diff --git a/conf/ldapcherry.ini b/conf/ldapcherry.ini index 3a8de08..b412497 100644 --- a/conf/ldapcherry.ini +++ b/conf/ldapcherry.ini @@ -77,7 +77,7 @@ ldap.starttls = 'on' ldap.checkcert = 'off' ldap.user_filter_tmpl = '(uid=%(username)s)' ldap.group_filter_tmpl = '(member=%(username)s)' -ldap.search_filter_tmpl = '&(uid=%(searchstring)s*)(sn=%(searchstring)s*)' +ldap.search_filter_tmpl = '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))' ldap.timeout = 1 diff --git a/ldapcherry/backend/backendLdap.py b/ldapcherry/backend/backendLdap.py index 5bc928e..2874fcc 100644 --- a/ldapcherry/backend/backendLdap.py +++ b/ldapcherry/backend/backendLdap.py @@ -66,8 +66,41 @@ class Backend(ldapcherry.backend.Backend): def del_user(self, username): pass - def search(self, search_string): - pass + def search(self, searchstring): + ldap_client = self._connect() + try: + ldap_client.simple_bind_s(self.binddn, self.bindpassword) + except ldap.INVALID_CREDENTIALS as e: + self._logger( + logging.ERROR, + "Configuration error, wrong credentials, unable to connect to ldap with '" + self.binddn + "'", + ) + #raise cherrypy.HTTPError("500", "Configuration Error, contact administrator") + raise e + except ldap.SERVER_DOWN as e: + self._logger( + logging.ERROR, + "Unable to contact ldap server '" + self.uri + "', check 'auth.ldap.uri' and ssl/tls configuration", + ) + raise e + + user_filter = self.search_filter_tmpl % { + 'searchstring': searchstring + } + print user_filter + try: + r = ldap_client.search_s(self.userdn, + ldap.SCOPE_SUBTREE, + user_filter, + attrlist=None + ) + except ldap.FILTER_ERROR as e: + #self._logger( + # logging.ERROR, + # "Bad search filter, check '" + self.backend_name + ".search_filter_tmpl'", + # ) + raise e + return r def get_user(self, username, attrs=True): if attrs: diff --git a/tests/cfg/ldapcherry.ini b/tests/cfg/ldapcherry.ini index d7f1b4d..b15b8f5 100644 --- a/tests/cfg/ldapcherry.ini +++ b/tests/cfg/ldapcherry.ini @@ -77,7 +77,7 @@ ldap.starttls = 'on' ldap.checkcert = 'off' ldap.user_filter_tmpl = '(uid=%(username)s)' ldap.group_filter_tmpl = '(member=%(userdn)s)' -ldap.search_filter_tmpl = '&(uid=%(searchstring)s*)(sn=%(searchstring)s*)' +ldap.search_filter_tmpl = '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))' ldap.timeout = 1 ad.module = 'ldapcherry.backend.backendSamba4' diff --git a/tests/test_BackendLdap.py b/tests/test_BackendLdap.py index 426a58e..0fc4c72 100644 --- a/tests/test_BackendLdap.py +++ b/tests/test_BackendLdap.py @@ -25,7 +25,7 @@ cfg = { 'checkcert' : 'off', 'user_filter_tmpl' : '(uid=%(username)s)', 'group_filter_tmpl' : '(member=%(userdn)s)', -'search_filter_tmpl' : '&(uid=%(searchstring)s*)(sn=%(searchstring)s*)', +'search_filter_tmpl' : '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))', } cherrypy.log.error = syslog_error @@ -114,3 +114,9 @@ class TestError(object): ret = inv.get_user('jwatson') expected = ('cn=John Watson,ou=People,dc=example,dc=org', {'uid': ['jwatson'], 'cn': ['John Watson'], 'sn': ['watson']}) assert ret == expected + + def testSearchtUser(self): + inv = Backend(cfg, cherrypy.log, 'ldap', attr) + ret = inv.search('smith') + expected = [('cn=Sheri Smith,ou=People,dc=example,dc=org', {'uid': ['ssmith'], 'objectClass': ['inetOrgPerson'], 'carLicense': ['HERCAR 125'], 'sn': ['smith'], 'mail': ['s.smith@example.com', 'ssmith@example.com', 'sheri.smith@example.com'], 'homePhone': ['555-111-2225'], 'cn': ['Sheri Smith']}), ('cn=John Smith,ou=People,dc=example,dc=org', {'uid': ['jsmith'], 'objectClass': ['inetOrgPerson'], 'carLicense': ['HISCAR 125'], 'sn': ['Smith'], 'mail': ['j.smith@example.com', 'jsmith@example.com', 'jsmith.smith@example.com'], 'homePhone': ['555-111-2225'], 'cn': ['John Smith']})] + assert ret == expected diff --git a/tests/test_env/deploy.sh b/tests/test_env/deploy.sh index 25afd32..7cfe77f 100755 --- a/tests/test_env/deploy.sh +++ b/tests/test_env/deploy.sh @@ -17,7 +17,7 @@ sudo sed -i "s%tools.staticdir.dir.*%tools.staticdir.dir = '`pwd`/resources/stat chown -R openldap:openldap /etc/ldap/ rm /etc/ldap/slapd.d/cn\=config/*mdb* /etc/init.d/slapd restart -ldapadd -H ldap://localhost:390 -x -D "cn=admin,dc=example,dc=org" -f /etc/ldap/content.ldif -w password +ldapadd -c -H ldap://localhost:390 -x -D "cn=admin,dc=example,dc=org" -f /etc/ldap/content.ldif -w password sed -i "s/\(127.0.0.1.*\)/\1 ldap.ldapcherry.org ad.ldapcherry.org/" /etc/hosts diff --git a/tests/test_env/etc/ldap/content.ldif b/tests/test_env/etc/ldap/content.ldif index 5108ed1..98a0682 100644 --- a/tests/test_env/etc/ldap/content.ldif +++ b/tests/test_env/etc/ldap/content.ldif @@ -32,6 +32,18 @@ mail: s.smith@example.com mail: ssmith@example.com mail: sheri.smith@example.com +dn: cn=John Smith,ou=people,dc=example,dc=org +objectclass: inetOrgPerson +cn: John Smith +sn: Smith +uid: jsmith +userpassword: passwordsmith +carlicense: HISCAR 125 +homephone: 555-111-2225 +mail: j.smith@example.com +mail: jsmith@example.com +mail: jsmith.smith@example.com + dn: cn=John Watson,ou=people,dc=example,dc=org objectclass: inetOrgPerson cn: John Watson