diff --git a/pykolab/auth/__init__.py b/pykolab/auth/__init__.py --- a/pykolab/auth/__init__.py +++ b/pykolab/auth/__init__.py @@ -232,8 +232,8 @@ def find_user(self, attr, value, **kw): return self._auth.search_entry_by_attribute(attr, value, **kw) - def find_user_dn(self, login, kolabuser=False): - return self._auth._find_user_dn(login, kolabuser); + def find_user_dn(self, login, kolabuser=False, domain=None): + return self._auth._find_user_dn(login, kolabuser, domain); def list_recipient_addresses(self, user): return self._auth.list_recipient_addresses(user) diff --git a/pykolab/auth/ldap/__init__.py b/pykolab/auth/ldap/__init__.py --- a/pykolab/auth/ldap/__init__.py +++ b/pykolab/auth/ldap/__init__.py @@ -124,13 +124,7 @@ log.error(_l("Authentication cache failed: %r") % (errmsg)) if base_dn is None: - config_base_dn = self.config_get('base_dn') - ldap_base_dn = self._kolab_domain_root_dn(self.domain) - - if ldap_base_dn is not None and not ldap_base_dn == config_base_dn: - base_dn = ldap_base_dn - else: - base_dn = config_base_dn + base_dn = self._base_dn() try: auth_cache.set_entry(self.domain, base_dn) @@ -459,18 +453,11 @@ return entry_id['dn'] unique_attribute = self.config_get('unique_attribute') - config_base_dn = self.config_get('base_dn') - ldap_base_dn = self._kolab_domain_root_dn(self.domain) - - if ldap_base_dn is not None and not ldap_base_dn == config_base_dn: - base_dn = ldap_base_dn - else: - base_dn = config_base_dn _filter = "(%s=%s)" % (unique_attribute, ldap.filter.escape_filter_chars(entry_id)) _search = self.ldap.search_ext( - base_dn, + self._base_dn(), ldap.SCOPE_SUBTREE, _filter, ['entrydn'] @@ -714,19 +701,13 @@ _filter = "%s%s%s" % (__filter_prefix, _filter, __filter_suffix) - log.debug(_l("Finding recipient with filter %r") % (_filter), level=8) + base_dn = self._base_dn() + + log.debug(_l("Finding recipient with filter %r in %s") % (_filter, base_dn), level=8) if len(_filter) <= 6: return None - config_base_dn = self.config_get('base_dn') - ldap_base_dn = self._kolab_domain_root_dn(self.domain) - - if ldap_base_dn is not None and not ldap_base_dn == config_base_dn: - base_dn = ldap_base_dn - else: - base_dn = config_base_dn - _results = self.ldap.search_s( base_dn, scope=ldap.SCOPE_SUBTREE, @@ -790,13 +771,13 @@ _filter = "%s%s%s" % (__filter_prefix, _filter, __filter_suffix) - log.debug(_l("Finding resource with filter %r") % (_filter), level=8) - if len(_filter) <= 6: return None resource_base_dn = self._object_base_dn('resource') + log.debug(_l("Finding resource with filter %s in %s") % (_filter, resource_base_dn), level=8) + _results = self.ldap.search_s( resource_base_dn, scope=ldap.SCOPE_SUBTREE, @@ -1220,13 +1201,9 @@ _filter = "(%s=%s)" % (attr, ldap.filter.escape_filter_chars(value)) - config_base_dn = self.config_get('base_dn') - ldap_base_dn = self._kolab_domain_root_dn(self.domain) + base_dn = self._base_dn() - if ldap_base_dn is not None and not ldap_base_dn == config_base_dn: - base_dn = ldap_base_dn - else: - base_dn = config_base_dn + log.debug(_l("Finding entry %s in %s") % (_filter, base_dn), level=8) _results = self._search( base_dn, @@ -1321,22 +1298,14 @@ _filter = "(&%s(modifytimestamp>=%s))" % (_filter, modified_after) - log.debug(_l("Synchronization is using filter %r") % (_filter), level=8) - if mode != 0: override_search = mode else: override_search = None - config_base_dn = self.config_get('base_dn') - ldap_base_dn = self._kolab_domain_root_dn(self.domain) + base_dn = self._base_dn() - if ldap_base_dn is not None and not ldap_base_dn == config_base_dn: - base_dn = ldap_base_dn - else: - base_dn = config_base_dn - - log.debug(_l("Synchronization is