1
0
mirror of https://github.com/kakwa/ldapcherry synced 2024-11-22 09:24:21 +01:00

pep8 compliance

This commit is contained in:
kakwa 2015-07-11 22:25:21 +02:00
parent bbeaebe77d
commit 1885079444

View File

@ -17,7 +17,8 @@ import re
class DelUserDontExists(Exception):
def __init__(self, user):
self.user = user
self.log = "cannot remove user, user <%(user)s> does not exist" % {'user': user}
self.log = "cannot remove user, user <%(user)s> does not exist" % \
{'user': user}
class CaFileDontExist(Exception):
@ -68,54 +69,65 @@ class Backend(ldapcherry.backend.Backend):
et = type(e)
if et is ldap.OPERATIONS_ERROR:
self._logger(
severity=logging.ERROR,
msg="cannot use starttls with ldaps:// uri (uri: " + self.uri + ")",
severity=logging.ERROR,
msg="cannot use starttls with ldaps://"
" uri (uri: " + self.uri + ")",
)
elif et is ldap.INVALID_CREDENTIALS:
self._logger(
severity=logging.ERROR,
msg="Configuration error, wrong credentials, unable to connect to ldap with '" + self.binddn + "'",
)
severity=logging.ERROR,
msg="Configuration error, wrong credentials,"
" unable to connect to ldap with '" + self.binddn + "'",
)
elif et is ldap.SERVER_DOWN:
self._logger(
severity=logging.ERROR,
msg="Unable to contact ldap server '" + self.uri + "', check 'auth.ldap.uri' and ssl/tls configuration",
severity=logging.ERROR,
msg="Unable to contact ldap server '" +
self.uri +
"', check 'auth.ldap.uri'"
" and ssl/tls configuration",
)
elif et is ldap.FILTER_ERROR:
self._logger(
severity=logging.ERROR,
msg="Bad search filter, check '" + self.backend_name + ".*_filter_tmpl' params",
severity=logging.ERROR,
msg="Bad search filter, check '" +
self.backend_name +
".*_filter_tmpl' params",
)
elif et is ldap.NO_SUCH_OBJECT:
self._logger(
severity=logging.ERROR,
msg="Search DN '" + basedn \
+ "' doesn't exist, check '" \
+ self.backend_name + ".userdn' or '" \
+ self.backend_name + ".groupdn'",
severity=logging.ERROR,
msg="Search DN '" + basedn +
"' doesn't exist, check '" +
self.backend_name +
".userdn' or '" +
self.backend_name +
".groupdn'",
)
elif et is ldap.OBJECT_CLASS_VIOLATION:
info = e[0]['info']
desc = e[0]['desc']
self._logger(
severity=logging.ERROR,
msg="Configuration error, " + desc + ", " + info,
severity=logging.ERROR,
msg="Configuration error, " + desc + ", " + info,
)
elif et is ldap.INSUFFICIENT_ACCESS:
self._logger(
severity=logging.ERROR,
msg="Access error on '" + self.backend_name + "' backend, please check your acls in this backend",
severity=logging.ERROR,
msg="Access error on '" +
self.backend_name +
"' backend, please check your acls in this backend",
)
elif et is ldap.ALREADY_EXISTS:
desc = e[0]['desc']
self._logger(
severity=logging.ERROR,
msg="adding user failed, " + desc,
severity=logging.ERROR,
msg="adding user failed, " + desc,
)
else:
self._logger(
severity=logging.ERROR,
msg="unknow ldap exception in ldap backend",
severity=logging.ERROR,
msg="unknow ldap exception in ldap backend",
)
raise e
@ -132,20 +144,29 @@ class Backend(ldapcherry.backend.Backend):
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, self.ca)
else:
raise CaFileDontExist(self.ca)
#else:
# ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '')
if self.checkcert == 'off':
# this is dark magic
# remove any of these two lines and it doesn't work
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
ldap_client.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
ldap_client.set_option(
ldap.OPT_X_TLS_REQUIRE_CERT,
ldap.OPT_X_TLS_NEVER
)
else:
# this is even darker magic
ldap_client.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
