mirror of
https://github.com/kakwa/ldapcherry
synced 2024-11-22 17:34:21 +01:00
pep8 compliance
This commit is contained in:
parent
bbeaebe77d
commit
1885079444
@ -17,7 +17,8 @@ import re
|
|||||||
class DelUserDontExists(Exception):
|
class DelUserDontExists(Exception):
|
||||||
def __init__(self, user):
|
def __init__(self, user):
|
||||||
self.user = user
|
self.user = user
|
||||||
self.log = "cannot remove user, user <%(user)s> does not exist" % {'user': user}
|
self.log = "cannot remove user, user <%(user)s> does not exist" % \
|
||||||
|
{'user': user}
|
||||||
|
|
||||||
|
|
||||||
class CaFileDontExist(Exception):
|
class CaFileDontExist(Exception):
|
||||||
@ -69,30 +70,39 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
if et is ldap.OPERATIONS_ERROR:
|
if et is ldap.OPERATIONS_ERROR:
|
||||||
self._logger(
|
self._logger(
|
||||||
severity=logging.ERROR,
|
severity=logging.ERROR,
|
||||||
msg="cannot use starttls with ldaps:// uri (uri: " + self.uri + ")",
|
msg="cannot use starttls with ldaps://"
|
||||||
|
" uri (uri: " + self.uri + ")",
|
||||||
)
|
)
|
||||||
elif et is ldap.INVALID_CREDENTIALS:
|
elif et is ldap.INVALID_CREDENTIALS:
|
||||||
self._logger(
|
self._logger(
|
||||||
severity=logging.ERROR,
|
severity=logging.ERROR,
|
||||||
msg="Configuration error, wrong credentials, unable to connect to ldap with '" + self.binddn + "'",
|
msg="Configuration error, wrong credentials,"
|
||||||
|
" unable to connect to ldap with '" + self.binddn + "'",
|
||||||
)
|
)
|
||||||
elif et is ldap.SERVER_DOWN:
|
elif et is ldap.SERVER_DOWN:
|
||||||
self._logger(
|
self._logger(
|
||||||
severity=logging.ERROR,
|
severity=logging.ERROR,
|
||||||
msg="Unable to contact ldap server '" + self.uri + "', check 'auth.ldap.uri' and ssl/tls configuration",
|
msg="Unable to contact ldap server '" +
|
||||||
|
self.uri +
|
||||||
|
"', check 'auth.ldap.uri'"
|
||||||
|
" and ssl/tls configuration",
|
||||||
)
|
)
|
||||||
elif et is ldap.FILTER_ERROR:
|
elif et is ldap.FILTER_ERROR:
|
||||||
self._logger(
|
self._logger(
|
||||||
severity=logging.ERROR,
|
severity=logging.ERROR,
|
||||||
msg="Bad search filter, check '" + self.backend_name + ".*_filter_tmpl' params",
|
msg="Bad search filter, check '" +
|
||||||
|
self.backend_name +
|
||||||
|
".*_filter_tmpl' params",
|
||||||
)
|
)
|
||||||
elif et is ldap.NO_SUCH_OBJECT:
|
elif et is ldap.NO_SUCH_OBJECT:
|
||||||
self._logger(
|
self._logger(
|
||||||
severity=logging.ERROR,
|
severity=logging.ERROR,
|
||||||
msg="Search DN '" + basedn \
|
msg="Search DN '" + basedn +
|
||||||
+ "' doesn't exist, check '" \
|
"' doesn't exist, check '" +
|
||||||
+ self.backend_name + ".userdn' or '" \
|
self.backend_name +
|
||||||
+ self.backend_name + ".groupdn'",
|
".userdn' or '" +
|
||||||
|
self.backend_name +
|
||||||
|
".groupdn'",
|
||||||
)
|
)
|
||||||
elif et is ldap.OBJECT_CLASS_VIOLATION:
|
elif et is ldap.OBJECT_CLASS_VIOLATION:
|
||||||
info = e[0]['info']
|
info = e[0]['info']
|
||||||
@ -104,7 +114,9 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
elif et is ldap.INSUFFICIENT_ACCESS:
|
elif et is ldap.INSUFFICIENT_ACCESS:
|
||||||
self._logger(
|
self._logger(
|
||||||
severity=logging.ERROR,
|
severity=logging.ERROR,
|
||||||
msg="Access error on '" + self.backend_name + "' backend, please check your acls in this backend",
|
msg="Access error on '" +
|
||||||
|
self.backend_name +
|
||||||
|