searching against base DN: %s") % (base_dn), level=8) + log.debug(_l("Synchronization is searching for %s in %s") % (_filter, base_dn), level=8) if callback is None: callback = self._synchronize_callback @@ -2429,14 +2398,7 @@ self._bind() entry_dn = self.entry_dn(entry_id) - - config_base_dn = self.config_get('base_dn') - ldap_base_dn = self._kolab_domain_root_dn(self.domain) - - if ldap_base_dn is not None and not ldap_base_dn == config_base_dn: - base_dn = ldap_base_dn - else: - base_dn = config_base_dn + base_dn = self._base_dn() for _type in ['user', 'group', 'sharedfolder']: __filter = self.config_get('kolab_%s_filter' % (_type)) @@ -2462,14 +2424,14 @@ return None - def _find_user_dn(self, login, kolabuser=False): + def _find_user_dn(self, login, kolabuser=False, domain=None): """ Find the distinguished name (DN) for a (Kolab) user entry in LDAP. """ conf_prefix = 'kolab_' if kolabuser else '' - user_base_dn = self._object_base_dn('user', conf_prefix) + user_base_dn = self._object_base_dn('user', conf_prefix, domain) auth_attrs = self.config_get_list('auth_attributes') @@ -2682,18 +2644,12 @@ return domains - def _object_base_dn(self, objectType, prefix=''): + def _object_base_dn(self, objectType, prefix='', domain=None): """ Get configured base DN for specified Kolab object type """ - object_base_dn = self.config_get(prefix + objectType + '_base_dn') - config_base_dn = self.config_get('base_dn') - ldap_base_dn = self._kolab_domain_root_dn(self.domain) - - if ldap_base_dn is not None and not ldap_base_dn == config_base_dn: - base_dn = ldap_base_dn - else: - base_dn = config_base_dn + object_base_dn = self.config_get_raw(prefix + objectType + '_base_dn') + base_dn = self._base_dn(domain) if object_base_dn is None: object_base_dn = base_dn @@ -2702,6 +2658,15 @@ return object_base_dn + def _base_dn(self, domain=None): + config_base_dn = self.config_get('base_dn') + ldap_base_dn = self._kolab_domain_root_dn(domain if domain is not None else self.domain) + + if ldap_base_dn is not None and not ldap_base_dn == config_base_dn: + return ldap_base_dn + + return config_base_dn + def _synchronize_callback(self, *args, **kw): """ Determine the characteristics of the callback being placed, and @@ -2860,6 +2825,8 @@ ) ) + log.debug(_l("Searching with filter %r in %s") % (filterstr, base_dn), level=8) + _search = self.ldap.search_ext( base_dn, scope=scope, @@ -2948,6 +2915,8 @@ server_page_control = ldap.controls.libldap.SimplePagedResultsControl(size=page_size,cookie='') + log.debug(_l("Searching for %r in %s") % (filterstr, base_dn), level=8) + _search = self.ldap.search_ext( base_dn, scope=scope, @@ -3093,7 +3062,7 @@ if timeout is None: timeout = float(self.config_get('ldap', 'timeout', default=10)) - log.debug(_l("Searching with filter %r") % (filterstr), level=8) + log.debug(_l("Searching for %r in %s") % (filterstr, base_dn), level=8) _search = self.ldap.search( base_dn, diff --git a/wallace/module_invitationpolicy.py b/wallace/module_invitationpolicy.py --- a/wallace/module_invitationpolicy.py +++ b/wallace/module_invitationpolicy.py @@ -706,13 +706,15 @@ if local_domains is not None: local_domains = list(set(local_domains.keys())) - if not email_address.split('@')[1] in local_domains: + domain = email_address.split('@')[1] + + if not domain in local_domains: user_dn_from_email_address.cache[email_address] = None return None log.debug(_("Checking if email address %r belongs to a local user") % (email_address), level=8) - user_dn = auth.find_user_dn(email_address, True) + user_dn = auth.find_user_dn(email_address, True, domain) if isinstance(user_dn, string_types): log.debug(_("User DN: %r") % (user_dn), level=8)