1
0
mirror of https://github.com/kakwa/ldapcherry synced 2024-11-25 18:54:29 +01:00

reorganize the ldap backend module

This commit is contained in:
kakwa 2015-05-28 09:45:10 +02:00
parent 0343af4270
commit 62a2d002de

View File

@ -45,6 +45,104 @@ class Backend(ldapcherry.backend.Backend):
for a in attrslist: for a in attrslist:
self.attrlist.append(self._str(a)) self.attrlist.append(self._str(a))
def _connect(self):
ldap_client = ldap.initialize(self.uri)
ldap_client.set_option(ldap.OPT_REFERRALS, 0)
ldap_client.set_option(ldap.OPT_TIMEOUT, self.timeout)
if self.starttls == 'on':
ldap.set_option(ldap.OPT_X_TLS_DEMAND, True)
else:
ldap.set_option(ldap.OPT_X_TLS_DEMAND, False)
if self.ca and self.checkcert == 'on':
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, self.ca)
#else:
# ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '')
if self.checkcert == 'off':
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
else:
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,ldap.OPT_X_TLS_DEMAND)
if self.starttls == 'on':
try:
ldap_client.start_tls_s()
except ldap.OPERATIONS_ERROR as e:
self._logger(
severity = logging.ERROR,
msg = "cannot use starttls with ldaps:// uri (uri: " + self.uri + ")",
)
raise e
#raise cherrypy.HTTPError("500", "Configuration Error, contact administrator")
return ldap_client
def _bind(self):
ldap_client = self._connect()
try:
ldap_client.simple_bind_s(self.binddn, self.bindpassword)
except ldap.INVALID_CREDENTIALS as e:
self._logger(
severity = logging.ERROR,
msg = "Configuration error, wrong credentials, unable to connect to ldap with '" + self.binddn + "'",
)
ldap_client.unbind_s()
raise e
except ldap.SERVER_DOWN as e:
self._logger(
severity = logging.ERROR,
msg = "Unable to contact ldap server '" + self.uri + "', check 'auth.ldap.uri' and ssl/tls configuration",
)
ldap_client.unbind_s()
raise e
return ldap_client
def _search(self, searchfilter, attrs, basedn):
ldap_client = self._bind()
try:
r = ldap_client.search_s(basedn,
ldap.SCOPE_SUBTREE,
searchfilter,
attrlist=attrs
)
except ldap.FILTER_ERROR as e:
self._logger(
severity = logging.ERROR,
msg = "Bad search filter, check '" + self.backend_name + ".*_filter_tmpl' params",
)
ldap_client.unbind_s()
raise e
except ldap.NO_SUCH_OBJECT as e:
self._logger(
severity = logging.ERROR,
msg = "Search DN '" + basedn \
+ "' doesn't exist, check '" \
+ self.backend_name + ".userdn' or '" \
+ self.backend_name + ".groupdn'",
)
ldap_client.unbind_s()
raise e
ldap_client.unbind_s()
return r
def _get_user(self, username, attrs=True):
if attrs:
a = self.attrlist
else:
a = None
user_filter = self.user_filter_tmpl % {
'username': username
}
r = self._search(user_filter, a, self.userdn)
if len(r) == 0:
return None
if attrs:
dn_entry = r[0]
else:
dn_entry = r[0][0]
return dn_entry
def _str(self, s): def _str(self, s):
try: try:
return str(s) return str(s)
@ -66,29 +164,6 @@ class Backend(ldapcherry.backend.Backend):
else: else:
return False return False
def add_to_group(self):
pass
def set_attrs(self, attrs):
pass
def rm_from_group(self, username):
pass
def get_groups(self, username):
userdn = self._get_user(username, False)
searchfilter = self.group_filter_tmpl % {
'userdn': userdn,
'username': username
}
groups = self._search(searchfilter, None, self.groupdn)
ret = []
for entry in groups:
ret.append(entry[0])
return ret
def add_user(self, attrs): def add_user(self, attrs):
ldap_client = self._bind() ldap_client = self._bind()
attrs_str = {} attrs_str = {}
@ -131,56 +206,14 @@ class Backend(ldapcherry.backend.Backend):
else: else:
raise DelUserDontExists(username) raise DelUserDontExists(username)
def _bind(self): def set_attrs(self, attrs, username):
ldap_client = self._connect() pass
try:
ldap_client.simple_bind_s(self.binddn, self.bindpassword)
except ldap.INVALID_CREDENTIALS as e:
self._logger(
severity = logging.ERROR,
msg = "Configuration error, wrong credentials, unable to connect to ldap with '" + self.binddn + "'",
)
ldap_client.unbind_s()
raise e
except ldap.SERVER_DOWN as e:
self._logger(
severity = logging.ERROR,
msg = "Unable to contact ldap server '" + self.uri + "', check 'auth.ldap.uri' and ssl/tls configuration",
)
ldap_client.unbind_s()
raise e
return ldap_client
def add_to_group(self, username):
pass
def _search(self, searchfilter, attrs, basedn): def rm_from_group(self, username):
ldap_client = self._bind() pass
try:
r = ldap_client.search_s(basedn,
ldap.SCOPE_SUBTREE,
searchfilter,
attrlist=attrs
)
except ldap.FILTER_ERROR as e:
self._logger(
severity = logging.ERROR,
msg = "Bad search filter, check '" + self.backend_name + ".*_filter_tmpl' params",
)
ldap_client.unbind_s()
raise e
except ldap.NO_SUCH_OBJECT as e:
self._logger(
severity = logging.ERROR,
msg = "Search DN '" + basedn \
+ "' doesn't exist, check '" \
+ self.backend_name + ".userdn' or '" \
+ self.backend_name + ".groupdn'",
)
ldap_client.unbind_s()
raise e
ldap_client.unbind_s()
return r
def search(self, searchstring): def search(self, searchstring):
@ -201,51 +234,16 @@ class Backend(ldapcherry.backend.Backend):
ret[attr] = value_tmp ret[attr] = value_tmp
return ret return ret
def _get_user(self, username, attrs=True): def get_groups(self, username):
if attrs: userdn = self._get_user(username, False)
a = self.attrlist
else:
a = None
user_filter = self.user_filter_tmpl % { searchfilter = self.group_filter_tmpl % {
'userdn': userdn,
'username': username 'username': username
} }
r = self._search(user_filter, a, self.userdn) groups = self._search(searchfilter, None, self.groupdn)
ret = []
if len(r) == 0: for entry in groups:
return None ret.append(entry[0])
return ret
if attrs:
dn_entry = r[0]
else:
dn_entry = r[0][0]
return dn_entry
def _connect(self):
ldap_client = ldap.initialize(self.uri)
ldap_client.set_option(ldap.OPT_REFERRALS, 0)
ldap_client.set_option(ldap.OPT_TIMEOUT, self.timeout)
if self.starttls == 'on':
ldap.set_option(ldap.OPT_X_TLS_DEMAND, True)
else:
ldap.set_option(ldap.OPT_X_TLS_DEMAND, False)
if self.ca and self.checkcert == 'on':
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, self.ca)
#else:
# ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '')
if self.checkcert == 'off':
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
else:
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,ldap.OPT_X_TLS_DEMAND)
if self.starttls == 'on':
try:
ldap_client.start_tls_s()
except ldap.OPERATIONS_ERROR as e:
self._logger(
severity = logging.ERROR,
msg = "cannot use starttls with ldaps:// uri (uri: " + self.uri + ")",
)
raise e
#raise cherrypy.HTTPError("500", "Configuration Error, contact administrator")
return ldap_client