From 9ad7d647628a3b4071a461a4e0a71c9b67fddbe9 Mon Sep 17 00:00:00 2001 From: Kevin Li Date: Tue, 21 May 2019 15:01:02 +0800 Subject: [PATCH 01/16] Create Dockerfile --- Dockerfile | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..0d7effe --- /dev/null +++ b/Dockerfile @@ -0,0 +1,19 @@ +FROM python:2-alpine + +WORKDIR /usr/src/app +ADD . /usr/src/app + +ENV DATAROOTDIR /usr/share +ENV SYSCONFDIR /etc + +RUN apk add --no-cache libldap && \ + apk add --no-cache --virtual build-dependencies build-base yaml-dev openldap-dev && \ + python setup.py install && \ + apk del build-dependencies && \ + cp -v conf/* /etc/ldapcherry && \ + adduser -S ldapcherry && \ + rm -rf /usr/src/app + +USER ldapcherry + +CMD [ "ldapcherryd", "-c", "/etc/ldapcherry/ldapcherry.ini", "-D" ] From 7cfa183ed95a010b90f1a030defddd3710814f11 Mon Sep 17 00:00:00 2001 From: Kevin Li Date: Tue, 21 May 2019 15:26:49 +0800 Subject: [PATCH 02/16] Update backendAD.py --- ldapcherry/backend/backendAD.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ldapcherry/backend/backendAD.py b/ldapcherry/backend/backendAD.py index 9483390..e5db15f 100644 --- a/ldapcherry/backend/backendAD.py +++ b/ldapcherry/backend/backendAD.py @@ -112,7 +112,7 @@ class Backend(ldapcherry.backend.backendLdap.Backend): self.starttls = self.get_param('starttls', 'off') self.uri = self.get_param('uri') self.timeout = self.get_param('timeout', 1) - self.userdn = 'CN=Users,' + basedn + self.userdn = 'OU=Users,OU=' + self.domain.split(".")[0] + "," + basedn self.groupdn = self.userdn self.builtin = 'CN=Builtin,' + basedn self.user_filter_tmpl = '(sAMAccountName=%(username)s)' From fe8539e2e6be66aba7e47aa01ee737af2ed9f20a Mon Sep 17 00:00:00 2001 From: Kevin Li Date: Tue, 21 May 2019 15:57:52 +0800 Subject: [PATCH 03/16] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 0d7effe..0ee9be5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM python:2-alpine +FROM python:3-alpine WORKDIR /usr/src/app ADD . /usr/src/app From 7af125550c054fb300c1868f22da70cd13235dae Mon Sep 17 00:00:00 2001 From: Kevin Li Date: Thu, 23 May 2019 12:41:41 +0800 Subject: [PATCH 04/16] read credentials from environment variables --- ChangeLog.rst | 11 ++++++++--- Dockerfile | 2 ++ ldapcherry/backend/backendAD.py | 4 ++-- ldapcherry/backend/backendLdap.py | 2 +- ldapcherry/version.py | 2 +- 5 files changed, 14 insertions(+), 7 deletions(-) diff --git a/ChangeLog.rst b/ChangeLog.rst index 883f28a..91575c3 100644 --- a/ChangeLog.rst +++ b/ChangeLog.rst @@ -1,6 +1,11 @@ Dev *** +Version 1.1.2 +************* + +* [feat] read credentials from environment variables + Version 1.1.1 ************* @@ -72,7 +77,7 @@ Version 0.3.5 Version 0.3.4 ************* -* [impr] focus on first field for all forms +* [impr] focus on first field for all forms * [impr] add icon in navbar to return on / Version 0.3.3 @@ -117,7 +122,7 @@ Version 0.2.3 ************* * [fix ] notifications missing in case of multiple notification waiting to be displayed -* [fix ] password handling for Active Directory backend +* [fix ] password handling for Active Directory backend * [fix ] default attribute value handling * [fix ] corrections on exemple configuration * [impr] explicite mandatory attributes for Active Directory backend @@ -131,7 +136,7 @@ Version 0.2.2 Version 0.2.1 ************* -* [fix ] fix doc +* [fix ] fix doc Version 0.2.0 ************* diff --git a/Dockerfile b/Dockerfile index 0ee9be5..1aa78ad 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,6 +5,8 @@ ADD . /usr/src/app ENV DATAROOTDIR /usr/share ENV SYSCONFDIR /etc +ENV AD_LOGIN administrator +ENV PASSWORD password RUN apk add --no-cache libldap && \ apk add --no-cache --virtual build-dependencies build-base yaml-dev openldap-dev && \ diff --git a/ldapcherry/backend/backendAD.py b/ldapcherry/backend/backendAD.py index e5db15f..d53eb64 100644 --- a/ldapcherry/backend/backendAD.py +++ b/ldapcherry/backend/backendAD.py @@ -103,10 +103,10 @@ class Backend(ldapcherry.backend.backendLdap.Backend): self.backend_name = name self.backend_display_name = self.get_param('display_name') self.domain = self.get_param('domain') - self.login = self.get_param('login') + self.login = os.getenv("AD_LOGIN", self.get_param('login')) basedn = 'dc=' + re.sub(r'\.', ',DC=', self.domain) self.binddn = self.get_param('login') + '@' + self.domain - self.bindpassword = self.get_param('password') + self.bindpassword = os.getenv("PASSWORD", self.get_param('password')) self.ca = self.get_param('ca', False) self.checkcert = self.get_param('checkcert', 'on') self.starttls = self.get_param('starttls', 'off') diff --git a/ldapcherry/backend/backendLdap.py b/ldapcherry/backend/backendLdap.py index d6215cc..8fdf5f3 100644 --- a/ldapcherry/backend/backendLdap.py +++ b/ldapcherry/backend/backendLdap.py @@ -59,7 +59,7 @@ class Backend(ldapcherry.backend.Backend): self.backend_name = name self.backend_display_name = self.get_param('display_name') self.binddn = self.get_param('binddn') - self.bindpassword = self.get_param('password') + self.bindpassword = os.getenv("PASSWORD", self.get_param('password')) self.ca = self.get_param('ca', False) self.checkcert = self.get_param('checkcert', 'on') self.starttls = self.get_param('starttls', 'off') diff --git a/ldapcherry/version.py b/ldapcherry/version.py index 4ce55d1..45fdd7b 100644 --- a/ldapcherry/version.py +++ b/ldapcherry/version.py @@ -5,4 +5,4 @@ # ldapCherry # Copyright (c) 2014 Carpentier Pierre-Francois -version = '1.1.1' +version = '1.1.2' From bc1f3800842c6399a6fb1c0167386b662431ce80 Mon Sep 17 00:00:00 2001 From: Kevin Li Date: Thu, 23 May 2019 13:50:21 +0800 Subject: [PATCH 05/16] bug fix --- ldapcherry/backend/backendAD.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ldapcherry/backend/backendAD.py b/ldapcherry/backend/backendAD.py index d53eb64..bb84bf3 100644 --- a/ldapcherry/backend/backendAD.py +++ b/ldapcherry/backend/backendAD.py @@ -105,7 +105,7 @@ class Backend(ldapcherry.backend.backendLdap.Backend): self.domain = self.get_param('domain') self.login = os.getenv("AD_LOGIN", self.get_param('login')) basedn = 'dc=' + re.sub(r'\.', ',DC=', self.domain) - self.binddn = self.get_param('login') + '@' + self.domain + self.binddn = self.login + '@' + self.domain self.bindpassword = os.getenv("PASSWORD", self.get_param('password')) self.ca = self.get_param('ca', False) self.checkcert = self.get_param('checkcert', 'on') From e90f27bc8d97fbb8cecba939e1a24f3324a78592 Mon Sep 17 00:00:00 2001 From: Kevin Li Date: Mon, 8 Jul 2019 20:48:53 +0800 Subject: [PATCH 06/16] Updated AD backend for user creation --- ldapcherry/backend/backendAD.py | 31 ++++++++++++++++++++++++++++++- ldapcherry/version.py | 2 +- 2 files changed, 31 insertions(+), 2 deletions(-) diff --git a/ldapcherry/backend/backendAD.py