diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py index 2a09d73..87866c1 100644 --- a/Allura/allura/lib/plugin.py +++ b/Allura/allura/lib/plugin.py @@ -289,45 +289,69 @@ class LdapAuthenticationProvider(AuthenticationProvider): def register_user(self, user_doc): from allura import model as M + user = M.User.query.get( + username=user_doc['username'], disabled=False) + uname = user_doc['username'].encode('utf-8') password = user_doc['password'].encode('utf-8') + dn = 'uid=%s,%s' % (user_doc['username'], config['auth.ldap.suffix']) result = M.User(**user_doc) - dn_u = 'uid=%s,%s' % (user_doc['username'], config['auth.ldap.suffix']) - uid = str(M.AuthGlobals.get_next_uid()) - try: - con = ldap.initialize(config['auth.ldap.server']) - con.bind_s(config['auth.ldap.admin_dn'], - config['auth.ldap.admin_password']) - uname = user_doc['username'].encode('utf-8') - display_name = user_doc['display_name'].encode('utf-8') - ldif_u = modlist.addModlist(dict( - uid=uname, - userPassword=password, - objectClass=['account', 'posixAccount'], - cn=display_name, - uidNumber=uid, - gidNumber='10001', - homeDirectory='/home/' + uname, - loginShell='/bin/bash', - gecos=uname, - description='SCM user account')) + if user is None: try: - con.add_s(dn_u, ldif_u) - except ldap.ALREADY_EXISTS: - log.exception('Trying to create existing user %s', uname) + if config.get('registration.method') == 'ldap': + con = ldap.initialize(config['auth.ldap.server']) + con.bind_s(config['auth.ldap.admin_dn'], + config['auth.ldap.admin_password']) + display_name = user_doc['display_name'].encode('utf-8') + uid = str(M.AuthGlobals.get_next_uid()) + ldif_u = modlist.addModlist(dict( + uid=uname, + userPassword=password, + objectClass=['account', 'posixAccount'], + cn=display_name, + uidNumber=uid, + gidNumber='10001', + homeDirectory='/home/' + uname, + loginShell='/bin/bash', + gecos=uname, + description='SCM user account')) + try: + con.add_s(dn, ldif_u) + except ldap.ALREADY_EXISTS: + log.exception('Trying to create existing user %s', uname) + raise + con.unbind_s() + elif config.get('registration.method') == 'local': + try: + con = ldap.initialize(config['auth.ldap.server']) + con.bind_s(dn, user_doc['password']) + con.unbind_s() + log.debug('Registering ldap authenticated user %s' % uname) + except ldap.INVALID_CREDENTIALS: + errmsg = 'Invalid credentials specified while trying to bind user %s' % uname + log.exception(errmsg) + #really need to extend widgets/auth_widgets.py to display better messages to the user + raise exc.HTTPUnauthorized() + #python-ldap doesn't seem to actually raise this exception, so how do we handle it? + #except ldap.NO_SUCH_OBJECT: + # errmsg = 'Invalid credentials specified while trying to bind user {0}'.format(uname) + # log.exception(errmsg) + # assert False, errmsg + #shouldn't this instead be handled upstream by the auth system? + else: + raise NotImplemented, 'The registration method is not supported' + if asbool(config.get('auth.ldap.use_schroot', True)): + argv = ('schroot -d / -c %s -u root /ldap-userconfig.py init %s' % ( + config['auth.ldap.schroot_name'], user_doc['username'])).split() + p = subprocess.Popen( + argv, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) + rc = p.wait() + if rc != 0: + log.error('Error creating home directory for %s', + user_doc['username']) + except: raise - con.unbind_s() - - if asbool(config.get('auth.ldap.use_schroot', True)): - argv = ('schroot -d / -c %s -u root /ldap-userconfig.py init %s' % ( - config['auth.ldap.schroot_name'], user_doc['username'])).split() - p = subprocess.Popen( - argv, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) - rc = p.wait() - if rc != 0: - log.error('Error creating home directory for %s', - user_doc['username']) - except: - raise + else: + log.exception('Trying to create existing user %s', uname) return result def upload_sshkey(self, username, pubkey):