Source

iredadmin-ose / libs / ldaplib / auth.py

Diff from to

libs/ldaplib/auth.py

 
 import web
 import ldap
-import ldap.filter
+from ldap.dn import escape_dn_chars
 
 
 # Used for user auth.
 def Auth(uri, dn, password, session=web.config.get('_session')):
     try:
-        dn = ldap.filter.escape_filter_chars(web.safestr(dn.strip()))
+        dn = escape_dn_chars(web.safestr(dn.strip()))
         password = password.strip()
 
         # Detect STARTTLS support.
                         ')'
 
                 # Check whether this user is a site wide global admin.
-                qr = conn.search_s(dn, ldap.SCOPE_BASE, filter, ['objectClass', 'domainGlobalAdmin'])
+                qr = conn.search_s(
+                    dn,
+                    ldap.SCOPE_BASE,
+                    filter,
+                    ['objectClass', 'domainGlobalAdmin', 'enabledService'])
+
                 if not qr:
                     raise ldap.INVALID_CREDENTIALS
 
                     session['domainGlobalAdmin'] = True
 
                 if 'mailUser' in entry.get('objectClass'):
+                    if 'domainadmin' in entry.get('enabledService', []):
+                        return False
                     session['isMailUser'] = True
 
                 conn.unbind_s()