mirror of
https://github.com/kakwa/ldapcherry
synced 2024-11-25 18:54:29 +01:00
reorganize the ldap backend module
This commit is contained in:
parent
0343af4270
commit
62a2d002de
@ -45,6 +45,104 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
for a in attrslist:
|
for a in attrslist:
|
||||||
self.attrlist.append(self._str(a))
|
self.attrlist.append(self._str(a))
|
||||||
|
|
||||||
|
def _connect(self):
|
||||||
|
ldap_client = ldap.initialize(self.uri)
|
||||||
|
ldap_client.set_option(ldap.OPT_REFERRALS, 0)
|
||||||
|
ldap_client.set_option(ldap.OPT_TIMEOUT, self.timeout)
|
||||||
|
if self.starttls == 'on':
|
||||||
|
ldap.set_option(ldap.OPT_X_TLS_DEMAND, True)
|
||||||
|
else:
|
||||||
|
ldap.set_option(ldap.OPT_X_TLS_DEMAND, False)
|
||||||
|
if self.ca and self.checkcert == 'on':
|
||||||
|
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, self.ca)
|
||||||
|
#else:
|
||||||
|
# ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '')
|
||||||
|
if self.checkcert == 'off':
|
||||||
|
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
|
||||||
|
else:
|
||||||
|
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,ldap.OPT_X_TLS_DEMAND)
|
||||||
|
if self.starttls == 'on':
|
||||||
|
try:
|
||||||
|
ldap_client.start_tls_s()
|
||||||
|
except ldap.OPERATIONS_ERROR as e:
|
||||||
|
self._logger(
|
||||||
|
severity = logging.ERROR,
|
||||||
|
msg = "cannot use starttls with ldaps:// uri (uri: " + self.uri + ")",
|
||||||
|
)
|
||||||
|
raise e
|
||||||
|
#raise cherrypy.HTTPError("500", "Configuration Error, contact administrator")
|
||||||
|
return ldap_client
|
||||||
|
|
||||||
|
def _bind(self):
|
||||||
|
ldap_client = self._connect()
|
||||||
|
try:
|
||||||
|
ldap_client.simple_bind_s(self.binddn, self.bindpassword)
|
||||||
|
except ldap.INVALID_CREDENTIALS as e:
|
||||||
|
self._logger(
|
||||||
|
severity = logging.ERROR,
|
||||||
|
msg = "Configuration error, wrong credentials, unable to connect to ldap with '" + self.binddn + "'",
|
||||||
|
)
|
||||||
|
ldap_client.unbind_s()
|
||||||
|
raise e
|
||||||
|
except ldap.SERVER_DOWN as e:
|
||||||
|
self._logger(
|
||||||
|
severity = logging.ERROR,
|
||||||
|
msg = "Unable to contact ldap server '" + self.uri + "', check 'auth.ldap.uri' and ssl/tls configuration",
|
||||||
|
)
|
||||||
|
ldap_client.unbind_s()
|
||||||
|
raise e
|
||||||
|
return ldap_client
|
||||||
|
|
||||||
|
def _search(self, searchfilter, attrs, basedn):
|
||||||
|
ldap_client = self._bind()
|
||||||
|
try:
|
||||||
|
r = ldap_client.search_s(basedn,
|
||||||
|
ldap.SCOPE_SUBTREE,
|
||||||
|
searchfilter,
|
||||||
|
attrlist=attrs
|
||||||
|
)
|
||||||
|
except ldap.FILTER_ERROR as e:
|
||||||
|
self._logger(
|
||||||
|
severity = logging.ERROR,
|
||||||
|
msg = "Bad search filter, check '" + self.backend_name + ".*_filter_tmpl' params",
|
||||||
|
)
|
||||||
|
ldap_client.unbind_s()
|
||||||
|
raise e
|
||||||
|
except ldap.NO_SUCH_OBJECT as e:
|
||||||
|
self._logger(
|
||||||
|
severity = logging.ERROR,
|
||||||
|
msg = "Search DN '" + basedn \
|
||||||
|
+ "' doesn't exist, check '" \
|
||||||