b/ldapcherry/backend/backendAD.py index bb84bf3..7fb5c64 100644 --- a/ldapcherry/backend/backendAD.py +++ b/ldapcherry/backend/backendAD.py @@ -200,6 +200,12 @@ class Backend(ldapcherry.backend.backendLdap.Backend): else: dn = self._byte_p2(name) + ldap_client.modify_s( + dn, + [(ldap.MOD_REPLACE, 'unicodePwd', [password_value])] + ) + return + attrs = {} attrs['unicodePwd'] = self._modlist(self._byte_p2(password_value)) @@ -217,8 +223,31 @@ class Backend(ldapcherry.backend.backendLdap.Backend): def add_user(self, attrs): password = attrs['unicodePwd'] del(attrs['unicodePwd']) + attrs['userPrincipalName'] = '%(name)s@%(domain)s' % { + 'name': attrs['sAMAccountName'], 'domain': self.domain + } super(Backend, self).add_user(attrs) - self._set_password(attrs['cn'], password) + + ldap_client = self._bind() + + dn = self._byte_p2('CN=%(cn)s,%(user_dn)s' % { + 'cn': attrs['cn'], 'user_dn': self.userdn + }) + + # Set password + encoded_password = '"{}"'.format(password).encode('utf-16-le') + ldap_client.modify_s( + dn, + [(ldap.MOD_REPLACE, 'unicodePwd', [encoded_password])] + ) + + # Enable user account + ldap_client.modify_s( + dn, + [(ldap.MOD_REPLACE, 'UserAccountControl', [b'512'])] + ) + + ldap_client.unbind_s() def set_attrs(self, username, attrs): if 'unicodePwd' in attrs: diff --git a/ldapcherry/version.py b/ldapcherry/version.py index 45fdd7b..5a89ad8 100644 --- a/ldapcherry/version.py +++ b/ldapcherry/version.py @@ -5,4 +5,4 @@ # ldapCherry # Copyright (c) 2014 Carpentier Pierre-Francois -version = '1.1.2' +version = '1.1.3' From 330df3eaa5bf92849a765e5f4360b5efa6369243 Mon Sep 17 00:00:00 2001 From: Kevin Li Date: Mon, 8 Jul 2019 21:05:21 +0800 Subject: [PATCH 07/16] Removed debug flag from Dockerfile --- Dockerfile | 2 +- ldapcherry/version.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1aa78ad..5ad7787 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,4 +18,4 @@ RUN apk add --no-cache libldap && \ USER ldapcherry -CMD [ "ldapcherryd", "-c", "/etc/ldapcherry/ldapcherry.ini", "-D" ] +CMD ["ldapcherryd", "-c", "/etc/ldapcherry/ldapcherry.ini"] diff --git a/ldapcherry/version.py b/ldapcherry/version.py index 5a89ad8..4602577 100644 --- a/ldapcherry/version.py +++ b/ldapcherry/version.py @@ -5,4 +5,4 @@ # ldapCherry # Copyright (c) 2014 Carpentier Pierre-Francois -version = '1.1.3' +version = '1.1.4' From b6cba42b857702c81ee88c5a13fad3bd5c1ca490 Mon Sep 17 00:00:00 2001 From: Christian Connert Date: Tue, 9 Jul 2019 15:14:42 +0200 Subject: [PATCH 08/16] Added checks to avoid unnecessary updates when the attribute did not change and extended delete to remove user from groups --- ldapcherry/backend/backendLdap.py | 84 +++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) diff --git a/ldapcherry/backend/backendLdap.py b/ldapcherry/backend/backendLdap.py index 8fdf5f3..7440304 100644 --- a/ldapcherry/backend/backendLdap.py +++ b/ldapcherry/backend/backendLdap.py @@ -460,12 +460,82 @@ class Backend(ldapcherry.backend.Backend): dn = self._byte_p2(self._get_user(self._byte_p2(username), NO_ATTR)) # delete if dn is not None: + groups = self.get_groups(username) + self._logger( + severity=logging.DEBUG, + msg="%(backend)s: removing user '%(user)s' from '%(group)s'" % { + 'user': username, + 'group': groups, + 'backend': self.backend_name + } + ) + self.del_from_groups(username, groups) ldap_client.delete_s(dn) else: