diff --git a/cps/web.py b/cps/web.py index c5a437b3a6..22a651b783 100755 --- a/cps/web.py +++ b/cps/web.py @@ -1353,7 +1353,7 @@ def login_post(): user = ub.session.query(ub.User).filter(func.lower(ub.User.name) == form.get('username', "").strip().lower()) \ .first() remember_me = bool(form.get('remember_me')) - if config.config_login_type == constants.LOGIN_LDAP and services.ldap and form['password'] != "": + if config.config_login_type == constants.LOGIN_LDAP and services.ldap and (user or os.environ.get("CALIBRE_LDAP_AUTO_CREATE", None)) and form['password'] != "": login_result, error = services.ldap.bind_user(form['username'], form['password']) if login_result: log.debug(u"You are now logged in as: '{}'".format(form['username'])) @@ -1418,15 +1418,22 @@ def create_user(username): message = _(u'Failed to get LDAP User details') return None, message - admin_group_name = os.environ.get("CALIBRE_LDAP_ADMIN_GROUP_NAME", None) admin_group_filter = os.environ.get("CALIBRE_LDAP_ADMIN_GROUP_FILTER", None) - role = 0 - try: - group_data = services.ldap.get_object_details(group=admin_group_name, query_filter=admin_group_filter) - except Exception as e: - log.error('LDAP user details failed: %s', e) - message = _(u'Failed to get LDAP User details') - return None, message + role = constants.ROLE_USER + if admin_group_filter: + try: + log.debug(u"LDAP admin group filter: '{}'".format(admin_group_filter)) + group_data = services.ldap.get_object_details(user=username, query_filter=admin_group_filter) + if group_data: + log.debug(u"LDAP admin group is found: '{}'".format(group_data)) + role = constants.ROLE_ADMIN + else: + log.debug(u"LDAP admin group is not found") + + except Exception as e: + log.error('LDAP admin group lookup failed: %s', e) + message = _(u'Failed to get LDAP admin group details') + return None, message user, error = ldap_create_user(username, user_data, role) return user, error