[Rt-commit] rt branch, 4.4/add-ldap-email-authentication, repushed
Blaine Motsinger
blaine at bestpractical.com
Fri Jan 29 20:03:29 EST 2021
The branch 4.4/add-ldap-email-authentication was deleted and repushed:
was f0a107b699e5f9eaf1abe87a9ace08cbe71655a0
now 64f64c1521c0abddf5bc88cc6a195d9654dc9fcc
1: ed3ec68cfc ! 1: 57b60e5c77 Add LDAP email authentication
@@ -41,18 +41,18 @@
$session->{'CurrentUser'} = RT::CurrentUser->new();
- $session->{'CurrentUser'}->Load($username);
+
-+ if ( ref $exists && defined $exists->{'EmailAddress'} && $exists->{'EmailAddress'} eq $username ) {
-+ $session->{'CurrentUser'}->LoadByEmail($username);
-+ }
-+ else {
-+ $session->{'CurrentUser'}->Load($username);
-+ }
-+
-+ # If LDAP search found the user, and Name was returned, ensure $username is set to Name.
-+ # We want to try and ensure the autocreated user below has Name as name and not EmailAddress.
-+ if ( ref $exists && $exists->{'Name'} ) {
-+ $username = $exists->{'Name'};
-+ }
++ # If a user was found during the LDAP search in UserExists, we need to ensure
++ # $username is Name instead of EmailAddress, if the user used that to auth.
++ if ( ref $exists eq 'RT::User' ) {
++ $username = $exists->Name;
++ }
++ # This check is strange, but we need to also allow for other ExternalAuth types to return 1
++ # for UserExists, while still checking for a valid username from LDAP.
++ elsif ( $exists !~ /^1$/ ) {
++ $username = $exists;
++ }
++
++ $session->{CurrentUser}->Load($username);
# Unless we have loaded a valid user with a UserID create one.
unless ($session->{'CurrentUser'}->Id) {
@@ -68,7 +68,7 @@
+
+ foreach my $attr_match (@{$attr_match_list}) {
+ push @attrs, $attr_map->{$attr_match}
-+ if exists $attr_map->{$attr_match} && defined $attr_map->{$attr_match};
++ if defined $attr_map->{$attr_match};
+ }
# Make sure we fetch the user attribute we'll need for the group check
@@ -88,7 +88,7 @@
+ # loop over each of the attr_match_list members for LDAP search
+ my $ldap_msg;
+ foreach my $attr_match ( @{$attr_match_list} ) {
-+ unless ( exists $attr_map->{$attr_match} && defined $attr_map->{$attr_match} ) {
++ unless ( defined $attr_map->{$attr_match} ) {
+ $RT::Logger->error( "Invalid LDAP mapping for $attr_match, no defined fields in attr_map" );
+ next;
+ }
@@ -223,22 +223,18 @@
+ my @attrs;
+ foreach my $attr_match (@{$attr_match_list}) {
+ push @attrs, $attr_map->{$attr_match}
-+ if exists $attr_map->{$attr_match} && defined $attr_map->{$attr_match};
++ if defined $attr_map->{$attr_match};
}
- my $ldap = _GetBoundLdapObj($config);
- return unless $ldap;
+ # Ensure we try to get back a Name value from LDAP on the initial LDAP search.
-+ my $name_attr;
-+ if ( defined $attr_map->{'Name'} ) {
-+ push @attrs, $attr_map->{'Name'};
-+ $name_attr = $attr_map->{'Name'};
-+ }
++ push @attrs, $attr_map->{'Name'};
- my @attrs = values(%{$config->{'attr_map'}});
+ # loop over each of the attr_match_list members for the initial lookup
+ foreach my $attr_match ( @{$attr_match_list} ) {
-+ unless ( exists $attr_map->{$attr_match} && defined $attr_map->{$attr_match} ) {
++ unless ( defined $attr_map->{$attr_match} ) {
+ $RT::Logger->error( "Invalid LDAP mapping for $attr_match, no defined fields in attr_map" );
+ next;
+ }
@@ -325,16 +321,21 @@
+ next;
+ }
+ else {
-+ # User was found
-+ my $match = {
-+ $attr_match => $username,
-+ };
-+
-+ if ( $attr_match ne 'Name' && $name_attr ) {
++ # User was found in LDAP
++ my $match = RT::User->new($RT::SystemUser);
++ if ( $attr_match eq 'EmailAddress' ) {
++ $match->LoadByEmail($username);
++ }
++ else {
++ $match->Load($username);
++ }
++
++ # If the user doesn't exist in RT, return the Name value we got from LDAP
++ # incase we need to create the user in RT.
++ unless ( $match->Id ) {
+ my $ldap_entry = $user_found->first_entry;
-+ my $name_value = $ldap_entry->get_value($name_attr);
-+
-+ $match->{'Name'} = $name_value;
++ my $name_value = $ldap_entry->get_value($attr_map->{'Name'});
++ $match = $name_value;
+ }
+
+ return $match;
2: f0a107b699 = 2: 64f64c1521 Add test for LDAP attr search and match
More information about the rt-commit
mailing list