management: Move query_ldap function to zproject/backends.py.

This will make it simpler to organize and unit-test all of our authentication backend code.
2025-11-18 21:48:30 +00:00 · 2019-03-09 06:52:14 +00:00
parent 1157aef8b3
commit 13eaa49a42
2 changed files with 20 additions and 20 deletions
--- a/zproject/backends.py
+++ b/zproject/backends.py
@@ -3,6 +3,7 @@ from typing import Any, Dict, List, Optional, Set, Tuple, Union

 from django_auth_ldap.backend import LDAPBackend, _LDAPUser
 import django.contrib.auth
+from django.contrib.auth import get_backends
 from django.contrib.auth.backends import RemoteUserBackend
 from django.conf import settings
 from django.core.exceptions import ValidationError
@@ -503,6 +504,24 @@ def sync_user_from_ldap(user_profile: UserProfile) -> bool:
        return False
    return True

+# Quick tool to test whether you're correctly authenticating to LDAP
+def query_ldap(**options: str) -> None:
+    email = options['email']
+    for backend in get_backends():
+        if isinstance(backend, LDAPBackend):
+            ldap_attrs = _LDAPUser(backend, backend.django_to_ldap_username(email)).attrs
+            if ldap_attrs is None:
+                print("No such user found")
+            else:
+                for django_field, ldap_field in settings.AUTH_LDAP_USER_ATTR_MAP.items():
+                    value = ldap_attrs.get(ldap_field, ["LDAP field not present", ])[0]
+                    if django_field == "avatar":
+                        if isinstance(value, bytes):
+                            value = "(An avatar image file)"
+                    print("%s: %s" % (django_field, value))
+                if settings.LDAP_EMAIL_ATTR is not None:
+                    print("%s: %s" % ('email', ldap_attrs[settings.LDAP_EMAIL_ATTR]))
+
 class DevAuthBackend(ZulipAuthMixin):
    # Allow logging in as any user without a password.
    # This is used for convenience when developing Zulip.