Logo Search packages:      
Sourcecode: zope-ldapuserfolder version File versions

def LDAPUserFolder::LDAPUserFolder::LDAPUserFolder::_lookupuser (   self,
  uid,
  pwd = None 
) [private]

    returns a unique RID and the groups a uid belongs to 
    as well as a dictionary containing user attributes

Definition at line 214 of file LDAPUserFolder.py.

00214                                         :
        """
            returns a unique RID and the groups a uid belongs to 
            as well as a dictionary containing user attributes
        """
        if self._login_attr == 'dn':
            users_base = uid
            search_str = 'objectClass=*'
        else:
            users_base = self.users_base
            search_str = '%s=%s' % (self._login_attr, uid)

        # Step 1: Bind either as the Manager or anonymously to look
        #         us the user from the login given
        if self._binduid_usage > 0:
            bind_dn = self._binduid
            bind_pwd = self._bindpwd
        else:
            bind_dn = bind_pwd = ''

        if self.verbose > 8:
            msg = '_lookupuser: Binding as "%s:%s"' % (bind_dn, bind_pwd)
            self._log.log(9, msg)

        known_attrs = self.getSchemaConfig().keys()

        res = self._delegate.search( base=users_base
                                   , scope=self.users_scope
                                   , filter=search_str
                                   , attrs=known_attrs
                                   , bind_dn=bind_dn
                                   , bind_pwd=bind_pwd
                                   )

        if res['size'] == 0 or res['exception']:
            msg = '_lookupuser: No user "%s" (%s)' % (uid, res['exception'])
            self.verbose > 3 and self._log.log(4, msg)
            return None, None, None

        user_attrs = res['results'][0]
        dn = user_attrs.get('dn')

        # Step 2: Re-bind using the password that was passed in and the DN we
        #         looked up in Step 1. This will catch bad passwords. If no
        #         password was handed in we bind according to the rules 
        #         configured with the Manager DN usage property.
        if pwd is not None and self._binduid_usage != 1:
            user_dn = dn
            user_pwd = pwd
        elif self._binduid_usage == 1:
            user_dn = self._binduid
            user_pwd = self._bindpwd

            # Even though I am now going to use the Manager DN and password
            # to do the "final" lookup I *must* ensure that the password, if
            # one was specified, is not a bad password. Since LDAP passwords
            # are one-way encoded I must ask the LDAP server itself to verify
            # the password, I cannot do it myself.
            if pwd is not None:
                try:
                    self._delegate.connect(bind_dn=dn, bind_pwd=pwd)
                except:
                    # Something went wrong, most likely bad credentials
                    msg = '_lookupuser: Binding as "%s:%s" fails' % (dn, pwd)
                    self.verbose > 3 and self._log.log(4, msg)
                    return None, None, None

        else:
            user_dn = user_pwd = ''

        if self.verbose > 8:
            msg = '_lookupuser: Re-binding as "%s:%s"' % (user_dn, user_pwd)
            self._log.log(9, msg)

        auth_res = self._delegate.search( base=dn
                                        , scope=BASE
                                        , filter='objectClass=*'
                                        , attrs=known_attrs
                                        , bind_dn=user_dn
                                        , bind_pwd=user_pwd
                                        )

        if auth_res['size'] == 0 or auth_res['exception']:
            msg = '_lookupuser: "%s" lookup fails bound as "%s"' % (dn, dn)
            self.verbose > 3 and self._log.log(4, msg)
            return None, None, None
        
        user_attrs = auth_res['results'][0]

        self.verbose > 4 and self._log.log(5,
             '_lookupUser: user_attrs = %s' % str(user_attrs))

        groups = list(self.getGroups(dn=dn, attr='cn', pwd=user_pwd))
        roles = self._mapRoles(groups)
        roles.extend(self._roles)

        return roles, dn, user_attrs


    security.declareProtected(manage_users, 'manage_reinit')
    def manage_reinit(self, REQUEST=None):


Generated by  Doxygen 1.6.0   Back to index