Switch to LDAP lookup for nsaccountlock in freeipa.

Fixes #416
ubccr · Aug 5, 2022 · 15b9369 · 15b9369
1 parent b21e9c6
commit 15b9369
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/coldfront/plugins/freeipa/management/commands/freeipa_check.py b/coldfront/plugins/freeipa/management/commands/freeipa_check.py
@@ -8,6 +8,7 @@
 from ipalib import api
 from ipalib.errors import NotFound
 
+from coldfront.plugins.freeipa.search import LDAPUserSearch
 from coldfront.core.allocation.models import Allocation, AllocationUser
 from coldfront.plugins.freeipa.utils import (CLIENT_KTNAME, FREEIPA_NOOP,
                                              UNIX_GROUP_ATTRIBUTE_NAME,
@@ -118,11 +119,11 @@ def check_user_freeipa(self, user, active_groups, removed_groups):
             logger.debug(result)
             freeipa_groups = [str(x) for x in result]
 
-            result = self.ifp.GetUserAttr(user.username, ["nsaccountlock"])
-            if 'nsAccountLock' in result and str(result['nsAccountLock'][0]) == 'TRUE':
-                freeipa_status = 'Disabled'
-            else:
+            users = self.ipa_ldap.search_a_user(user.username, "username_only")
+            if len(users) == 1:
                 freeipa_status = 'Enabled'
+            else:
+                freeipa_status = 'Disabled'
         except dbus.exceptions.DBusException as e:
             if 'No such user' in str(e) or 'NotFound' in str(e):
                 logger.warn("User %s not found in FreeIPA", user.username)
@@ -248,6 +249,7 @@ def handle(self, *args, **options):
         if options['header']:
             self.write('\t'.join(header))
 
+        self.ipa_ldap = LDAPUserSearch("", "")
         bus = dbus.SystemBus()
         infopipe_obj = bus.get_object("org.freedesktop.sssd.infopipe", "/org/freedesktop/sssd/infopipe")
         self.ifp = dbus.Interface(infopipe_obj, dbus_interface='org.freedesktop.sssd.infopipe')