implementing search users

* adding search * adding unit tests
kakwa · May 25, 2015 · 7a7d6f5 · 7a7d6f5
1 parent 6af8628
commit 7a7d6f5
Show file tree

Hide file tree

Showing 6 changed files with 57 additions and 6 deletions.
diff --git a/conf/ldapcherry.ini b/conf/ldapcherry.ini
@@ -77,7 +77,7 @@ ldap.starttls = 'on'
 ldap.checkcert = 'off'
 ldap.user_filter_tmpl = '(uid=%(username)s)'
 ldap.group_filter_tmpl = '(member=%(username)s)'
-ldap.search_filter_tmpl = '&(uid=%(searchstring)s*)(sn=%(searchstring)s*)'
+ldap.search_filter_tmpl = '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))'
 ldap.timeout = 1
 
 

diff --git a/ldapcherry/backend/backendLdap.py b/ldapcherry/backend/backendLdap.py
@@ -66,8 +66,41 @@ def add_user(self, username):
     def del_user(self, username):
         pass
 
-    def search(self, search_string):
-        pass
+    def search(self, searchstring):
+        ldap_client = self._connect()
+        try:
+            ldap_client.simple_bind_s(self.binddn, self.bindpassword)
+        except ldap.INVALID_CREDENTIALS as e:
+            self._logger(
+                    logging.ERROR,
+                    "Configuration error, wrong credentials, unable to connect to ldap with '" + self.binddn + "'",
+                )
+            #raise cherrypy.HTTPError("500", "Configuration Error, contact administrator")
+            raise e
+        except ldap.SERVER_DOWN as e:
+            self._logger(
+                    logging.ERROR,
+                    "Unable to contact ldap server '" + self.uri + "', check 'auth.ldap.uri' and ssl/tls configuration",
+                )
+            raise e 
+
+        user_filter = self.search_filter_tmpl % {
+            'searchstring': searchstring
+        }
+        print user_filter
+        try:
+            r = ldap_client.search_s(self.userdn,
+                    ldap.SCOPE_SUBTREE,
+                    user_filter,
+                    attrlist=None
+            )
+        except ldap.FILTER_ERROR as e:
+            #self._logger(
+            #        logging.ERROR,
+            #        "Bad search filter, check '" + self.backend_name + ".search_filter_tmpl'",
+            #    )
+            raise e
+        return r
 
     def get_user(self, username, attrs=True):
         if attrs:

diff --git a/tests/cfg/ldapcherry.ini b/tests/cfg/ldapcherry.ini
@@ -77,7 +77,7 @@ ldap.starttls = 'on'
 ldap.checkcert = 'off'
 ldap.user_filter_tmpl = '(uid=%(username)s)'
 ldap.group_filter_tmpl = '(member=%(userdn)s)'
-ldap.search_filter_tmpl = '&(uid=%(searchstring)s*)(sn=%(searchstring)s*)'
+ldap.search_filter_tmpl = '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))'
 ldap.timeout = 1
 
 ad.module = 'ldapcherry.backend.backendSamba4'

diff --git a/tests/test_BackendLdap.py b/tests/test_BackendLdap.py
@@ -25,7 +25,7 @@
 'checkcert'          : 'off',
 'user_filter_tmpl'   : '(uid=%(username)s)',
 'group_filter_tmpl'  : '(member=%(userdn)s)',
-'search_filter_tmpl' : '&(uid=%(searchstring)s*)(sn=%(searchstring)s*)',
+'search_filter_tmpl' : '(|(uid=%(searchstring)s*)(sn=%(searchstring)s*))',
 }
 
 cherrypy.log.error = syslog_error
@@ -114,3 +114,9 @@ def testGetUser(self):
         ret = inv.get_user('jwatson')
         expected = ('cn=John Watson,ou=People,dc=example,dc=org', {'uid': ['jwatson'], 'cn': ['John Watson'], 'sn': ['watson']})
         assert ret == expected
+
+    def testSearchtUser(self):
+        inv = Backend(cfg, cherrypy.log, 'ldap', attr)
+        ret = inv.search('smith')
+        expected = [('cn=Sheri Smith,ou=People,dc=example,dc=org', {'uid': ['ssmith'], 'objectClass': ['inetOrgPerson'], 'carLicense': ['HERCAR 125'], 'sn': ['smith'], 'mail': ['s.smith@example.com', 'ssmith@example.com', 'sheri.smith@example.com'], 'homePhone': ['555-111-2225'], 'cn': ['Sheri Smith']}), ('cn=John Smith,ou=People,dc=example,dc=org', {'uid': ['jsmith'], 'objectClass': ['inetOrgPerson'], 'carLicense': ['HISCAR 125'], 'sn': ['Smith'], 'mail': ['j.smith@example.com', 'jsmith@example.com', 'jsmith.smith@example.com'], 'homePhone': ['555-111-2225'], 'cn': ['John Smith']})]
+        assert ret == expected
diff --git a/tests/test_env/deploy.sh b/tests/test_env/deploy.sh
@@ -17,7 +17,7 @@ sudo sed -i "s%tools.staticdir.dir.*%tools.staticdir.dir = '`pwd`/resources/stat
 chown -R openldap:openldap /etc/ldap/
 rm /etc/ldap/slapd.d/cn\=config/*mdb*
 /etc/init.d/slapd restart
-ldapadd -H ldap://localhost:390  -x -D "cn=admin,dc=example,dc=org" -f /etc/ldap/content.ldif -w password
+ldapadd -c -H ldap://localhost:390  -x -D "cn=admin,dc=example,dc=org" -f /etc/ldap/content.ldif -w password
 sed -i "s/\(127.0.0.1.*\)/\1 ldap.ldapcherry.org ad.ldapcherry.org/" /etc/hosts
 
 

diff --git a/tests/test_env/etc/ldap/content.ldif b/tests/test_env/etc/ldap/content.ldif
@@ -32,6 +32,18 @@ mail: s.smith@example.com
 mail: ssmith@example.com
 mail: sheri.smith@example.com
 
+dn: cn=John Smith,ou=people,dc=example,dc=org
+objectclass: inetOrgPerson
+cn: John Smith
+sn: Smith
+uid: jsmith
+userpassword: passwordsmith
+carlicense: HISCAR 125
+homephone: 555-111-2225
+mail: j.smith@example.com
+mail: jsmith@example.com
+mail: jsmith.smith@example.com
+
 dn: cn=John Watson,ou=people,dc=example,dc=org
 objectclass: inetOrgPerson
 cn: John Watson