From df14ca567382183c7593004006bc466fd00eb239 Mon Sep 17 00:00:00 2001
From: Patrick Cernko <pcernko@mpi-klsb.mpg.de>
Date: Wed, 6 Mar 2024 17:44:18 +0100
Subject: [PATCH] more ldap verification for MPI users

---
 gen_config.py | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/gen_config.py b/gen_config.py
index 70586e0..c6de8e0 100755
--- a/gen_config.py
+++ b/gen_config.py
@@ -17,18 +17,25 @@ def info(msg):
 try:
     import mpildap
     mpildap_available = True
+    own_domains = set(d for o in mpildap.ldaps('istMailDomainReceive=*', 'istMailDomainReceive') for d in o)
 except ModuleNotFoundError:
     warn('mpildap module not available, email normalization will be skipped')
     mpildap_available = False
     pass
 
-def normalize_email(email):
+def normalize_email(email, required=False):
     if not mpildap_available:
         return email
     lp, domain = email.split('@')
-    ldap_mail = mpildap.ldaps(f'&(istEmailName={lp})(istMailDomainReceive={domain})', 'mail', unique=True)
+    ldap_mail = mpildap.ldaps(f'&(objectClass=istMailAccount)(istEmailName={lp})(istMailDomainReceive={domain})', ['mail', 'istIsPseudoAccount'], unique=True)
     if ldap_mail:
-        return ldap_mail[0]
+        if ldap_mail['istIsPseudoAccount']:
+            err(f'Address {email} belongs to a pseudo account')
+            exit(1)
+        return ldap_mail['mail'][0]
+    if required and domain in own_domains:
+        err(f'Address {email} in own domains does not exist or is a MailGroup!')
+        exit(1)
     return email
 
 regexp_mapping = {}
@@ -217,13 +224,14 @@ else:
 # digest_header not used
 # digest_footer not used
 
-
-ET.SubElement(xml, "creation_email").text = normalize_email(old_vars['owner'][0])
-for owner in old_vars['owner']:
+owners = list(set(normalize_email(e, required=True) for e in old_vars['owner']))
+ET.SubElement(xml, "creation_email").text = owners[0]
+for owner in owners:
     o = ET.SubElement(xml, "owner", attrib={'multiple':'1'})
-    ET.SubElement(o, "email").text = normalize_email(owner)
+    ET.SubElement(o, "email").text = owner
 
-for mod in old_vars['moderator']:
+moderators = list(set(normalize_email(e, required=True) for e in old_vars['moderator']))
+for mod in moderators:
     o = ET.SubElement(xml, "editor", attrib={'multiple':'1'})
     ET.SubElement(o, "email").text = normalize_email(mod)
 
-- 
GitLab