fix self user password modification in AD Backend

In some forms, the 'cn' attribute might not be accessible. The _set_password method relied on 'cn' to build the user dn. Now it accepts the cn or the dn (by_cn switch).
kakwa · Jul 21, 2016 · 320f57a · 320f57a
1 parent 6ef44b9
commit 320f57a
Showing 1 changed file with 10 additions and 6 deletions.
diff --git a/ldapcherry/backend/backendAD.py b/ldapcherry/backend/backendAD.py
@@ -174,16 +174,19 @@ def _build_groupdn(self, groups):
                 ad_groups.append('cn=' + group + ',' + self.groupdn)
         return ad_groups
 
-    def _set_password(self, cn, password):
+    def _set_password(self, name, password, by_cn=True):
         unicode_pass = '\"' + password + '\"'
         password_value = unicode_pass.encode('utf-16-le')
 
         ldap_client = self._bind()
 
-        dn = self._str('CN=%(cn)s,%(user_dn)s' % {
-                    'cn': cn,
-                    'user_dn': self.userdn
-                    })
+        if by_cn:
+            dn = self._str('CN=%(cn)s,%(user_dn)s' % {
+                        'cn': name,
+                        'user_dn': self.userdn
+                       })
+        else:
+            dn = name
 
         attrs = {}
 
@@ -201,7 +204,8 @@ def add_user(self, attrs):
         password = attrs['unicodePwd']
         del(attrs['unicodePwd'])
         super(Backend, self).add_user(attrs)
-        self._set_password(attrs['cn'], password)
+        userdn = self._get_user(username, NO_ATTR)
+        self._set_password(userdn, password, False)
 
     def set_attrs(self, username, attrs):
         if 'unicodePwd' in attrs: