From 6f4cc4280534f0e4c857e6aab5325cb981dcc2a1 Mon Sep 17 00:00:00 2001
From: Vadim Aleksandrov <valeksandrov@me.com>
Date: Fri, 9 Feb 2018 15:32:50 +0300
Subject: [PATCH 1/3] Fix issue with LDAP search filter. It is necessary to
 bracket the expression with additional filter conditions

---
 app/models.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/models.py b/app/models.py
index 9aee967..5908603 100644
--- a/app/models.py
+++ b/app/models.py
@@ -188,7 +188,7 @@ class User(db.Model):
 
             searchFilter = "(&(objectcategory=person)(samaccountname=%s))" % self.username
             if LDAP_TYPE == 'ldap':
-              searchFilter = "(&(%s=%s)%s)" % (LDAP_USERNAMEFIELD, self.username, LDAP_FILTER)
+              searchFilter = "(&(%s=%s)(%s))" % (LDAP_USERNAMEFIELD, self.username, LDAP_FILTER)
               logging.info('Ldap searchFilter "%s"' % searchFilter)
 
             result = self.ldap_search(searchFilter, LDAP_SEARCH_BASE)

From b0caf0ca48017371b06ae0667a0177a5d456cfbf Mon Sep 17 00:00:00 2001
From: Vadim Aleksandrov <valeksandrov@me.com>
Date: Fri, 9 Feb 2018 15:37:28 +0300
Subject: [PATCH 2/3] Fix issue with inserting into the database fields
 'firstname' and 'lastname' containing non-ascii characters that can be
 retrieved from LDAP

---
 app/models.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/app/models.py b/app/models.py
index 5908603..39875e7 100644
--- a/app/models.py
+++ b/app/models.py
@@ -9,6 +9,7 @@ import traceback
 import pyotp
 import re
 import dns.reversename
+import sys
 
 from datetime import datetime
 from distutils.util import strtobool
@@ -221,6 +222,12 @@ class User(db.Model):
                     self.firstname = result[0][0][1]['givenName'][0]
                     self.lastname = result[0][0][1]['sn'][0]
                     self.email = result[0][0][1]['mail'][0]
+
+                    if sys.version_info < (3,):
+                        if isinstance(self.firstname, str):
+                            self.firstname = self.firstname.decode('utf-8')
+                        if isinstance(self.lastname, str):
+                            self.lastname = self.lastname.decode('utf-8')
                 except Exception:
                     self.firstname = self.username
                     self.lastname = ''

From 0436d69ea63e6896809ae225cadd95dd866ae56f Mon Sep 17 00:00:00 2001
From: Vadim Aleksandrov <valeksandrov@me.com>
Date: Fri, 9 Feb 2018 15:41:19 +0300
Subject: [PATCH 3/3] Adding the ability to use 'LDAP_USERNAMEFIELD' and
 'LDAP_FILTER' in case of use with Active Directory for authorization

---
 app/models.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/app/models.py b/app/models.py
index 39875e7..6f7e1af 100644
--- a/app/models.py
+++ b/app/models.py
@@ -187,11 +187,13 @@ class User(db.Model):
                 logging.error('LDAP authentication is disabled')
                 return False
 
-            searchFilter = "(&(objectcategory=person)(samaccountname=%s))" % self.username
-            if LDAP_TYPE == 'ldap':
-              searchFilter = "(&(%s=%s)(%s))" % (LDAP_USERNAMEFIELD, self.username, LDAP_FILTER)
-              logging.info('Ldap searchFilter "%s"' % searchFilter)
+            if LDAP_TYPE == 'ad':
+                searchFilter = "(&(objectcategory=person)(%s=%s)(%s))" % (LDAP_USERNAMEFIELD, self.username, LDAP_FILTER)
 
+            elif LDAP_TYPE == 'ldap':
+                searchFilter = "(&(%s=%s)(%s))" % (LDAP_USERNAMEFIELD, self.username, LDAP_FILTER)
+
+            logging.info('Ldap searchFilter "%s"' % searchFilter)
             result = self.ldap_search(searchFilter, LDAP_SEARCH_BASE)
             if not result:
                 logging.warning('User "%s" does not exist' % self.username)