ldap_client.unbind_s() raise UserDoesntExist(username, self.backend_name) ldap_client.unbind_s() + def __isModify(self, username, attrs, old_attrs, attr): + modify = True + # early exit + if old_attrs.get(attr) is None: + return modify + # various modification checks + if type(old_attrs[attr]) is list: + if type(attrs[attr]) is list: + if old_attrs[attr] == attrs[attr]: + self._logger( + severity=logging.DEBUG, + msg="%(backend)s: skipping modification of equal-attribute '%(attr)s'" + "/'%(oldAttr)s' for user '%(user)s'" % { + 'user': username, + 'attr': attrs[attr], + 'oldAttr': old_attrs[attr], + 'backend': self.backend_name + } + ) + modify = False + if attrs[attr] in old_attrs[attr]: + self._logger( + severity=logging.DEBUG, + msg="%(backend)s: skipping modification of attribute '%(attr)s'" + " for user '%(user)s' as it is contained by '%(oldAttr)s'" % { + 'user': username, + 'attr': attrs[attr], + 'oldAttr': old_attrs[attr], + 'backend': self.backend_name + } + ) + modify = False + else: + if type(attrs[attr]) is list: + if old_attrs[attr] in attrs[attr]: + self._logger( + severity=logging.DEBUG, + msg="%(backend)s: skipping modification of contained-attribute '%(attr)s' " + "for user '%(user)s'" % { + 'user': username, + 'attr': attrs[attr], + 'backend': self.backend_name + } + ) + modify = False + else: + if attrs[attr] == old_attrs[attr]: + self._logger( + severity=logging.DEBUG, + msg="%(backend)s: skipping modification of equal-attribute '%(attr)s'" + "/'%(oldAttr)s' for user '%(user)s'" % { + 'user': username, + 'attr': attrs[attr], + 'oldAttr': old_attrs[attr], + 'backend': self.backend_name + } + ) + modify = False + return modify + def set_attrs(self, username, attrs): """ set user attributes""" ldap_client = self._bind() @@ -475,6 +545,20 @@ class Backend(ldapcherry.backend.Backend): dn = self._byte_p2(tmp[0]) old_attrs = tmp[1] for attr in attrs: + # skip equal attributes + if not self.__isModify(username, attrs, old_attrs, attr): + continue + else: + self._logger( + severity=logging.DEBUG, + msg="%(backend)s: modifying user '%(user)s':" + " '%(attr)s' vs. '%(oldAttr)s'" % { + 'user': username, + 'attr': attrs[attr], + 'oldAttr': old_attrs.get(attr), + 'backend': self.backend_name + } + ) bcontent = self._byte_p2(attrs[attr]) battr = self._byte_p2(attr) new = {battr: self._modlist(self._byte_p3(bcontent))} From dcd7162ca92594127e3de911daf1e0dd3d5bd539 Mon Sep 17 00:00:00 2001 From: Christian Connert Date: Tue, 9 Jul 2019 15:15:59 +0200 Subject: [PATCH 09/16] Added extended Uid function --- resources/static/js/lc-filler.js | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/resources/static/js/lc-filler.js b/resources/static/js/lc-filler.js index 4bfb5f3..1aa6fa3 100644 --- a/resources/static/js/lc-filler.js +++ b/resources/static/js/lc-filler.js @@ -7,16 +7,26 @@ * */ +function normalizeName(name) { + return removeDiacritics(name).toLowerCase().replace(/[^a-z]/g, ''); +} + +function lcUidExt(firstname, lastname, firstnameEnd, lastnameEnd){ + return normalizeName(firstname).substring(0, parseInt(firstnameEnd))+normalizeName(lastname).substring(0,parseInt(lastnameEnd)); +} + function lcUid(firstname, lastname){ - var ascii_firstname = removeDiacritics(firstname).toLowerCase().replace(/[^a-z]/g, ''); - var ascii_lastname = removeDiacritics(lastname).toLowerCase().replace(/[^a-z]/g, ''); - return