"' backend, please check your acls in this backend",
|
||||||
)
|
)
|
||||||
elif et is ldap.ALREADY_EXISTS:
|
elif et is ldap.ALREADY_EXISTS:
|
||||||
desc = e[0]['desc']
|
desc = e[0]['desc']
|
||||||
@ -132,20 +144,29 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, self.ca)
|
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, self.ca)
|
||||||
else:
|
else:
|
||||||
raise CaFileDontExist(self.ca)
|
raise CaFileDontExist(self.ca)
|
||||||
#else:
|
|
||||||
# ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '')
|
|
||||||
if self.checkcert == 'off':
|
if self.checkcert == 'off':
|
||||||
# this is dark magic
|
# this is dark magic
|
||||||
# remove any of these two lines and it doesn't work
|
# remove any of these two lines and it doesn't work
|
||||||
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
|
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
|
||||||
ldap_client.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
|
ldap_client.set_option(
|
||||||
|
ldap.OPT_X_TLS_REQUIRE_CERT,
|
||||||
|
ldap.OPT_X_TLS_NEVER
|
||||||
|
)
|
||||||
else:
|
else:
|
||||||
# this is even darker magic
|
# this is even darker magic
|
||||||
ldap_client.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
|
ldap_client.set_option(
|
||||||
# it doesn't make sense to set it to never (don't check certifate)
|
ldap.OPT_X_TLS_REQUIRE_CERT,
|
||||||
# but it only works with this option... and it checks the certificat
|
ldap.OPT_X_TLS_DEMAND
|
||||||
|
)
|
||||||
|
# it doesn't make sense to set it to never
|
||||||
|
# (== don't check certifate)
|
||||||
|
# but it only works with this option...
|
||||||
|
# ... and it checks the certificat
|
||||||
# (I've lost my sanity over this)
|
# (I've lost my sanity over this)
|
||||||
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
|
ldap.set_option(
|
||||||
|
ldap.OPT_X_TLS_REQUIRE_CERT,
|
||||||
|
ldap.OPT_X_TLS_NEVER
|
||||||
|
)
|
||||||
if self.starttls == 'on':
|
if self.starttls == 'on':
|
||||||
try:
|
try:
|
||||||
ldap_client.start_tls_s()
|
ldap_client.start_tls_s()
|
||||||
@ -177,7 +198,8 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
|
|
||||||
ldap_client = self._bind()
|
ldap_client = self._bind()
|
||||||
try:
|
try:
|
||||||
r = ldap_client.search_s(basedn,
|
r = ldap_client.search_s(
|
||||||
|
basedn,
|
||||||
ldap.SCOPE_SUBTREE,
|
ldap.SCOPE_SUBTREE,
|
||||||
searchfilter,
|
searchfilter,
|
||||||
attrlist=attrlist
|
attrlist=attrlist
|
||||||
@ -215,7 +237,7 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
def auth(self, username, password):
|
def auth(self, username, password):
|
||||||
|
|
||||||
binddn = self._get_user(username, NO_ATTR)
|
binddn = self._get_user(username, NO_ATTR)
|
||||||
if not binddn is None:
|
if binddn is not None:
|
||||||
ldap_client = self._connect()
|
ldap_client = self._connect()
|
||||||
try:
|
try:
|
||||||
ldap_client.simple_bind_s(binddn, password)
|
ldap_client.simple_bind_s(binddn, password)
|
||||||
@ -233,7 +255,12 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
for a in attrs:
|
for a in attrs:
|
||||||
attrs_str[self._str(a)] = self._str(attrs[a])
|
attrs_str[self._str(a)] = self._str(attrs[a])
|
||||||
attrs_str['objectClass'] = self.objectclasses
|
attrs_str['objectClass'] = self.objectclasses
|
||||||
dn = self.dn_user_attr + '=' + attrs[self.dn_user_attr] + ',' + self.userdn
|
dn = \
|
||||||
|
self.dn_user_attr +\
|
||||||
|
'=' +\
|
||||||
|
