test with OpenLDAP
Message-ID: <52b30a15.lAdH+dzZKeN74yP+%lm(a)mathias-kettner.de>
User-Agent: Heirloom mailx 12.4 7/29/08
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Module: check_mk
Branch: master
Commit: e87b4ec7e5bc8bc2dc0696d1c805f242edc8da21
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=e87b4ec7e5bc8b…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Thu Dec 19 16:00:17 2013 +0100
FIX LDAP: Fixed "Sync-Plugin: Roles" test with OpenLDAP
---
.werks/417 | 10 ++++++++++
ChangeLog | 1 +
web/htdocs/wato.py | 2 +-
web/plugins/userdb/ldap.py | 16 ++++++++++++----
4 files changed, 24 insertions(+), 5 deletions(-)
diff --git a/.werks/417 b/.werks/417
new file mode 100644
index 0000000..22d8633
--- /dev/null
+++ b/.werks/417
@@ -0,0 +1,10 @@
+Title: LDAP: Fixed "Sync-Plugin: Roles" test with OpenLDAP
+Level: 1
+Component: wato
+Class: fix
+State: unknown
+Version: 1.2.5i1
+Date: 1387465190
+Targetversion: future
+
+
diff --git a/ChangeLog b/ChangeLog
index f4b2bfe..7ec66dc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -119,6 +119,7 @@
* 0392 FIX: LDAP: Improved error messages of LDAP configuration test...
* 0415 FIX: LDAP: The LDAP Settings dialog is now disabled when the LDAP Connector is
disabled
* 0416 FIX: When doing user sync on user page rendering, contact group memberships
are shown correctly now...
+ * 0417 FIX: LDAP: Fixed "Sync-Plugin: Roles" test with OpenLDAP
Notifications:
* 0362 sms: now searching PATH for sendsms and smssend commands...
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index ead6a25..b99c916 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -6171,7 +6171,7 @@ def mode_ldap_config(phase):
if isinstance(dn, str):
num += 1
try:
- ldap_groups =
userdb.ldap_get_groups('(distinguishedName=%s)' % dn)
+ ldap_groups = userdb.ldap_get_groups(dn)
if not ldap_groups:
return False, _('Could not find the group specified for
role %s') % role_id
except Exception, e:
diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py
index 644c56b..5f85267 100644
--- a/web/plugins/userdb/ldap.py
+++ b/web/plugins/userdb/ldap.py
@@ -547,11 +547,19 @@ def ldap_group_base_dn_exists():
else:
return len(result) == 1
-def ldap_get_groups(add_filt = None):
+def ldap_get_groups(specific_dn = None):
filt = ldap_filter('groups')
- if add_filt:
- filt = '(&%s%s)' % (filt, add_filt)
- return ldap_search(ldap_replace_macros(config.ldap_groupspec['dn']), filt,
['cn'])
+ dn = ldap_replace_macros(config.ldap_groupspec['dn'])
+
+ if specific_dn:
+ # When using AD, the groups can be filtered by the DN attribute. With
+ # e.g. OpenLDAP this is not possible. In that case, change the DN.
+ if config.ldap_connection['type'] == 'ad':
+ filt = '(&%s(distinguishedName=%s))' % (filt, specific_dn)
+ else:
+ dn = specific_dn
+
+ return ldap_search(dn, filt, ['cn'])
def ldap_group_members(filters, filt_attr = 'cn', nested = False):
cache_key = '%s-%s-%s' % (filters, nested and 'n' or 'f',
filt_attr)