ascii_firstname.charAt(0)+ascii_lastname.substring(0,7); + return lcUidExt(firstname, lastname, 0, 7); } function lcDisplayName(firstname, lastname){ return firstname+' '+lastname; } +function lcMailExt(firstname, lastname, domain, firstnameEnd, lastnameEnd){ + return lcUidExt(firstname, lastname, firstnameEnd, lastnameEnd)+domain; +} + function lcMail(firstname, lastname, domain){ return lcUid(firstname, lastname)+domain; } From e196098c6c3562720154175398440df95964e3e9 Mon Sep 17 00:00:00 2001 From: Christian Connert Date: Tue, 9 Jul 2019 15:18:45 +0200 Subject: [PATCH 10/16] Revert "Removed debug flag from Dockerfile" This reverts commit 330df3eaa5bf92849a765e5f4360b5efa6369243. --- Dockerfile | 2 +- ldapcherry/version.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5ad7787..1aa78ad 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,4 +18,4 @@ RUN apk add --no-cache libldap && \ USER ldapcherry -CMD ["ldapcherryd", "-c", "/etc/ldapcherry/ldapcherry.ini"] +CMD [ "ldapcherryd", "-c", "/etc/ldapcherry/ldapcherry.ini", "-D" ] diff --git a/ldapcherry/version.py b/ldapcherry/version.py index 4602577..5a89ad8 100644 --- a/ldapcherry/version.py +++ b/ldapcherry/version.py @@ -5,4 +5,4 @@ # ldapCherry # Copyright (c) 2014 Carpentier Pierre-Francois -version = '1.1.4' +version = '1.1.3' From f58afbcdd9ae3551060be1f6c3b3c98200827e28 Mon Sep 17 00:00:00 2001 From: Christian Connert Date: Tue, 9 Jul 2019 15:18:55 +0200 Subject: [PATCH 11/16] Revert "Updated AD backend for user creation" This reverts commit e90f27bc8d97fbb8cecba939e1a24f3324a78592. --- ldapcherry/backend/backendAD.py | 31 +------------------------------ ldapcherry/version.py | 2 +- 2 files changed, 2 insertions(+), 31 deletions(-) diff --git a/ldapcherry/backend/backendAD.py b/ldapcherry/backend/backendAD.py index 7fb5c64..bb84bf3 100644 --- a/ldapcherry/backend/backendAD.py +++ b/ldapcherry/backend/backendAD.py @@ -200,12 +200,6 @@ class Backend(ldapcherry.backend.backendLdap.Backend): else: dn = self._byte_p2(name) - ldap_client.modify_s( - dn, - [(ldap.MOD_REPLACE, 'unicodePwd', [password_value])] - ) - return - attrs = {} attrs['unicodePwd'] = self._modlist(self._byte_p2(password_value)) @@ -223,31 +217,8 @@ class Backend(ldapcherry.backend.backendLdap.Backend): def add_user(self, attrs): password = attrs['unicodePwd'] del(attrs['unicodePwd']) - attrs['userPrincipalName'] = '%(name)s@%(domain)s' % { - 'name': attrs['sAMAccountName'], 'domain': self.domain - } super(Backend, self).add_user(attrs) - - ldap_client = self._bind() - - dn = self._byte_p2('CN=%(cn)s,%(user_dn)s' % { - 'cn': attrs['cn'], 'user_dn': self.userdn - }) - - # Set password - encoded_password = '"{}"'.format(password).encode('utf-16-le') - ldap_client.modify_s( - dn, - [(ldap.MOD_REPLACE, 'unicodePwd', [encoded_password])] - ) - - # Enable user account - ldap_client.modify_s( - dn, - [(ldap.MOD_REPLACE, 'UserAccountControl', [b'512'])] - ) - - ldap_client.unbind_s() + self._set_password(attrs['cn'], password) def set_attrs(self, username, attrs): if 'unicodePwd' in attrs: diff --git a/ldapcherry/version.py b/ldapcherry/version.py index 5a89ad8..45fdd7b 100644 --- a/ldapcherry/version.py +++ b/ldapcherry/version.py @@ -5,4 +5,4 @@ # ldapCherry # Copyright (c) 2014 Carpentier Pierre-Francois -version = '1.1.3' +version = '1.1.2' From 04e40884c880deeee7b378c5a2db8653b74b1e61 Mon Sep 17 00:00:00 2001 From: Christian Connert Date: Tue, 9 Jul 2019 15:19:01 +0200 Subject: [PATCH 12/16] Revert "bug fix" This reverts commit bc1f3800842c6399a6fb1c0167386b662431ce80. --- ldapcherry/backend/backendAD.