security-and-privacy/ldapcherry
security-and-privacy/ldapcherry
1
0
Fork 0
mirror of https://github.com/kakwa/ldapcherry synced 2024-11-21 17:04:21 +01:00
Code Releases Activity

change backend key name in attributes + methods

Browse Source 
* adding get_backends
* adding get_selfattributes (attributes users can change themselves)
* adding unit tests
* rename backend-attributes -> bakends (for homogeneity with role.yml)
This commit is contained in:
kakwa 2015-05-18 12:30:51 +02:00
parent a71093038c
commit 7cdbe459b6
8 changed files with 211 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
conf/attributes.yml
View File

@ -7,21 +7,21 @@ cn:
args:
- $first-name
- $name
backend-attributes:
bakends:
ldap: cn
ad: CN
first-name:
description: "First name of the user"
display_name: "First Name"
type: string
backend-attributes:
bakends:
ldap: givenName
ad: givenName
name:
description: "Family name of the user"
display_name: "Name"
type: string
backend-attributes:
bakends:
ldap: sn
ad: sn
email:
@ -34,7 +34,7 @@ email:
- $first-name
- $last-name
- '@example.com'
backend-attributes:
bakends:
ldap: email
ad: EMAIL
uid:
@ -46,7 +46,7 @@ uid:
args:
- $first-name
- $last-name
backend-attributes:
bakends:
ldap: uid
ad: UID
uidNumber:
@ -58,7 +58,7 @@ uidNumber:
args:
- $first-name
- $last-name
backend-attributes:
bakends:
ldap: uidNumber
ad: UIDNumber
gidNumber:
@ -66,7 +66,7 @@ gidNumber:
display_name: "GID Number"
type: int
default: 10000
backend-attributes:
bakends:
ldap: gidNumber
ad: GIDNumber
shell:
@ -78,7 +78,7 @@ shell:
- /bin/bash
- /bin/zsh
- /bin/sh
backend-attributes:
bakends:
ldap: shell
ad: SHELL
home:
@ -91,7 +91,7 @@ home:
- $first-name
- $last-name
- /home/
backend-attributes:
bakends:
ldap: home
ad: Home
@ -100,7 +100,7 @@ password:
display_name: "Password"
self: True
type: password
backend-attributes:
bakends:
ldap: userPassword
ad: userPassword
logscript:
@ -108,5 +108,5 @@ logscript:
display_name: "Login script"
type: fix
value: login1.bat
backend-attributes:
bakends:
ad: logonScript

13
ldapcherry/attributes.py
View File

@ -21,6 +21,7 @@ class Attributes:
def __init__(self, attributes_file):
self.attributes_file = attributes_file
self.backends = Set([])
self.self_attributes = Set([])
try:
stream = open(attributes_file, 'r')
except:
@ -35,15 +36,23 @@ class Attributes:
attr = self.attributes[attrid]
if not attr['type'] in types:
raise WrongAttributeType(attr['type'], attrid, attributes_file)
if 'self' in attr and attr['self']:
self.self_attributes.add(attrid)
for b in attr['backends']:
self.backends.add(b)
def _mandatory_check(self, attr):
for m in ['description', 'display_name', 'type', 'backend-attributes']:
for m in ['description', 'display_name', 'type', 'backends']:
if m not in self.attributes[attr]:
raise MissingKey(m, attr, self.attributes_file)
def get_selfattributes(self):
"""get the list of groups from roles"""
pass
return self.self_attributes
def get_backends(self):
"""return the list of backends in roles file"""
return self.backends
def get_addattributes(self):
"""get the list of groups from roles"""

6
misc/debug_attributes.py
View File

@ -15,4 +15,8 @@ class CustomDumper(yaml.SafeDumper):
def ignore_aliases(self, _data):
return True
inv = Attributes('./conf/attributes.yml')
try:
#inv = Attributes('./conf/attributes.yml')
inv = Attributes('./tests/cfg/attributes_wrong_type.yml')
except Exception as e:
print e.log

1
tests/cfg/attributes.yml
View File

@ -1 +0,0 @@
../../conf/attributes.yml

112
tests/cfg/attributes.yml Normal file
View File

@ -0,0 +1,112 @@
cn:
description: "Firt Name and Display Name"
display_name: "Display Name"
type: string
autofill:
function: cn
args:
- $first-name
- $name
backends:
ldap: cn
ad: CN
first-name:
description: "First name of the user"
display_name: "First Name"
type: string
backends:
ldap: givenName
ad: givenName
name:
description: "Family name of the user"
display_name: "Name"
type: string
backends:
ldap: sn
ad: sn
email:
description: "Email of the user"
display_name: "Name"
type: email
autofill:
function: email
args:
- $first-name
- $last-name
- '@example.com'
backends:
ldap: email
ad: EMAIL
uid:
description: "UID of the user"
display_name: "UID"
type: string
autofill:
function: uid
args:
- $first-name
- $last-name
backends:
ldap: uid
ad: UID
uidNumber:
description: "User ID Number of the user"
display_name: "UID Number"
type: int
autofill:
function: uidNumber
args:
- $first-name
- $last-name
backends:
ldap: uidNumber
ad: UIDNumber
gidNumber:
description: "Group ID Number of the user"
display_name: "GID Number"
type: int
default: 10000
backends:
ldap: gidNumber
ad: GIDNumber
shell:
description: "Shell of the user"
display_name: "Shell"
self: True
type: stringlist
values:
- /bin/bash
- /bin/zsh
- /bin/sh
backends:
ldap: shell
ad: SHELL
home:
description: "Home user path"
display_name: "Home"
type: string
autofill:
function: home
args:
- $first-name
- $last-name
- /home/
backends:
ldap: home
ad: Home
password:
description: "Password of the user"
display_name: "Password"
self: True
type: password
backends:
ldap: userPassword
ad: userPassword
logscript:
description: "Windows login script"
display_name: "Login script"
type: fix
value: login1.bat
backends:
ad: logonScript

