summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xbin/kolab_smtp_access_policy.py14
-rw-r--r--pykolab/auth/__init__.py17
-rw-r--r--pykolab/auth/ldap/__init__.py56
3 files changed, 81 insertions, 6 deletions
diff --git a/bin/kolab_smtp_access_policy.py b/bin/kolab_smtp_access_policy.py
index d3c2df6..a1e6639 100755
--- a/bin/kolab_smtp_access_policy.py
+++ b/bin/kolab_smtp_access_policy.py
@@ -676,31 +676,33 @@ def verify_recipient(policy_request):
'address_search_attrs'
)
- user = {
- 'dn': auth.find_user(
+ recipient = {
+ 'dn': auth.find_recipient(
search_attrs,
parse_address(policy_request['recipient']),
domain=domain,
# TODO: Get the filter from the configuration.
- additional_filter="(&(objectclass=kolabinetorgperson)%(search_filter)s)"
+ additional_filter="%(search_filter)s"
)
}
+
+
# We have gotten an invalid recipient. We need to catch this case, because
# testing can input invalid recipients, and so can faulty applications, or
# misconfigured servers.
- if not user['dn']:
+ if not recipient['dn']:
if not conf.allow_unauthenticated:
reject(_("Invalid recipient"))
policy_done = True
return False
else:
- log.debug(_("Could not find this user, accepting"), level=8)
+ log.debug(_("Could not find this recipient, accepting"), level=8)
return True
recipient_policy = auth.get_user_attribute(
domain,
- user,
+ recipient,
'kolabAllowSMTPSender'
)
diff --git a/pykolab/auth/__init__.py b/pykolab/auth/__init__.py
index eb2d542..09f0681 100644
--- a/pykolab/auth/__init__.py
+++ b/pykolab/auth/__init__.py
@@ -159,6 +159,23 @@ class Auth(object):
return self._auth[domain]._find_user(attr, value, domain=domain, **kw)
+ def find_recipient(self, attr, value, domain=None, **kw):
+ self.connect(domain)
+
+ if self.secondary_domains.has_key(domain):
+ log.debug(
+ _("Using primary domain %s instead of secondary domain %s")
+ %(
+ self.secondary_domains[domain],
+ domain
+ ),
+ level=9
+ )
+
+ domain = self.secondary_domains[domain]
+
+ return self._auth[domain]._find_recipient(attr, value, domain=domain, **kw)
+
def list_domains(self):
"""
List the domains using the auth_mechanism setting in the kolab
diff --git a/pykolab/auth/ldap/__init__.py b/pykolab/auth/ldap/__init__.py
index 8b224ee..76c130f 100644
--- a/pykolab/auth/ldap/__init__.py
+++ b/pykolab/auth/ldap/__init__.py
@@ -313,6 +313,62 @@ class LDAP(object):
return _user_dn
+ def _find_recipient(self, attr, value, domain=None, additional_filter=None):
+ self._connect()
+ self._bind()
+
+ if domain == None:
+ domain = conf.get('kolab', 'primary_domain')
+
+ domain_root_dn = self._kolab_domain_root_dn(domain)
+
+ if conf.has_option(domain, 'base_dn'):
+ section = domain
+ else:
+ section = 'ldap'
+
+ base_dn = conf.get_raw(
+ section,
+ 'base_dn'
+ )
+
+ if type(attr) == str:
+ search_filter = "(%s=%s)" %(
+ attr,
+ value
+ )
+ elif type(attr) == list:
+ search_filter = "(|"
+ for _attr in attr:
+ search_filter = "%s(%s=%s)" %(search_filter, _attr, value)
+ search_filter = "%s)" %(search_filter)
+
+ if additional_filter:
+ search_filter = additional_filter % {
+ 'search_filter': search_filter
+ }
+
+ log.debug(
+ _("Attempting to find the recipient with search filter: %s") %(
+ search_filter
+ ),
+ level=8
+ )
+
+ _results = self.ldap.search_s(
+ base_dn,
+ scope=ldap.SCOPE_SUBTREE,
+ filterstr=search_filter,
+ attrlist=[ 'dn' ]
+ )
+
+ if len(_results) == 1:
+ (_recipient_dn, _recipient_attrs) = _results[0]
+ else:
+ return False
+
+ return _recipient_dn
+
def _persistent_search(self,
base_dn,
scope=ldap.SCOPE_SUBTREE,