[checkmk-commits] Check_MK Git: check_mk: FIX LDAP: Fixed "Sync-Plugin: Roles"

test with OpenLDAP Message-ID: <52b30a15.lAdH+dzZKeN74yP+%lm(a)mathias-kettner.de> User-Agent: Heirloom mailx 12.4 7/29/08 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Module: check_mk Branch: master Commit: e87b4ec7e5bc8bc2dc0696d1c805f242edc8da21 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=e87b4ec7e5bc8b… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Thu Dec 19 16:00:17 2013 +0100 FIX LDAP: Fixed "Sync-Plugin: Roles" test with OpenLDAP --- .werks/417 | 10 ++++++++++ ChangeLog | 1 + web/htdocs/wato.py | 2 +- web/plugins/userdb/ldap.py | 16 ++++++++++++---- 4 files changed, 24 insertions(+), 5 deletions(-) diff --git a/.werks/417 b/.werks/417 new file mode 100644 index 0000000..22d8633 --- /dev/null +++ b/.werks/417 @@ -0,0 +1,10 @@ +Title: LDAP: Fixed "Sync-Plugin: Roles" test with OpenLDAP +Level: 1 +Component: wato +Class: fix +State: unknown +Version: 1.2.5i1 +Date: 1387465190 +Targetversion: future + + diff --git a/ChangeLog b/ChangeLog index f4b2bfe..7ec66dc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -119,6 +119,7 @@ * 0392 FIX: LDAP: Improved error messages of LDAP configuration test... * 0415 FIX: LDAP: The LDAP Settings dialog is now disabled when the LDAP Connector is disabled * 0416 FIX: When doing user sync on user page rendering, contact group memberships are shown correctly now... + * 0417 FIX: LDAP: Fixed "Sync-Plugin: Roles" test with OpenLDAP Notifications: * 0362 sms: now searching PATH for sendsms and smssend commands... diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py index ead6a25..b99c916 100644 --- a/web/htdocs/wato.py +++ b/web/htdocs/wato.py @@ -6171,7 +6171,7 @@ def mode_ldap_config(phase): if isinstance(dn, str): num += 1 try: - ldap_groups = userdb.ldap_get_groups('(distinguishedName=%s)' % dn) + ldap_groups = userdb.ldap_get_groups(dn) if not ldap_groups: return False, _('Could not find the group specified for role %s') % role_id except Exception, e: diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py index 644c56b..5f85267 100644 --- a/web/plugins/userdb/ldap.py +++ b/web/plugins/userdb/ldap.py @@ -547,11 +547,19 @@ def ldap_group_base_dn_exists(): else: return len(result) == 1 -def ldap_get_groups(add_filt = None): +def ldap_get_groups(specific_dn = None): filt = ldap_filter('groups') - if add_filt: - filt = '(&%s%s)' % (filt, add_filt) - return ldap_search(ldap_replace_macros(config.ldap_groupspec['dn']), filt, ['cn']) + dn = ldap_replace_macros(config.ldap_groupspec['dn']) + + if specific_dn: + # When using AD, the groups can be filtered by the DN attribute. With + # e.g. OpenLDAP this is not possible. In that case, change the DN. + if config.ldap_connection['type'] == 'ad': + filt = '(&%s(distinguishedName=%s))' % (filt, specific_dn) + else: + dn = specific_dn + + return ldap_search(dn, filt, ['cn']) def ldap_group_members(filters, filt_attr = 'cn', nested = False): cache_key = '%s-%s-%s' % (filters, nested and 'n' or 'f', filt_attr)