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ldapcherry/backend/backendAD.py b/ldapcherry/backend/backendAD.py index bb84bf3..d53eb64 100644 --- a/ldapcherry/backend/backendAD.py +++ b/ldapcherry/backend/backendAD.py @@ -105,7 +105,7 @@ class Backend(ldapcherry.backend.backendLdap.Backend): self.domain = self.get_param('domain') self.login = os.getenv("AD_LOGIN", self.get_param('login')) basedn = 'dc=' + re.sub(r'\.', ',DC=', self.domain) - self.binddn = self.login + '@' + self.domain + self.binddn = self.get_param('login') + '@' + self.domain self.bindpassword = os.getenv("PASSWORD", self.get_param('password')) self.ca = self.get_param('ca', False) self.checkcert = self.get_param('checkcert', 'on') From 21c8438587436452ed1c1c3a7fac0da9bfd19b70 Mon Sep 17 00:00:00 2001 From: Christian Connert Date: Tue, 9 Jul 2019 15:19:14 +0200 Subject: [PATCH 13/16] Revert "read credentials from environment variables" This reverts commit 7af125550c054fb300c1868f22da70cd13235dae. --- ChangeLog.rst | 11 +++-------- Dockerfile | 2 -- ldapcherry/backend/backendAD.py | 4 ++-- ldapcherry/backend/backendLdap.py | 2 +- ldapcherry/version.py | 2 +- 5 files changed, 7 insertions(+), 14 deletions(-) diff --git a/ChangeLog.rst b/ChangeLog.rst index 91575c3..883f28a 100644 --- a/ChangeLog.rst +++ b/ChangeLog.rst @@ -1,11 +1,6 @@ Dev *** -Version 1.1.2 -************* - -* [feat] read credentials from environment variables - Version 1.1.1 ************* @@ -77,7 +72,7 @@ Version 0.3.5 Version 0.3.4 ************* -* [impr] focus on first field for all forms +* [impr] focus on first field for all forms * [impr] add icon in navbar to return on / Version 0.3.3 @@ -122,7 +117,7 @@ Version 0.2.3 ************* * [fix ] notifications missing in case of multiple notification waiting to be displayed -* [fix ] password handling for Active Directory backend +* [fix ] password handling for Active Directory backend * [fix ] default attribute value handling * [fix ] corrections on exemple configuration * [impr] explicite mandatory attributes for Active Directory backend @@ -136,7 +131,7 @@ Version 0.2.2 Version 0.2.1 ************* -* [fix ] fix doc +* [fix ] fix doc Version 0.2.0 ************* diff --git a/Dockerfile b/Dockerfile index 1aa78ad..0ee9be5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,8 +5,6 @@ ADD . /usr/src/app ENV DATAROOTDIR /usr/share ENV SYSCONFDIR /etc -ENV AD_LOGIN administrator -ENV PASSWORD password RUN apk add --no-cache libldap && \ apk add --no-cache --virtual build-dependencies build-base yaml-dev openldap-dev && \ diff --git a/ldapcherry/backend/backendAD.py b/ldapcherry/backend/backendAD.py index d53eb64..e5db15f 100644 --- a/ldapcherry/backend/backendAD.py +++ b/ldapcherry/backend/backendAD.py @@ -103,10 +103,10 @@ class Backend(ldapcherry.backend.backendLdap.Backend): self.backend_name = name self.backend_display_name = self.get_param('display_name') self.domain = self.get_param('domain') - self.login = os.getenv("AD_LOGIN", self.get_param('login')) + self.login = self.get_param('login') basedn = 'dc=' + re.sub(r'\.', ',DC=', self.domain) self.binddn = self.get_param('login') + '@' + self.domain - self.bindpassword = os.getenv("PASSWORD", self.get_param('password')) + self.bindpassword = self.get_param('password') self.ca = self.get_param('ca', False) self.checkcert = self.get_param('checkcert', 'on') self.starttls = self.get_param('starttls', 'off') diff --git a/ldapcherry/backend/backendLdap.py b/ldapcherry/backend/backendLdap.py index 7440304..3febdc0 100644 --- a/ldapcherry/backend/backendLdap.py +++ b/ldapcherry/backend/backendLdap.py @@ -59,7 +59,7 @@ class Backend(ldapcherry.backend.Backend): self.backend_name = name self.backend_display_name = self.get_param('display_name') self.binddn = self.get_param('binddn') - self.bindpassword = os.getenv("PASSWORD", self.get_param('password')) + self.bindpassword = self.get_param('password') self.ca = self.get_param('ca', False) self.checkcert = self.get_param('checkcert', 'on') self.starttls = self.get_param('starttls', 'off') diff --git a/ldapcherry/version.py b/ldapcherry/version.py index 45fdd7b..4ce55d1 100644 --- a/ldapcherry/version.py +++ b/ldapcherry/version.py @@ -5,4 +5,4 @@ # ldapCherry # Copyright (c) 2014 Carpentier Pierre-Francois -version = '1.1.2' +version = '1.1.1' From c8f2ea84e55016b4bc19a6d97e1fbcb5b21d5030 Mon Sep 17 00:00:00 2001 From: Christian Connert Date: Tue, 9 Jul 2019 15:19:20 +0200 Subject: [PATCH 14/16] Revert "Update Dockerfile" This reverts commit fe8539e2e6be66aba7e47aa01ee737af2ed9f20a. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 0ee9be5..0d7effe 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3-alpine +FROM python:2-alpine WORKDIR /usr/src/app ADD . /usr/src/app From 8b798ae5f89a40a1ed6897829154165c91ca6786 Mon Sep 17 00:00:00 2001 From: Christian Connert Date: Tue, 9 Jul 2019 15:19:26 +0200 Subject: [PATCH 15/16] Revert "Update backendAD.py" This reverts commit 7cfa183ed95a010b90f1a030defddd3710814f11. --- ldapcherry/backend/backendAD.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ldapcherry/backend/backendAD.py b/ldapcherry/backend/backendAD.py index e5db15f..9483390 100644 --- a/ldapcherry/backend/backendAD.py +++ b/ldapcherry/backend/backendAD.py @@ -112,7 +112,7 @@ class Backend(ldapcherry.backend.backendLdap.Backend): self.starttls = self.get_param('starttls', 'off') self.uri = self.get_param('uri') self.timeout = self.get_param('timeout', 1) - self.userdn = 'OU=Users,OU=' + self.domain.split(".")[0] + "," + basedn + self.userdn = 'CN=Users,' + basedn self.groupdn = self.userdn self.builtin = 'CN=Builtin,' + basedn self.user_filter_tmpl = '(sAMAccountName=%(username)s)' From ee3e0b6cf3d910a6d41c0d79ea2d8e15d438af13 Mon Sep 17 00:00:00 2001 From: Christian Connert Date: Tue, 9 Jul 2019 15:19:32 +0200 Subject: [PATCH 16/16] Revert "Create Dockerfile" This reverts commit 9ad7d647628a3b4071a461a4e0a71c9b67fddbe9. --- Dockerfile | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 0d7effe..0000000 --- a/Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -FROM python:2-alpine - -WORKDIR /usr/src/app -ADD . /usr/src/app - -ENV DATAROOTDIR /usr/share -ENV SYSCONFDIR /etc - -RUN apk add --no-cache libldap && \ - apk add --no-cache --virtual build-dependencies build-base yaml-dev openldap-dev && \ - python setup.py install && \ - apk del build-dependencies && \ - cp -v conf/* /etc/ldapcherry && \ - adduser -S ldapcherry && \ - rm -rf /usr/src/app - -USER ldapcherry - -CMD [ "ldapcherryd", "-c", "/etc/ldapcherry/ldapcherry.ini", "-D" ]