Module: check_mk
Branch: master
Commit: 88eedca3e374e66fb2f75f56309d7bb7c368fe5b
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=88eedca3e374e6…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Feb 17 09:26:55 2014 +0100
FIX LDAP: Fixed sync when non lower case attributes are configured
The LDAP sync converts all configured ldap attributes to lower case
for easier handling internally. When custom LDAP source attributes
are configured by using non lower case, the sync did not process
those vars in some cases.
---
.werks/670 | 12 ++++++++++++
ChangeLog | 1 +
web/plugins/userdb/ldap.py | 20 +++++++++++---------
3 files changed, 24 insertions(+), 9 deletions(-)
diff --git a/.werks/670 b/.werks/670
new file mode 100644
index 0000000..6dc19f5
--- /dev/null
+++ b/.werks/670
@@ -0,0 +1,12 @@
+Title: LDAP: Fixed sync when non lower case attributes are configured
+Level: 1
+Component: multisite
+Class: fix
+State: unknown
+Version: 1.2.5i1
+Date: 1392625538
+
+The LDAP sync converts all configured ldap attributes to lower case
+for easier handling internally. When custom LDAP source attributes
+are configured by using non lower case, the sync did not process
+those vars in some cases.
diff --git a/ChangeLog b/ChangeLog
index 9e0bdd3..3a17581 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -218,6 +218,7 @@
* 0273 FIX: Fixed exceptions when modifying / cloning views...
* 0274 FIX: Fixed exception when view title or description was missing
* 0278 FIX: Fixed bookmark icon images for non-english user languages...
+ * 0670 FIX: LDAP: Fixed sync when non lower case attributes are configured...
WATO:
* 0308 Multisite can now set rotation view permissions for NagVis...
diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py
index 416902e..31809b3 100644
--- a/web/plugins/userdb/ldap.py
+++ b/web/plugins/userdb/ldap.py
@@ -687,8 +687,10 @@ def ldap_convert_simple(user_id, ldap_user, user, user_attr, attr):
def ldap_convert_mail(plugin, params, user_id, ldap_user, user):
mail = ''
- if ldap_user.get(params.get('attr', ldap_attr('mail'))):
- mail = ldap_user[params.get('attr',
ldap_attr('mail'))][0].lower()
+ mail_attr = params.get('attr', ldap_attr('mail')).lower()
+ if ldap_user.get(mail_attr):
+ mail = ldap_user[mail_attr][0].lower()
+
if mail:
return {'email': mail}
else:
@@ -698,7 +700,7 @@ ldap_attribute_plugins['email'] = {
'title': _('Email address'),
'help': _('Synchronizes the email of the LDAP user account into
Check_MK.'),
# Attributes which must be fetched from ldap
- 'needed_attributes': lambda params: [ params.get('attr',
ldap_attr('mail')) ],
+ 'needed_attributes': lambda params: [ params.get('attr',
ldap_attr('mail')).lower() ],
# Calculating the value of the attribute based on the configuration and the values
# gathered from ldap
'convert': ldap_convert_mail,
@@ -717,10 +719,10 @@ ldap_attribute_plugins['alias'] = {
'title': _('Alias'),
'help': _('Populates the alias attribute of the WATO user by
syncrhonizing an attribute '
'from the LDAP user account. By default the LDAP attribute
<tt>cn</tt> is used.'),
- 'needed_attributes': lambda params: [ params.get('attr',
ldap_attr('cn')) ],
+ 'needed_attributes': lambda params: [ params.get('attr',
ldap_attr('cn')).lower() ],
'convert': lambda plugin, params, user_id, ldap_user, user: \
ldap_convert_simple(user_id, ldap_user, user,
'alias',
- params.get('attr',
ldap_attr('cn'))),
+ params.get('attr',
ldap_attr('cn')).lower()),
'lock_attributes': [ 'alias' ],
'parameters': [
("attr", TextAscii(
@@ -744,7 +746,7 @@ def ldap_convert_auth_expire(plugin, params, user_id, ldap_user,
user):
'serial': user.get('serial', 0) + 1,
}
- changed_attr = params.get('attr', ldap_attr('pw_changed'))
+ changed_attr = params.get('attr', ldap_attr('pw_changed')).lower()
if not changed_attr in ldap_user:
raise MKLDAPException(_('The "Authentication Expiration" attribute
(%s) could not be fetched '
'from the LDAP server for user %s.') %
(changed_attr, ldap_user))
@@ -766,7 +768,7 @@ def ldap_convert_auth_expire(plugin, params, user_id, ldap_user,
user):
return {}
def ldap_attrs_auth_expire(params):
- attrs = [ params.get('attr', ldap_attr('pw_changed')) ]
+ attrs = [ params.get('attr', ldap_attr('pw_changed')).lower() ]
# Fetch user account flags to check locking
if config.ldap_connection['type'] == 'ad':
@@ -803,10 +805,10 @@ ldap_attribute_plugins['pager'] = {
'help': _('This plugin synchronizes a field of the users LDAP account to
the pager attribute '
'of the WATO user accounts, which is then forwarded to the monitoring
core and can be used'
'for notifications. By default the LDAP attribute
<tt>mobile</tt> is used.'),
- 'needed_attributes': lambda params: [ params.get('attr',
ldap_attr('mobile')) ],
+ 'needed_attributes': lambda params: [ params.get('attr',
ldap_attr('mobile')).lower() ],
'convert': lambda plugin, params, user_id, ldap_user, user: \
ldap_convert_simple(user_id, ldap_user, user,
'pager',
- params.get('attr',
ldap_attr('mobile'))),
+ params.get('attr',
ldap_attr('mobile')).lower()),
'lock_attributes': ['pager'],
'parameters': [
('attr', TextAscii(