/usr/lib/python3/dist-packages/django_python3_ldap/utils.py is in python3-django-python3-ldap 0.9.8-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 | """
Some useful LDAP utilities.
"""
import re, binascii
from django.contrib.auth.hashers import make_password
from django.utils.encoding import force_text
from django.utils.module_loading import import_string
from django.utils import six
from django_python3_ldap.conf import settings
def import_func(func):
if callable(func):
return func
elif isinstance(func, six.string_types):
return import_string(func)
raise AttributeError("Expected a function {0!r}".format(func))
def clean_ldap_name(name):
"""
Transforms the given name into a form that
won't interfere with LDAP queries.
"""
return re.sub(r'[^a-zA-Z0-9 _\-.@]', lambda c: "\\" + force_text(binascii.hexlify(c.group(0).encode("latin-1", errors="ignore"))).upper(), force_text(name))
def convert_model_fields_to_ldap_fields(model_fields):
"""
Converts a set of model fields into a set of corresponding
LDAP fields.
"""
return {
settings.LDAP_AUTH_USER_FIELDS[field_name]: field_value
for field_name, field_value
in model_fields.items()
}
def format_search_filter(model_fields):
"""
Creates an LDAP search filter for the given set of model
fields.
"""
ldap_fields = convert_model_fields_to_ldap_fields(model_fields);
ldap_fields["objectClass"] = settings.LDAP_AUTH_OBJECT_CLASS
search_filters = import_func(settings.LDAP_AUTH_FORMAT_SEARCH_FILTERS)(ldap_fields)
return "(&{})".format("".join(search_filters));
def clean_user_data(model_fields):
"""
Transforms the user data loaded from
LDAP into a form suitable for creating a user.
"""
# Create an unusable password for the user.
model_fields["password"] = make_password(None)
return model_fields
def format_username_openldap(model_fields):
"""
Formats a user identifier into a username suitable for
binding to an OpenLDAP server.
"""
return "{user_identifier},{search_base}".format(
user_identifier = ",".join(
"{attribute_name}={field_value}".format(
attribute_name = clean_ldap_name(field_name),
field_value = clean_ldap_name(field_value),
)
for field_name, field_value
in convert_model_fields_to_ldap_fields(model_fields).items()
),
search_base = settings.LDAP_AUTH_SEARCH_BASE,
)
def format_username_active_directory(model_fields):
"""
Formats a user identifier into a username suitable for
binding to an Active Directory server.
"""
username = model_fields["username"]
if settings.LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN:
username = "{domain}\\{username}".format(
domain = settings.LDAP_AUTH_ACTIVE_DIRECTORY_DOMAIN,
username = username,
)
return username
def sync_user_relations(user, ldap_attributes):
# do nothing by default
pass
def format_search_filters(ldap_fields):
return [
"({attribute_name}={field_value})".format(
attribute_name = clean_ldap_name(field_name),
field_value = clean_ldap_name(field_value),
)
for field_name, field_value
in ldap_fields.items()
]
|