: %s" % (uid, dn))
return dn
- def get_user(self, uid, **kwargs):
+ def get_dn_by_mail(self, mail):
+ result = self.search("(&(objectClass=posixAccount)(mail=%s))" % mail, limit=1, attrlist=["uid"])
+
+ for dn, attrs in result:
+ return dn
+
+ log.debug("DN for mail %s is: %s" % (mail, dn))
+ return None
+
+ def get_dn(self, name):
+ return self.get_dn_by_uid(name) or self.get_dn_by_mail(name)
+
+ def get_user_by_mail(self, mail, **kwargs):
+ result = self.search("(&(objectClass=posixAccount)(mail=%s))" % mail, limit=1, **kwargs)
+ for dn, attrs in result:
+ return (dn, attrs)
+
+ return None
+
+ def get_user_by_dn(self, uid, **kwargs):
result = self.search("(&(objectClass=posixAccount)(uid=%s))" % uid, limit=1, **kwargs)
for dn, attrs in result:
return (dn, attrs)
- return (None, None)
\ No newline at end of file
+ return None
+
+ def get_user(self, name, **kwargs):
+ return self.get_user_by_dn(name, **kwargs) or self.get_user_by_mail(name, **kwargs)
if None in (name, password):
return
- # Search for the username in the database.
- # The user must not be deleted and must be activated.
- user = self._get_user("SELECT * FROM users WHERE name = %s AND \
- activated IS TRUE AND deleted IS FALSE", name)
+ # usually we will get an email address as name
+ user = self.get_by_email(name) or self.get_by_name(name)
- # If no user could be found, we search for a matching user in
- # the LDAP database
if not user:
+ # If no user could be found, we search for a matching user in
+ # the LDAP database
if not self.ldap.auth(name, password):
return
# If a LDAP user is found (and password matches), we will
# create a new local user with the information from LDAP.
- user = self.register_from_ldap(name)
+ user = self.create_from_ldap(name)
+
+ if not user.activated or user.deleted:
+ return
# Check if the password matches
if user.check_password(password):
def activated(self):
return self.data.activated
+ @property
+ def deleted(self):
+ return self.data.deleted
+
@property
def registered(self):
return self.data.registered