|
+ self.backend_name + ".userdn' or '" \
|
||||||
|
+ self.backend_name + ".groupdn'",
|
||||||
|
)
|
||||||
|
ldap_client.unbind_s()
|
||||||
|
raise e
|
||||||
|
|
||||||
|
ldap_client.unbind_s()
|
||||||
|
return r
|
||||||
|
|
||||||
|
def _get_user(self, username, attrs=True):
|
||||||
|
if attrs:
|
||||||
|
a = self.attrlist
|
||||||
|
else:
|
||||||
|
a = None
|
||||||
|
|
||||||
|
user_filter = self.user_filter_tmpl % {
|
||||||
|
'username': username
|
||||||
|
}
|
||||||
|
|
||||||
|
r = self._search(user_filter, a, self.userdn)
|
||||||
|
|
||||||
|
if len(r) == 0:
|
||||||
|
return None
|
||||||
|
|
||||||
|
if attrs:
|
||||||
|
dn_entry = r[0]
|
||||||
|
else:
|
||||||
|
dn_entry = r[0][0]
|
||||||
|
return dn_entry
|
||||||
|
|
||||||
def _str(self, s):
|
def _str(self, s):
|
||||||
try:
|
try:
|
||||||
return str(s)
|
return str(s)
|
||||||
@ -66,29 +164,6 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
else:
|
else:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
def add_to_group(self):
|
|
||||||
pass
|
|
||||||
|
|
||||||
def set_attrs(self, attrs):
|
|
||||||
pass
|
|
||||||
|
|
||||||
def rm_from_group(self, username):
|
|
||||||
pass
|
|
||||||
|
|
||||||
def get_groups(self, username):
|
|
||||||
userdn = self._get_user(username, False)
|
|
||||||
|
|
||||||
searchfilter = self.group_filter_tmpl % {
|
|
||||||
'userdn': userdn,
|
|
||||||
'username': username
|
|
||||||
}
|
|
||||||
|
|
||||||
groups = self._search(searchfilter, None, self.groupdn)
|
|
||||||
ret = []
|
|
||||||
for entry in groups:
|
|
||||||
ret.append(entry[0])
|
|
||||||
return ret
|
|
||||||
|
|
||||||
def add_user(self, attrs):
|
def add_user(self, attrs):
|
||||||
ldap_client = self._bind()
|
ldap_client = self._bind()
|
||||||
attrs_str = {}
|
attrs_str = {}
|
||||||
@ -131,56 +206,14 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
else:
|
else:
|
||||||
raise DelUserDontExists(username)
|
raise DelUserDontExists(username)
|
||||||
|
|
||||||
def _bind(self):
|
def set_attrs(self, attrs, username):
|
||||||
ldap_client = self._connect()
|
pass
|
||||||
try:
|
|
||||||
ldap_client.simple_bind_s(self.binddn, self.bindpassword)
|
|
||||||
except ldap.INVALID_CREDENTIALS as e:
|
|
||||||
self._logger(
|
|
||||||
severity = logging.ERROR,
|
|
||||||
msg = "Configuration error, wrong credentials, unable to connect to ldap with '" + self.binddn + "'",
|
|
||||||
)
|
|
||||||
ldap_client.unbind_s()
|
|
||||||
raise e
|
|
||||||
except ldap.SERVER_DOWN as e:
|
|
||||||
self._logger(
|
|
||||||
severity = logging.ERROR,
|
|
||||||
msg = "Unable to contact ldap server '" + self.uri + "', check 'auth.ldap.uri' and ssl/tls configuration",
|
|
||||||
)
|
|
||||||
ldap_client.unbind_s()
|
|
||||||
raise e
|
|
||||||
return ldap_client
|
|
||||||
|
|
||||||
|
def add_to_group(self, username):
|
||||||
|
pass
|
||||||
|
|
||||||
def _search(self, searchfilter, attrs, basedn):
|
def rm_from_group(self, username):
|
||||||
ldap_client = self._bind()
|
pass
|
||||||
try:
|
|
||||||
r = ldap_client.search_s(basedn,
|
|
||||||
ldap.SCOPE_SUBTREE,
|
|
||||||
searchfilter,
|
|
||||||
attrlist=attrs
|
|
||||||
)
|
|
||||||
except ldap.FILTER_ERROR as e:
|
|
||||||
self._logger(
|
|
||||||
severity = logging.ERROR,
|
|
||||||
msg = "Bad search filter, check '" + self.backend_name + ".*_filter_tmpl' params",
|
|
||||||
)
|
|
||||||
ldap_client.unbind_s()
|
|
||||||
raise e
|
|
||||||
except ldap.NO_SUCH_OBJECT as e:
|
|
||||||
self._logger(
|
|
||||||
severity = logging.ERROR,
|
|
||||||
msg = "Search DN '" + basedn \
|
|
||||||
+ "' doesn't exist, check '" \
|
|
||||||
+ self.backend_name + ".userdn' or '" \
|
|
||||||
+ self.backend_name + ".groupdn'",
|
|
||||||
)
|
|
||||||
ldap_client.unbind_s()
|
|
||||||
raise e
|
|
||||||
|
|
||||||
ldap_client.unbind_s()
|
|
||||||
return r
|
|
||||||
|
|
||||||
|
|
||||||
def search(self, searchstring):
|
def search(self, searchstring):
|
||||||
|
|
||||||
@ -201,51 +234,16 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
ret[attr] = value_tmp
|
ret[attr] = value_tmp
|
||||||
return ret
|
return ret
|
||||||
|
|
||||||
def _get_user(self, username, attrs=True):
|
def get_groups(self, username):
|
||||||
if attrs:
|
userdn = self._get_user(username, False)
|
||||||
a = self.attrlist
|
|
||||||
else:
|
|
||||||
a = None
|
|
||||||
|
|
||||||
user_filter = self.user_filter_tmpl % {
|
searchfilter = self.group_filter_tmpl % {
|
||||||
|
'userdn': userdn,
|
||||||
'username': username
|
'username': username
|
||||||
}
|
}
|
||||||
|
|
||||||
r = self._search(user_filter, a, self.userdn)
|
groups = self._search(searchfilter, None, self.groupdn)
|
||||||
|
ret = []
|
||||||
if len(r) == 0:
|
for entry in groups:
|
||||||
return None
|
ret.append(entry[0])
|
||||||
|
return ret
|
||||||
if attrs:
|
|
||||||
dn_entry = r[0]
|
|
||||||
else:
|
|
||||||
dn_entry = r[0][0]
|
|
||||||
return dn_entry
|
|
||||||
|
|
||||||
def _connect(self):
|
|
||||||
ldap_client = ldap.initialize(self.uri)
|
|
||||||
ldap_client.set_option(ldap.OPT_REFERRALS, 0)
|
|
||||||
ldap_client.set_option(ldap.OPT_TIMEOUT, self.timeout)
|
|
||||||
if self.starttls == 'on':
|
|
||||||
ldap.set_option(ldap.OPT_X_TLS_DEMAND, True)
|
|
||||||
else:
|
|
||||||
ldap.set_option(ldap.OPT_X_TLS_DEMAND, False)
|
|
||||||
if self.ca and self.checkcert == 'on':
|
|
||||||
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, self.ca)
|
|
||||||
#else:
|
|
||||||
# ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '')
|
|
||||||
if self.checkcert == 'off':
|
|
||||||
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
|
|
||||||
else:
|
|
||||||
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,ldap.OPT_X_TLS_DEMAND)
|
|
||||||
if self.starttls == 'on':
|
|
||||||
try:
|
|
||||||
ldap_client.start_tls_s()
|
|
||||||
except ldap.OPERATIONS_ERROR as e:
|
|
||||||
self._logger(
|
|
||||||
severity = logging.ERROR,
|
|
||||||
msg = "cannot use starttls with ldaps:// uri (uri: " + self.uri + ")",
|
|
||||||
)
|
|
||||||
raise e
|
|
||||||
#raise cherrypy.HTTPError("500", "Configuration Error, contact administrator")
|
|
||||||
return ldap_client
|
|
||||||
|
Loading…
Reference in New Issue
Block a user