[checkmk-commits] Check_MK Git: check_mk: FIX LDAP: Fixed sync when non lower case attributes are configured

Module: check_mk Branch: master Commit: 88eedca3e374e66fb2f75f56309d7bb7c368fe5b URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=88eedca3e374e6… Author: Lars Michelsen &lt;lm(a)mathias-kettner.de&gt; Date: Mon Feb 17 09:26:55 2014 +0100 FIX LDAP: Fixed sync when non lower case attributes are configured The LDAP sync converts all configured ldap attributes to lower case for easier handling internally. When custom LDAP source attributes are configured by using non lower case, the sync did not process those vars in some cases. --- .werks/670 | 12 ++++++++++++ ChangeLog | 1 + web/plugins/userdb/ldap.py | 20 +++++++++++--------- 3 files changed, 24 insertions(+), 9 deletions(-) diff --git a/.werks/670 b/.werks/670 new file mode 100644 index 0000000..6dc19f5 --- /dev/null +++ b/.werks/670 @@ -0,0 +1,12 @@ +Title: LDAP: Fixed sync when non lower case attributes are configured +Level: 1 +Component: multisite +Class: fix +State: unknown +Version: 1.2.5i1 +Date: 1392625538 + +The LDAP sync converts all configured ldap attributes to lower case +for easier handling internally. When custom LDAP source attributes +are configured by using non lower case, the sync did not process +those vars in some cases. diff --git a/ChangeLog b/ChangeLog index 9e0bdd3..3a17581 100644 --- a/ChangeLog +++ b/ChangeLog @@ -218,6 +218,7 @@ * 0273 FIX: Fixed exceptions when modifying / cloning views... * 0274 FIX: Fixed exception when view title or description was missing * 0278 FIX: Fixed bookmark icon images for non-english user languages... + * 0670 FIX: LDAP: Fixed sync when non lower case attributes are configured... WATO: * 0308 Multisite can now set rotation view permissions for NagVis... diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py index 416902e..31809b3 100644 --- a/web/plugins/userdb/ldap.py +++ b/web/plugins/userdb/ldap.py @@ -687,8 +687,10 @@ def ldap_convert_simple(user_id, ldap_user, user, user_attr, attr): def ldap_convert_mail(plugin, params, user_id, ldap_user, user): mail = '' - if ldap_user.get(params.get('attr', ldap_attr('mail'))): - mail = ldap_user[params.get('attr', ldap_attr('mail'))][0].lower() + mail_attr = params.get('attr', ldap_attr('mail')).lower() + if ldap_user.get(mail_attr): + mail = ldap_user[mail_attr][0].lower() + if mail: return {'email': mail} else: @@ -698,7 +700,7 @@ ldap_attribute_plugins['email'] = { 'title': _('Email address'), 'help': _('Synchronizes the email of the LDAP user account into Check_MK.'), # Attributes which must be fetched from ldap - 'needed_attributes': lambda params: [ params.get('attr', ldap_attr('mail')) ], + 'needed_attributes': lambda params: [ params.get('attr', ldap_attr('mail')).lower() ], # Calculating the value of the attribute based on the configuration and the values # gathered from ldap 'convert': ldap_convert_mail, @@ -717,10 +719,10 @@ ldap_attribute_plugins['alias'] = { 'title': _('Alias'), 'help': _('Populates the alias attribute of the WATO user by syncrhonizing an attribute ' 'from the LDAP user account. By default the LDAP attribute <tt>cn</tt> is used.'), - 'needed_attributes': lambda params: [ params.get('attr', ldap_attr('cn')) ], + 'needed_attributes': lambda params: [ params.get('attr', ldap_attr('cn')).lower() ], 'convert': lambda plugin, params, user_id, ldap_user, user: \ ldap_convert_simple(user_id, ldap_user, user, 'alias', - params.get('attr', ldap_attr('cn'))), + params.get('attr', ldap_attr('cn')).lower()), 'lock_attributes': [ 'alias' ], 'parameters': [ ("attr", TextAscii( @@ -744,7 +746,7 @@ def ldap_convert_auth_expire(plugin, params, user_id, ldap_user, user): 'serial': user.get('serial', 0) + 1, } - changed_attr = params.get('attr', ldap_attr('pw_changed')) + changed_attr = params.get('attr', ldap_attr('pw_changed')).lower() if not changed_attr in ldap_user: raise MKLDAPException(_('The "Authentication Expiration" attribute (%s) could not be fetched ' 'from the LDAP server for user %s.') % (changed_attr, ldap_user)) @@ -766,7 +768,7 @@ def ldap_convert_auth_expire(plugin, params, user_id, ldap_user, user): return {} def ldap_attrs_auth_expire(params): - attrs = [ params.get('attr', ldap_attr('pw_changed')) ] + attrs = [ params.get('attr', ldap_attr('pw_changed')).lower() ] # Fetch user account flags to check locking if config.ldap_connection['type'] == 'ad': @@ -803,10 +805,10 @@ ldap_attribute_plugins['pager'] = { 'help': _('This plugin synchronizes a field of the users LDAP account to the pager attribute ' 'of the WATO user accounts, which is then forwarded to the monitoring core and can be used' 'for notifications. By default the LDAP attribute <tt>mobile</tt> is used.'), - 'needed_attributes': lambda params: [ params.get('attr', ldap_attr('mobile')) ], + 'needed_attributes': lambda params: [ params.get('attr', ldap_attr('mobile')).lower() ], 'convert': lambda plugin, params, user_id, ldap_user, user: \ ldap_convert_simple(user_id, ldap_user, user, 'pager', - params.get('attr', ldap_attr('mobile'))), + params.get('attr', ldap_attr('mobile')).lower()), 'lock_attributes': ['pager'], 'parameters': [ ('attr', TextAscii(