attrs[self.dn_user_attr] +\
|
||||||
|
',' +\
|
||||||
|
self.userdn
|
||||||
ldif = modlist.addModlist(attrs_str)
|
ldif = modlist.addModlist(attrs_str)
|
||||||
try:
|
try:
|
||||||
ldap_client.add_s(dn, ldif)
|
ldap_client.add_s(dn, ldif)
|
||||||
@ -245,7 +272,7 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
def del_user(self, username):
|
def del_user(self, username):
|
||||||
ldap_client = self._bind()
|
ldap_client = self._bind()
|
||||||
dn = self._get_user(username, NO_ATTR)
|
dn = self._get_user(username, NO_ATTR)
|
||||||
if not dn is None:
|
if dn is not None:
|
||||||
ldap_client.delete_s(dn)
|
ldap_client.delete_s(dn)
|
||||||
else:
|
else:
|
||||||
raise DelUserDontExists(username)
|
raise DelUserDontExists(username)
|
||||||
@ -285,8 +312,16 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
content = self._str(self.group_attrs[attr] % attrs)
|
content = self._str(self.group_attrs[attr] % attrs)
|
||||||
self._logger(
|
self._logger(
|
||||||
severity=logging.DEBUG,
|
severity=logging.DEBUG,
|
||||||
msg="%(backend)s: adding user '%(user)s' with dn '%(dn)s' to group '%(group)s' by setting '%(attr)s' to '%(content)s'" % \
|
msg="%(backend)s: adding user '%(user)s'"
|
||||||
{'user': username, 'dn': dn, 'group': group, 'attr': attr, 'content': content, 'backend': self.backend_name}
|
" with dn '%(dn)s' to group '%(group)s' by"
|
||||||
|
" setting '%(attr)s' to '%(content)s'" % {
|
||||||
|
'user': username,
|
||||||
|
'dn': dn,
|
||||||
|
'group': group,
|
||||||
|
'attr': attr,
|
||||||
|
'content': content,
|
||||||
|
'backend': self.backend_name
|
||||||
|
}
|
||||||
)
|
)
|
||||||
ldif = modlist.modifyModlist({}, {attr: content})
|
ldif = modlist.modifyModlist({}, {attr: content})
|
||||||
try:
|
try:
|
||||||
@ -294,8 +329,14 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
except ldap.TYPE_OR_VALUE_EXISTS as e:
|
except ldap.TYPE_OR_VALUE_EXISTS as e:
|
||||||
self._logger(
|
self._logger(
|
||||||
severity=logging.INFO,
|
severity=logging.INFO,
|
||||||
msg="%(backend)s: user '%(user)s' already member of group '%(group)s' (attribute '%(attr)s')" % \
|
msg="%(backend)s: user '%(user)s'"
|
||||||
{'user': username, 'group': group, 'attr': attr, 'backend': self.backend_name}
|
" already member of group '%(group)s'"
|
||||||
|
"(attribute '%(attr)s')" % {
|
||||||
|
'user': username,
|
||||||
|
'group': group,
|
||||||
|
'attr': attr,
|
||||||
|
'backend': self.backend_name
|
||||||
|
}
|
||||||
)
|
)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
ldap_client.unbind_s()
|
ldap_client.unbind_s()
|
||||||
@ -318,8 +359,14 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
except ldap.NO_SUCH_ATTRIBUTE as e:
|
except ldap.NO_SUCH_ATTRIBUTE as e:
|
||||||
self._logger(
|
self._logger(
|
||||||
severity=logging.INFO,
|
severity=logging.INFO,
|
||||||
msg="%(backend)s: user '%(user)s' wasn't member of group '%(group)s' (attribute '%(attr)s')" % \
|
msg="%(backend)s: user '%(user)s'"
|
||||||
{'user': username, 'group': group, 'attr': attr, 'backend': self.backend_name}
|
" wasn't member of group '%(group)s'"
|
||||||
|
" (attribute '%(attr)s')" % {
|
||||||
|
'user': username,
|
||||||
|
'group': group,
|
||||||
|
'attr': attr,
|
||||||
|
'backend': self.backend_name
|
||||||
|
}
|
||||||
)
|
)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
ldap_client.unbind_s()
|
ldap_client.unbind_s()
|
||||||
|
Loading…
Reference in New Issue
Block a user