diff --git a/pym/cl_ldap.py b/pym/cl_ldap.py index 16fefa1..65ea3d2 100644 --- a/pym/cl_ldap.py +++ b/pym/cl_ldap.py @@ -173,7 +173,8 @@ class ldapUser(_error): 'shadowMax':('user','shadowMax'), 'shadowWarning':('user','shadowWarning'), 'shadowExpire':('user','shadowExpire'), - 'shadowFlag':('user','shadowFlag')}) + 'shadowFlag':('user','shadowFlag'), + 'groups':('group','memberUid')}) listUserAttr = map(lambda x: x[0], filter(lambda x: x[1][0]=="user", convertDict.items())) @@ -197,19 +198,31 @@ class ldapUser(_error): for dictAttr in listGroupAttr: searchGroup = [] ldapAttr = convertDict[dictAttr][1] - for groupDN in groupsDNs: - searchGroup = self.ldapObj.ldapSearch(groupDN, + if dictAttr == "group": + for groupDN in groupsDNs: + searchGroup = self.ldapObj.ldapSearch(groupDN, ldap.SCOPE_ONELEVEL, "gidNumber=%s" %gid, None) + if searchGroup: + break if searchGroup: - break - if searchGroup: - if ldapAttr in searchGroup[0][0][1]: - dictOut[dictAttr] = searchGroup[0][0][1][ldapAttr][0] + if ldapAttr in searchGroup[0][0][1]: + dictOut[dictAttr]=searchGroup[0][0][1][ldapAttr][0] + else: + dictOut[dictAttr] = "" else: dictOut[dictAttr] = "" - else: - dictOut[dictAttr] = "" + elif dictAttr == "groups": + userGroups = [] + for groupDN in groupsDNs: + searchGroup = self.ldapObj.ldapSearch(groupDN, + ldap.SCOPE_ONELEVEL, + "%s=%s" %(ldapAttr,userName), + ["cn"]) + if searchGroup: + userGroups += map(lambda x: x[0][1]["cn"][0], + searchGroup) + dictOut[dictAttr] = userGroups if uid and gid: return dictOut else: