support impersonating other users.

Support for impersonating other users using an impersonation operator when specifying the username.

The current impersonation operator is as. The left-hand argument is the actual user logging in, the right-hand argument is the impersonated user.

Example of how to use the operator:

app/ldap_authentication/authenticator.py

@@ -8,6 +8,11 @@ from ldap.ldapobject import SimpleLDAPObject
 
 from app.protocols import Authenticator
 
+# Impersonation constants
+IMPERSONATION_PATTERN = r"([a-z0-9]+) as ([a-z0-9]+)"
+IMPERSONATORS = ["ac4014", "infosys", "ip914", "jsbailey", "ld507", "rbc"]
+
+
 # Used to parse key-value LDAP attributes
 ATTRIBUTE_PATTERN = r"([A-Za-z0-9]+)=([A-Za-z0-9-@]+)"
 USERNAME_FILTER_TEMPLATE = "(&(objectClass=user)(sAMAccountName=%s))"
@@ -71,12 +76,18 @@ class DocLdapAuthenticator(Authenticator):
         :param attributes: names of the attributes to filter for
         :return: attr_name -> attr_value dict for given username
         """
+        logging_in_as = username
+        users = re.match(IMPERSONATION_PATTERN, username)
+        if users:
+            impersonator, impersonated = users.groups()
+            username = impersonator
+            logging_in_as = impersonated if impersonator in IMPERSONATORS else impersonator
         connection = ldap.initialize(self.server_url)
         connection.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
         connection.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
         connection.simple_bind_s(BINDING_TEMPLATE % username, password)
         attributes = serialise_ldap_attributes(
-            self._raw_attributes(username, query_attrs, connection)
+            self._raw_attributes(logging_in_as, query_attrs, connection)
         )
         connection.unbind_s()
         return attributes