[checkmk-commits] Check_MK Git: check_mk: LDAP: Supporting posixGroup with memberUid as member attribute

Module: check_mk Branch: master Commit: d1ac9e05efb98fa1eb4f71b1116c260790fed13e URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=d1ac9e05efb98f… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Jul 22 09:20:05 2013 +0200 LDAP: Supporting posixGroup with memberUid as member attribute --- ChangeLog | 2 +- web/plugins/userdb/ldap.py | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 55475ea..e149c02 100644 --- a/ChangeLog +++ b/ChangeLog @@ -62,7 +62,6 @@ new script parameters cache_age, retry_count, timeout new script caching options "off", "async", "sync" - Notifications: * notify.py: Matching service level: Use the hosts service level if a service has no service level set @@ -91,6 +90,7 @@ * Implemented search forms for most data tables * New icons in view footers: export as CSV, export as JSON * Availability: new columns for shortest, longest, average and count + * LDAP: Supporting posixGroup with memberUid as member attribute * FIX: better error message in case of exception in SNMP handling * FIX: Inventory screen: Now shows custom checks * FIX: Fixed locking problem of multisite pages related to user loading/saving diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py index 0535d56..b3c0174 100644 --- a/web/plugins/userdb/ldap.py +++ b/web/plugins/userdb/ldap.py @@ -394,10 +394,18 @@ def ldap_user_groups(username, attr = 'cn'): else: return g_ldap_group_cache[username][1] + # posixGroup objects use the memberUid attribute to specify the group memberships. + # This is the username instead of the users DN. So the username needs to be used + # for filtering here. + if ldap_member_attr().lower() == 'memberuid': + user_filter = username + else: + user_filter = user_dn + # Apply configured group ldap filter and only reply with groups # having the current user as member filt = '(&%s(%s=%s))' % (ldap_filter('groups'), ldap_member_attr(), - ldap.filter.escape_filter_chars(user_dn)) + ldap.filter.escape_filter_chars(user_filter)) # First get all groups groups_cn = [] groups_dn = []