Better user objectClasses

config.sample.toml

@@ -11,4 +11,5 @@ ROOT_DN = "dc=mydomain,dc=tld"
 BIND_DN = "cn=admin,dc=mydomain,dc=tld"
 BIND_PW = "admin"
 
+USER_FILTER = "(|(uid={login})(cn={login}))"
 ADMIN_FILTER = "cn=Jane Doe"

docker/bootstrap.ldif

@@ -16,12 +16,18 @@ ou: authorizations
 
 dn: cn=Jane Doe,ou=users,dc=mydomain,dc=tld
 objectclass: person
+objectclass: uidobject
+objectclass: simpleSecurityObject
 cn: Jane Doe
 sn: Doe
+uid: admin
 userpassword: {SSHA}7zQVLckaEc6cJEsS0ylVipvb2PAR/4tS
 
 dn: cn=John Doe,ou=users,dc=mydomain,dc=tld
 objectclass: person
+objectclass: uidobject
+objectclass: simpleSecurityObject
 cn: John Doe
 sn: Doe
+uid: user
 userpassword: {SSHA}Yr1ZxSljRsKyaTB30suY2iZ1KRTStF1X

tests/conftest.py

@@ -86,6 +86,7 @@ def app(slapd_server):
                 "URI": slapd_server.ldap_uri,
                 "BIND_DN": slapd_server.root_dn,
                 "BIND_PW": slapd_server.root_pw,
+                "USER_FILTER": "(|(uid={login})(mail={login}))",
             },
         }
     )
@@ -127,9 +128,6 @@ def client(app, slapd_connection):
 
 @pytest.fixture
 def user(app, slapd_connection):
-    u = User(cn="John Doe", sn="Doe")
+    u = User(cn="John Doe", sn="Doe", uid="user", userpassword="{SSHA}fw9DYeF/gHTHuVMepsQzVYAkffGcU8Fz")
     u.save(slapd_connection)
-    slapd_connection.passwd_s(
-        u.dn.encode("utf-8"), None, "correct horse battery staple".encode("utf-8"),
-    )
     return u

web/forms.py

@@ -5,7 +5,7 @@ from flask_wtf import FlaskForm
 
 class LoginForm(FlaskForm):
     login = wtforms.StringField(
-        gettext("Username"),
+        gettext("Login"),
         validators=[wtforms.validators.DataRequired()],
         render_kw={"placeholder": "mdupont"},
     )

web/models.py

@@ -12,7 +12,7 @@ from .ldaputils import LDAPObjectHelper
 
 
 class User(LDAPObjectHelper):
-    objectClass = ["person"]
+    objectClass = ["person", "simpleSecurityObject", "uidObject"]
     base = "ou=users"
     id = "cn"
     admin = False