diff --git a/reviewboard/accounts/backends.py b/reviewboard/accounts/backends.py index 34590c168f77db738b6c052e62a0c503fa80c877..60a65fd665b1d5b243270aff7fcfe3c6fce0e2e8 100644 --- a/reviewboard/accounts/backends.py +++ b/reviewboard/accounts/backends.py @@ -250,8 +250,20 @@ class LDAPBackend(AuthBackend): user_info = passwd[0][1] - first_name = user_info.get('givenName', [username])[0] - last_name = user_info.get('sn', [""])[0] + given_name_attr = settings.LDAP_GIVEN_NAME_ATTRIBUTE + first_name = user_info.get(given_name_attr, [username])[0] + + surname_attr = settings.LDAP_SURNAME_ATTRIBUTE + last_name = user_info.get(surname_attr, [''])[0] + + # If a single ldap attribute is used to hold the full name of + # a user, split it into two parts. Where to split was a coin + # toss and I went with a left split for the first name and + # dumped the remainder into the last name field. The system + # admin can handle the corner cases. + if settings.LDAP_FULL_NAME_ATTRIBUTE: + full_name = user_info[settings.LDAP_FULL_NAME_ATTRIBUTE][0] + first_name, last_name = full_name.split(' ', 1) if settings.LDAP_EMAIL_DOMAIN: email = u'%s@%s' % (username, settings.LDAP_EMAIL_DOMAIN) diff --git a/reviewboard/accounts/forms.py b/reviewboard/accounts/forms.py index 71dabab42f36707b9f37a0d54af652fe7dce9be0..3558f10763ec1acacb20a8f338276ce2d011898a 100644 --- a/reviewboard/accounts/forms.py +++ b/reviewboard/accounts/forms.py @@ -286,6 +286,27 @@ class LDAPSettingsForm(SiteSettingsForm): "example: ou=users,dc=example,dc=com"), required=True) + auth_ldap_given_name_attribute = forms.CharField( + label=_("Given Name Attribute"), + initial="givenName", + help_text=_("The attribute in the LDAP server that stores the user's " + "given name."), + required=False) + + auth_ldap_surname_attribute = forms.CharField( + label=_("Surname Attribute"), + initial="sn", + help_text=_("The attribute in the LDAP server that stores the user's " + "surname."), + required=False) + + auth_ldap_full_name_attribute = forms.CharField( + label=_("Full Name Attribute"), + help_text=_("The attribute in the LDAP server that stores the user's " + "full name. This takes precedence over the " + '"Full Name Attribute" and "Surname Attribute."'), + required=False) + auth_ldap_email_domain = forms.CharField( label=_("E-Mail Domain"), help_text=_("The domain name appended to the username to construct " @@ -328,6 +349,9 @@ class LDAPSettingsForm(SiteSettingsForm): if not can_enable_ldap: self.disabled_fields['auth_ldap_uri'] = True + self.disabled_fields['auth_ldap_given_name_attribute'] = True + self.disabled_fields['auth_ldap_surname_attribute'] = True + self.disabled_fields['auth_ldap_full_name_attribute'] = True self.disabled_fields['auth_ldap_email_domain'] = True self.disabled_fields['auth_ldap_email_attribute'] = True self.disabled_fields['auth_ldap_tls'] = True diff --git a/reviewboard/admin/siteconfig.py b/reviewboard/admin/siteconfig.py index c6f59bfb5940a714c1343cad1e440398fa4e6cdc..ab2f16edac97a8ce4f1df34bab08c057cdc4fdf3 100644 --- a/reviewboard/admin/siteconfig.py +++ b/reviewboard/admin/siteconfig.py @@ -55,27 +55,30 @@ storage_backend_map = { # A mapping of siteconfig setting names to Django settings.py names. # This also contains all the djblets-provided mappings as well. settings_map = { - 'auth_ldap_anon_bind_uid': 'LDAP_ANON_BIND_UID', - 'auth_ldap_anon_bind_passwd': 'LDAP_ANON_BIND_PASSWD', - 'auth_ldap_email_domain': 'LDAP_EMAIL_DOMAIN', - 'auth_ldap_email_attribute': 'LDAP_EMAIL_ATTRIBUTE', - 'auth_ldap_tls': 'LDAP_TLS', - 'auth_ldap_base_dn': 'LDAP_BASE_DN', - 'auth_ldap_uid_mask': 'LDAP_UID_MASK', - 'auth_ldap_uri': 'LDAP_URI', - 'auth_ad_domain_name': 'AD_DOMAIN_NAME', - 'auth_ad_use_tls': 'AD_USE_TLS', - 'auth_ad_find_dc_from_dns': 'AD_FIND_DC_FROM_DNS', - 'auth_ad_domain_controller': 'AD_DOMAIN_CONTROLLER', - 'auth_ad_ou_name': 'AD_OU_NAME', - 'auth_ad_group_name': 'AD_GROUP_NAME', - 'auth_ad_search_root': 'AD_SEARCH_ROOT', - 'auth_ad_recursion_depth': 'AD_RECURSION_DEPTH', - 'auth_x509_username_field': 'X509_USERNAME_FIELD', - 'auth_x509_username_regex': 'X509_USERNAME_REGEX', - 'auth_x509_autocreate_users': 'X509_AUTOCREATE_USERS', - 'auth_nis_email_domain': 'NIS_EMAIL_DOMAIN', - 'site_domain_method': 'DOMAIN_METHOD', + 'auth_ldap_anon_bind_uid': 'LDAP_ANON_BIND_UID', + 'auth_ldap_anon_bind_passwd': 'LDAP_ANON_BIND_PASSWD', + 'auth_ldap_given_name_attribute': 'LDAP_GIVEN_NAME_ATTRIBUTE', + 'auth_ldap_surname_attribute': 'LDAP_SURNAME_ATTRIBUTE', + 'auth_ldap_full_name_attribute': 'LDAP_FULL_NAME_ATTRIBUTE', + 'auth_ldap_email_domain': 'LDAP_EMAIL_DOMAIN', + 'auth_ldap_email_attribute': 'LDAP_EMAIL_ATTRIBUTE', + 'auth_ldap_tls': 'LDAP_TLS', + 'auth_ldap_base_dn': 'LDAP_BASE_DN', + 'auth_ldap_uid_mask': 'LDAP_UID_MASK', + 'auth_ldap_uri': 'LDAP_URI', + 'auth_ad_domain_name': 'AD_DOMAIN_NAME', + 'auth_ad_use_tls': 'AD_USE_TLS', + 'auth_ad_find_dc_from_dns': 'AD_FIND_DC_FROM_DNS', + 'auth_ad_domain_controller': 'AD_DOMAIN_CONTROLLER', + 'auth_ad_ou_name': 'AD_OU_NAME', + 'auth_ad_group_name': 'AD_GROUP_NAME', + 'auth_ad_search_root': 'AD_SEARCH_ROOT', + 'auth_ad_recursion_depth': 'AD_RECURSION_DEPTH', + 'auth_x509_username_field': 'X509_USERNAME_FIELD', + 'auth_x509_username_regex': 'X509_USERNAME_REGEX', + 'auth_x509_autocreate_users': 'X509_AUTOCREATE_USERS', + 'auth_nis_email_domain': 'NIS_EMAIL_DOMAIN', + 'site_domain_method': 'DOMAIN_METHOD', } settings_map.update(get_django_settings_map()) settings_map.update(log_siteconfig.settings_map)