Module: check_mk
Branch: master
Commit: d1ac9e05efb98fa1eb4f71b1116c260790fed13e
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=d1ac9e05efb98f…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Jul 22 09:20:05 2013 +0200
LDAP: Supporting posixGroup with memberUid as member attribute
---
ChangeLog | 2 +-
web/plugins/userdb/ldap.py | 10 +++++++++-
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 55475ea..e149c02 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -62,7 +62,6 @@
new script parameters cache_age, retry_count, timeout
new script caching options "off", "async",
"sync"
-
Notifications:
* notify.py: Matching service level: Use the hosts service level if a
service has no service level set
@@ -91,6 +90,7 @@
* Implemented search forms for most data tables
* New icons in view footers: export as CSV, export as JSON
* Availability: new columns for shortest, longest, average and count
+ * LDAP: Supporting posixGroup with memberUid as member attribute
* FIX: better error message in case of exception in SNMP handling
* FIX: Inventory screen: Now shows custom checks
* FIX: Fixed locking problem of multisite pages related to user loading/saving
diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py
index 0535d56..b3c0174 100644
--- a/web/plugins/userdb/ldap.py
+++ b/web/plugins/userdb/ldap.py
@@ -394,10 +394,18 @@ def ldap_user_groups(username, attr = 'cn'):
else:
return g_ldap_group_cache[username][1]
+ # posixGroup objects use the memberUid attribute to specify the group memberships.
+ # This is the username instead of the users DN. So the username needs to be used
+ # for filtering here.
+ if ldap_member_attr().lower() == 'memberuid':
+ user_filter = username
+ else:
+ user_filter = user_dn
+
# Apply configured group ldap filter and only reply with groups
# having the current user as member
filt = '(&%s(%s=%s))' % (ldap_filter('groups'),
ldap_member_attr(),
- ldap.filter.escape_filter_chars(user_dn))
+ ldap.filter.escape_filter_chars(user_filter))
# First get all groups
groups_cn = []
groups_dn = []