@@ -274,6 +274,81 @@ def _ldap_connection_factory(self, config):
274274
275275 return connection
276276
277+ def _populate_attributes (self , config , record , context , data ):
278+ """
279+ Use a record found in LDAP to populate attributes.
280+ """
281+ search_return_attributes = config ['search_return_attributes' ]
282+ for attr in search_return_attributes .keys ():
283+ if attr in record ["attributes" ]:
284+ if record ["attributes" ][attr ]:
285+ data .attributes [search_return_attributes [attr ]] = record ["attributes" ][attr ]
286+ satosa_logging (
287+ logger ,
288+ logging .DEBUG ,
289+ "Setting internal attribute {} with values {}" .format (
290+ search_return_attributes [attr ],
291+ record ["attributes" ][attr ]
292+ ),
293+ context .state
294+ )
295+ else :
296+ satosa_logging (
297+ logger ,
298+ logging .DEBUG ,
299+ "Not setting internal attribute {} because value {} is null or empty" .format (
300+ search_return_attributes [attr ],
301+ record ["attributes" ][attr ]
302+ ),
303+ context .state
304+ )
305+
306+ def _populate_input_for_name_id (self , config , record , context , data ):
307+ """
308+ Use a record found in LDAP to populate input for
309+ NameID generation.
310+ """
311+ user_id = ""
312+ user_id_from_attrs = config ['user_id_from_attrs' ]
313+ for attr in user_id_from_attrs :
314+ if attr in record ["attributes" ]:
315+ value = record ["attributes" ][attr ]
316+ if isinstance (value , list ):
317+ # Use a default sort to ensure some predictability since the
318+ # LDAP directory server may return multi-valued attributes
319+ # in any order.
320+ value .sort ()
321+ user_id += "" .join (value )
322+ satosa_logging (
323+ logger ,
324+ logging .DEBUG ,
325+ "Added attribute {} with values {} to input for NameID" .format (attr , v ),
326+ context .state
327+ )
328+ else :
329+ user_id += value
330+ satosa_logging (
331+ logger ,
332+ logging .DEBUG ,
333+ "Added attribute {} with value {} to input for NameID" .format (attr , value ),
334+ context .state
335+ )
336+ if not user_id :
337+ satosa_logging (
338+ logger ,
339+ logging .WARNING ,
340+ "Input for NameID is empty so not overriding default" ,
341+ context .state
342+ )
343+ else :
344+ data .user_id = user_id
345+ satosa_logging (
346+ logger ,
347+ logging .DEBUG ,
348+ "Input for NameID is {}" .format (data .user_id ),
349+ context .state
350+ )
351+
277352 def process (self , context , data ):
278353 """
279354 Default interface for microservices. Process the input data for
@@ -346,15 +421,15 @@ def process(self, context, data):
346421 break
347422 except LDAPException as err :
348423 satosa_logging (logger , logging .ERROR , "Caught LDAP exception: {}" .format (err ), context .state )
349- return super ().process (context , data )
350-
351424 except LdapAttributeStoreError as err :
352425 satosa_logging (logger , logging .ERROR , "Caught LDAP Attribute Store exception: {}" .format (err ), context .state )
353- return super ().process (context , data )
354-
355426 except Exception as err :
356427 satosa_logging (logger , logging .ERROR , "Caught unhandled exception: {}" .format (err ), context .state )
357- return super ().process (context , data )
428+ else :
429+ err = None
430+ finally :
431+ if err :
432+ return super ().process (context , data )
358433
359434 # Before using a found record, if any, to populate attributes
360435 # clear any attributes incoming to this microservice if so configured.
@@ -368,39 +443,11 @@ def process(self, context, data):
368443 satosa_logging (logger , logging .DEBUG , "Record with DN {} has attributes {}" .format (record ["dn" ], record ["attributes" ]), context .state )
369444
370445 # Populate attributes as configured.
371- search_return_attributes = config ['search_return_attributes' ]
372- for attr in search_return_attributes .keys ():
373- if attr in record ["attributes" ]:
374- if record ["attributes" ][attr ]:
375- data .attributes [search_return_attributes [attr ]] = record ["attributes" ][attr ]
376- satosa_logging (logger , logging .DEBUG , "Setting internal attribute {} with values {}" .format (search_return_attributes [attr ], record ["attributes" ][attr ]), context .state )
377- else :
378- satosa_logging (logger , logging .DEBUG , "Not setting internal attribute {} because value {} is null or empty" .format (search_return_attributes [attr ], record ["attributes" ][attr ]), context .state )
446+ self ._populate_attributes (config , record , context , data )
379447
380448 # Populate input for NameID if configured. SATOSA core does the hashing of input
381449 # to create a persistent NameID.
382- user_id_from_attrs = config ['user_id_from_attrs' ]
383- if user_id_from_attrs :
384- user_id = ""
385- for attr in user_id_from_attrs :
386- if attr in record ["attributes" ]:
387- value = record ["attributes" ][attr ]
388- if isinstance (value , list ):
389- # Use a default sort to ensure some predictability since the
390- # LDAP directory server may return multi-valued attributes
391- # in any order.
392- value .sort ()
393- for v in value :
394- user_id += v
395- satosa_logging (logger , logging .DEBUG , "Added attribute {} with value {} to input for NameID" .format (attr , v ), context .state )
396- else :
397- user_id += value
398- satosa_logging (logger , logging .DEBUG , "Added attribute {} with value {} to input for NameID" .format (attr , value ), context .state )
399- if not user_id :
400- satosa_logging (logger , logging .WARNING , "Input for NameID is empty so not overriding default" , context .state )
401- else :
402- data .user_id = user_id
403- satosa_logging (logger , logging .DEBUG , "Input for NameID is {}" .format (data .user_id ), context .state )
450+ self ._populate_input_for_name_id (config , record , context , data )
404451
405452 else :
406453 satosa_logging (logger , logging .WARN , "No record found in LDAP so no attributes will be added" , context .state )
0 commit comments