summaryrefslogtreecommitdiffstats
path: root/ipa-server/ipa-gui/ipagui/proxyprovider.py
diff options
context:
space:
mode:
Diffstat (limited to 'ipa-server/ipa-gui/ipagui/proxyprovider.py')
-rw-r--r--ipa-server/ipa-gui/ipagui/proxyprovider.py23
1 files changed, 12 insertions, 11 deletions
diff --git a/ipa-server/ipa-gui/ipagui/proxyprovider.py b/ipa-server/ipa-gui/ipagui/proxyprovider.py
index ab45a6db8..5a145de14 100644
--- a/ipa-server/ipa-gui/ipagui/proxyprovider.py
+++ b/ipa-server/ipa-gui/ipagui/proxyprovider.py
@@ -24,6 +24,7 @@ from ipaserver import funcs
import ipa.config
import ipa.group
import ipa.user
+import ldap
log = logging.getLogger("turbogears.identity")
@@ -41,18 +42,18 @@ class IPA_User(object):
client = ipa.ipaclient.IPAClient(transport)
client.set_krbccache(os.environ["KRB5CCNAME"])
try:
- user = client.get_user_by_principal(user_name, ['dn'])
+ # Use memberof so we can see recursive group memberships as well.
+ user = client.get_user_by_principal(user_name, ['dn', 'memberof'])
self.groups = []
- groups = client.get_groups_by_member(user.dn, ['dn', 'cn'])
- if isinstance(groups, str):
- groups = [groups]
- for ginfo in groups:
- # cn may be multi-valued, add them all just in case
- cn = ginfo.getValue('cn')
- if isinstance(cn, str):
- cn = [cn]
- for c in cn:
- self.groups.append(c)
+ memberof = user.getValues('memberof')
+ if isinstance(memberof, str):
+ memberof = [memberof]
+ for mo in memberof:
+ rdn_list = ldap.explode_dn(mo, 0)
+ first_rdn = rdn_list[0]
+ (type,value) = first_rdn.split('=')
+ if type == "cn":
+ self.groups.append(value)
except:
raise
generated by cgit (git 2.34.1) at 2024-06-15 13:49:00 +0000