# it doesn't make sense to set it to never (don't check certifate)
# but it only works with this option... and it checks the certificat
ldap_client.set_option(
ldap.OPT_X_TLS_REQUIRE_CERT,
ldap.OPT_X_TLS_DEMAND
)
# it doesn't make sense to set it to never
# (== don't check certifate)
# but it only works with this option...
# ... and it checks the certificat
# (I've lost my sanity over this)
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
ldap.set_option(
ldap.OPT_X_TLS_REQUIRE_CERT,
ldap.OPT_X_TLS_NEVER
)
if self.starttls == 'on':
try:
ldap_client.start_tls_s()
@ -177,11 +198,12 @@ class Backend(ldapcherry.backend.Backend):
ldap_client = self._bind()
try:
r = ldap_client.search_s(basedn,
ldap.SCOPE_SUBTREE,
searchfilter,
attrlist=attrlist
)
r = ldap_client.search_s(
basedn,
ldap.SCOPE_SUBTREE,
searchfilter,
attrlist=attrlist
)
except Exception as e:
ldap_client.unbind_s()
self._exception_handler(e)
@ -215,7 +237,7 @@ class Backend(ldapcherry.backend.Backend):
def auth(self, username, password):
binddn = self._get_user(username, NO_ATTR)
if not binddn is None:
if binddn is not None:
ldap_client = self._connect()
try:
ldap_client.simple_bind_s(binddn, password)
@ -233,7 +255,12 @@ class Backend(ldapcherry.backend.Backend):
for a in attrs:
attrs_str[self._str(a)] = self._str(attrs[a])
attrs_str['objectClass'] = self.objectclasses
dn = self.dn_user_attr + '=' + attrs[self.dn_user_attr] + ',' + self.userdn
dn = \
self.dn_user_attr +\
'=' +\
attrs[self.dn_user_attr] +\
',' +\
self.userdn
ldif = modlist.addModlist(attrs_str)
try:
ldap_client.add_s(dn, ldif)
@ -245,7 +272,7 @@ class Backend(ldapcherry.backend.Backend):
def del_user(self, username):
ldap_client = self._bind()
dn = self._get_user(username, NO_ATTR)
if not dn is None:
if dn is not None:
ldap_client.delete_s(dn)
else:
raise DelUserDontExists(username)
@ -285,8 +312,16 @@ class Backend(ldapcherry.backend.Backend):
content = self._str(self.group_attrs[attr] % attrs)
self._logger(
severity=logging.DEBUG,
msg="%(backend)s: adding user '%(user)s' with dn '%(dn)s' to group '%(group)s' by setting '%(attr)s' to '%(content)s'" % \
{'user': username, 'dn': dn, 'group': group, 'attr': attr, 'content': content, 'backend': self.backend_name}
msg="%(backend)s: adding user '%(user)s'"
" with dn '%(dn)s' to group '%(group)s' by"
" setting '%(attr)s' to '%(content)s'" % {
'user': username,
'dn': dn,
'group': group,
'attr': attr,
'content': content,
'backend': self.backend_name
}
)
ldif = modlist.modifyModlist({}, {attr: content})
try:
@ -294,8 +329,14 @@ class Backend(ldapcherry.backend.Backend):
except ldap.TYPE_OR_VALUE_EXISTS as e:
self._logger(
severity=logging.INFO,
msg="%(backend)s: user '%(user)s' already member of group '%(group)s' (attribute '%(attr)s')" % \
{'user': username, 'group': group, 'attr': attr, 'backend': self.backend_name}
msg="%(backend)s: user '%(user)s'"
" already member of group '%(group)s'"
"(attribute '%(attr)s')" % {
'user': username,
'group': group,
'attr': attr,
'backend': self.backend_name
}
)
except Exception as e:
ldap_client.unbind_s()
@ -318,8 +359,14 @@ class Backend(ldapcherry.backend.Backend):
except ldap.NO_SUCH_ATTRIBUTE as e:
self._logger(
severity=logging.INFO,
msg="%(backend)s: user '%(user)s' wasn't member of group '%(group)s' (attribute '%(attr)s')" % \
{'user': username, 'group': group, 'attr': attr, 'backend': self.backend_name}
msg="%(backend)s: user '%(user)s'"
" wasn't member of group '%(group)s'"
" (attribute '%(attr)s')" % {
'user': username,
'group': group,
'attr': attr,
'backend': self.backend_name
}
)
except Exception as e:
ldap_client.unbind_s()