def is_group_member(self, group_dn):
"""
Verify that uid is a member in the group object identified by
group_dn, using the pre-initialized ldap object l.
The full user DN will be attempted matched against the member
attribute of the group object. If no match is found, the user uid
will be attempted matched against the memberUid attribute. The
former should work well for groupOfNames and groupOfUniqueNames
objects, the latter should work for posixGroup objects.
"""
encoding = _config.get('ldap', 'encoding')
group_search = _config.get('ldap', 'group_search').encode(encoding)
user_dn = self.get_user_dn().encode(encoding)
# Match groupOfNames/groupOfUniqueNames objects
try:
filterstr = group_search % escape_filter_chars(user_dn)
result = self.ldap.search_s(group_dn, ldap.SCOPE_BASE, filterstr)
_logger.debug("groupOfNames results: %s", result)
if len(result) < 1:
# If no match, match posixGroup objects
filterstr = (
'(memberUid=%s)' %
escape_filter_chars(self.username.encode(encoding)))
result = self.ldap.search_s(group_dn, ldap.SCOPE_BASE,
filterstr)
_logger.debug("posixGroup results: %s", result)
return len(result) > 0
except ldap.TIMEOUT as error:
_logger.error("Timed out while veryfing group memberships")
raise TimeoutError(error)
#
# Exception classes
#
评论列表
文章目录
