| 1 |
Index: ldapplugin/api.py |
|---|
| 2 |
=================================================================== |
|---|
| 3 |
--- ldapplugin/api.py (revision 2262) |
|---|
| 4 |
+++ ldapplugin/api.py (working copy) |
|---|
| 5 |
@@ -146,15 +146,24 @@ |
|---|
| 6 |
|
|---|
| 7 |
def _get_user_groups(self, username): |
|---|
| 8 |
"""Returns a list of all groups a user belongs to""" |
|---|
| 9 |
- ldap_groups = self._ldap.get_groups() |
|---|
| 10 |
+ ldap_groups = self._ldap.get_groups(self.util.get_group_rdn()) |
|---|
| 11 |
+ ## dump some useful debug |
|---|
| 12 |
+ ## outp = open("/tmp/trac2.log","a") |
|---|
| 13 |
groups = [] |
|---|
| 14 |
for group in ldap_groups: |
|---|
| 15 |
- if self._ldap.is_in_group(self.util.user_attrdn(username), group): |
|---|
| 16 |
- m = DN_RE.search(group) |
|---|
| 17 |
- if m: |
|---|
| 18 |
- groupname = GROUP_PREFIX + m.group('rdn') |
|---|
| 19 |
- if groupname not in groups: |
|---|
| 20 |
- groups.append(groupname) |
|---|
| 21 |
+ rdntuple = self.util.user_attrdn(username) |
|---|
| 22 |
+ for rdnitem in rdntuple: |
|---|
| 23 |
+ ## print >> outp, ("user: %s - trying group %s (userdn=%s)" % (username,group,rdnitem)) |
|---|
| 24 |
+ if group!=None: |
|---|
| 25 |
+ if self._ldap.is_in_group(rdnitem, group): |
|---|
| 26 |
+ m = DN_RE.search(group) |
|---|
| 27 |
+ if m: |
|---|
| 28 |
+ groupname = GROUP_PREFIX + m.group('rdn') |
|---|
| 29 |
+ if groupname not in groups: |
|---|
| 30 |
+ groups.append(groupname) |
|---|
| 31 |
+ ##print >> outp, (" group %s: found %s" % (group,groupname)) |
|---|
| 32 |
+ ##print >> outp, ("---") |
|---|
| 33 |
+ ##outp.close() |
|---|
| 34 |
return groups |
|---|
| 35 |
|
|---|
| 36 |
class LdapPermissionStore(Component): |
|---|
| 37 |
@@ -453,6 +462,9 @@ |
|---|
| 38 |
|
|---|
| 39 |
def is_group(self, username): |
|---|
| 40 |
return username.startswith(GROUP_PREFIX) |
|---|
| 41 |
+ |
|---|
| 42 |
+ def get_group_rdn(self): |
|---|
| 43 |
+ return self.group_rdn |
|---|
| 44 |
|
|---|
| 45 |
def create_dn(self, username): |
|---|
| 46 |
"""Create a user or group LDAP DN from his/its name""" |
|---|
| 47 |
@@ -471,11 +483,13 @@ |
|---|
| 48 |
|
|---|
| 49 |
def user_attrdn(self, user): |
|---|
| 50 |
"""Build the dn for a user""" |
|---|
| 51 |
+ # in all cases we return a list, even if the list |
|---|
| 52 |
+ # consists of one item |
|---|
| 53 |
if self.user_rdn: |
|---|
| 54 |
- return "%s=%s,%s,%s" % \ |
|---|
| 55 |
- (self.uidattr, user, self.user_rdn, self.basedn) |
|---|
| 56 |
+ rdntuple = self.user_rdn.split('|') |
|---|
| 57 |
+ return [ "%s=%s,%s,%s" % (self.uidattr, user, rdnitem, self.basedn) for rdnitem in rdntuple ] |
|---|
| 58 |
else: |
|---|
| 59 |
- return "%s=%s,%s" % (self.uidattr, user, self.basedn) |
|---|
| 60 |
+ return ["%s=%s,%s" % (self.uidattr, user, self.basedn)] |
|---|
| 61 |
|
|---|
| 62 |
def extract_user_from_dn(self, dn): |
|---|
| 63 |
m = DN_RE.search(dn) |
|---|
| 64 |
@@ -536,9 +550,12 @@ |
|---|
| 65 |
self._ds.unbind_s() |
|---|
| 66 |
self._ds = None |
|---|
| 67 |
|
|---|
| 68 |
- def get_groups(self): |
|---|
| 69 |
+ def get_groups(self, group_rdn): |
|---|
| 70 |
"""Return a list of available group dns""" |
|---|
| 71 |
- groups = self.get_dn(self.basedn, 'objectclass=' + self.groupname) |
|---|
| 72 |
+ if group_rdn: |
|---|
| 73 |
+ groups = self.get_dn("%s,%s" % (group_rdn,self.basedn), 'objectclass=' + self.groupname) |
|---|
| 74 |
+ else: |
|---|
| 75 |
+ groups = self.get_dn(self.basedn, 'objectclass=' + self.groupname) |
|---|
| 76 |
return groups |
|---|
| 77 |
|
|---|
| 78 |
def is_in_group(self, userdn, groupdn): |
|---|