22
tests/cfg/attributes_missing_mandatory.yml
View File

@ -7,21 +7,21 @@ cn:
args:
- $first-name
- $name
backend-attributes:
bakends:
ldap: cn
ad: CN
first-name:
description: "First name of the user"
display_name: "First Name"
type: string
backend-attributes:
bakends:
ldap: givenName
ad: givenName
name:
description: "Family name of the user"
display_name: "Name"
type: string
backend-attributes:
bakends:
ldap: sn
ad: sn
email:
@ -34,7 +34,7 @@ email:
- $first-name
- $last-name
- '@example.com'
backend-attributes:
bakends:
ldap: email
ad: EMAIL
uid:
@ -45,7 +45,7 @@ uid:
args:
- $first-name
- $last-name
backend-attributes:
bakends:
ldap: uid
ad: UID
uidNumber:
@ -57,7 +57,7 @@ uidNumber:
args:
- $first-name
- $last-name
backend-attributes:
bakends:
ldap: uidNumber
ad: UIDNumber
gidNumber:
@ -65,7 +65,7 @@ gidNumber:
display_name: "GID Number"
type: int
default: 10000
backend-attributes:
bakends:
ldap: gidNumber
ad: GIDNumber
shell:
@ -77,7 +77,7 @@ shell:
- /bin/bash
- /bin/zsh
- /bin/sh
backend-attributes:
bakends:
ldap: shell
ad: SHELL
home:
@ -90,7 +90,7 @@ home:
- $first-name
- $last-name
- /home/
backend-attributes:
bakends:
ldap: home
ad: Home
@ -99,7 +99,7 @@ password:
display_name: "Password"
self: True
type: password
backend-attributes:
bakends:
ldap: userPassword
ad: userPassword
logscript:
@ -107,5 +107,5 @@ logscript:
display_name: "Login script"
type: fix
value: login1.bat
backend-attributes:
bakends:
ad: logonScript

4
tests/cfg/attributes_wrong_type.yml
View File

@ -7,7 +7,7 @@ cn:
args:
- $first-name
- $name
backend-attributes:
backends:
ldap: cn
ad: CN
@ -15,6 +15,6 @@ first-name:
description: "First name of the user"
display_name: "First Name"
type: string
backend-attributes:
backends:
ldap: givenName
ad: givenName

1
tests/cfg/roles.yml
View File

@ -1 +0,0 @@
../../conf/roles.yml

47
tests/cfg/roles.yml Normal file
View File

@ -0,0 +1,47 @@
admin-lv3:
display_name: Administrators Level 3
backends:
ldap:
groups:
- cn=dns admins,ou=group,dc=example,dc=com
- cn=nagios admins,ou=group,dc=example,dc=com
- cn=puppet admins,ou=group,dc=example,dc=com
- cn=users,ou=group,dc=example,dc=com
ad:
groups:
- Domain Users
- Administrators
- Domain Controllers
admin-lv2:
display_name: Administrators Level 2
LC_admins: True
backends:
ldap:
groups:
- cn=nagios admins,ou=group,dc=example,dc=com
- cn=users,ou=group,dc=example,dc=com
ad:
groups:
- Domain Users
developpers:
display_name: Developpers
backends:
ldap:
groups:
- cn=developpers,ou=group,dc=example,dc=com
- cn=users,ou=group,dc=example,dc=com
ad:
groups:
- Domain Users
users:
display_name: Simple Users
backends:
ldap:
groups:
- cn=users,ou=group,dc=example,dc=com
ad:
groups:
- Domain Users

12
tests/test_Attributes.py
View File

@ -17,6 +17,18 @@ class TestError(object):
inv = Attributes('./tests/cfg/attributes.yml')
return True
def testGetSelfAttributes(self):
inv = Attributes('./tests/cfg/attributes.yml')
ret = inv.get_selfattributes()
expected = Set(['password', 'shell'])
assert ret == expected
def testGetSelfAttributes(self):
inv = Attributes('./tests/cfg/attributes.yml')
ret = inv.get_backends()
expected = Set(['ldap', 'ad'])
assert ret == expected
def testNoFile(self):
try:
inv = Attributes('./tests/cfg/dontexist')