support impersonating other users.

Support for impersonating other users using an impersonation operator when specifying the username.

The current impersonation operator is as. The left-hand argument is the actual user logging in, the right-hand argument is the impersonated user.

Example of how to use the operator:

app/ldap_authentication/authenticator.py

@@ -8,6 +8,11 @@ from ldap.ldapobject import SimpleLDAPObject
 
 from app.protocols import Authenticator
 
+# Impersonation constants
+IMPERSONATION_OPERATOR = ".as."
+IMPERSONATORS = ["ac4014", "infosys", "ip914", "jsbailey", "ld507", "rbc"]
+
+
 # Used to parse key-value LDAP attributes
 ATTRIBUTE_PATTERN = r"([A-Za-z0-9]+)=([A-Za-z0-9-@]+)"
 USERNAME_FILTER_TEMPLATE = "(&(objectClass=user)(sAMAccountName=%s))"
@@ -71,12 +76,18 @@ class DocLdapAuthenticator(Authenticator):
         :param attributes: names of the attributes to filter for
         :return: attr_name -> attr_value dict for given username
         """
+        logging_in_as = username
+        if IMPERSONATION_OPERATOR in username:
+            users = username.split(IMPERSONATION_OPERATOR)
+            if users[0] in IMPERSONATORS:
+                username = users[0]
+                logging_in_as = users[1]
         connection = ldap.initialize(self.server_url)
         connection.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
         connection.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
         connection.simple_bind_s(BINDING_TEMPLATE % username, password)
         attributes = serialise_ldap_attributes(
-            self._raw_attributes(username, query_attrs, connection)
+            self._raw_attributes(logging_in_as, query_attrs, connection)
         )
         connection.unbind_s()
         return attributes