[Rt-commit] rt branch, 4.4/add-ldap-email-authentication, repushed
? sunnavy
sunnavy at bestpractical.com
Wed Feb 3 16:57:09 EST 2021
The branch 4.4/add-ldap-email-authentication was deleted and repushed:
was 6d978cb6f30325dd961bd5bd9c3a95f37d0f8d2e
now d2a595fcdb58713e0596e89317e4fe11b3b4b632
1: 909b322ee4 ! 1: 63c81c99b9 Add LDAP email authentication
@@ -398,94 +398,37 @@
sub UserDisabled {
@@
+ my ($username,$service) = @_;
+
+ # FIRST, check that the user exists in the LDAP service
+- unless(UserExists($username,$service)) {
++ my $field = UserExists( $username, $service );
++
++ unless($field) {
+ $RT::Logger->debug("User (",$username,") doesn't exist! - Assuming not disabled for the purposes of disable checking");
return 0;
}
+@@
+ return 0;
+ }
- if (defined($config->{'attr_map'}->{'Name'})) {
-- # Construct the complex filter
-- $search_filter = Net::LDAP::Filter->new( '(&' .
-- $filter .
-- $d_filter .
-- '(' .
++ if (defined($config->{'attr_map'}->{$field})) {
+ # Construct the complex filter
+ $search_filter = Net::LDAP::Filter->new( '(&' .
+ $filter .
+ $d_filter .
+ '(' .
- $config->{'attr_map'}->{'Name'} .
-- '=' .
-- escape_filter_value($username) .
-- '))'
-- );
-- } else {
++ $config->{'attr_map'}->{$field} .
+ '=' .
+ escape_filter_value($username) .
+ '))'
+ );
+ } else {
- $RT::Logger->debug("You haven't specified an LDAP attribute to match the RT \"Name\" attribute for this service (",
-- $service,
-- "), so it's impossible look up the disabled status of this user (",
-- $username,
-- ") so I'm just going to assume the user is not disabled");
-- return 0;
--
-- }
--
- my $ldap = _GetBoundLdapObj($config);
-- next unless $ldap;
-+ return unless $ldap;
-
-- # We only need the UID for confirmation now,
-- # the other information would waste time and bandwidth
-- my @attrs = ('uid');
-+ my $attr_map = $config->{'attr_map'};
-+ my $attr_match_list = $config->{'attr_match_list'};
-+ my @attrs = 'uid';
-
-- $RT::Logger->debug( "LDAP Search === ",
-- "Base:",
-- $base,
-- "== Filter:",
-- ($search_filter ? $search_filter->as_string : ''),
-- "== Attrs:",
-- join(',', at attrs));
-+ foreach my $attr_match ( @{$attr_match_list} ) {
-+ unless ( defined $attr_map->{$attr_match} ) {
-+ $RT::Logger->error("Invalid LDAP mapping for $attr_match, no defined fields in attr_map");
-+ next;
-+ }
-
-- my $disabled_users = $ldap->search(base => $base,
-- filter => $search_filter,
-- attrs => \@attrs);
-- # If ANY results are returned,
-- # we are going to assume the user should be disabled
-- if ($disabled_users->count) {
-- undef $disabled_users;
-- return 1;
-- } else {
-- undef $disabled_users;
-- return 0;
-+ my $search_filter = Net::LDAP::Filter->new(
-+ '(&' . $filter . $d_filter . '(' . $attr_map->{$attr_match} . '=' . escape_filter_value($username) . '))' );
-+
-+ # Check that the user exists in the LDAP service
-+ $RT::Logger->debug(
-+ "LDAP Search === ",
-+ "Base:", $base, "== Filter:", ( $search_filter ? $search_filter->as_string : '' ),
-+ "== Attrs:", join( ',', @attrs )
-+ );
-+
-+ my $disabled_users = $ldap->search(
-+ base => $base,
-+ filter => $search_filter,
-+ attrs => \@attrs
-+ );
-+
-+ # If ANY results are returned,
-+ # we are going to assume the user should be disabled
-+ if ( $disabled_users->count ) {
-+ undef $disabled_users;
-+ return 1;
-+ }
-+ else {
-+ undef $disabled_users;
-+ return 0;
-+ }
- }
-+ return 0;
- }
- # {{{ sub _GetBoundLdapObj
-
++ $RT::Logger->debug("You haven't specified an LDAP attribute to match the RT \"$field\" attribute for this service (",
+ $service,
+ "), so it's impossible look up the disabled status of this user (",
+ $username,
2: 6d978cb6f3 = 2: d2a595fcdb Add tests for user email login
More information about the rt-commit
mailing list