mirror of
https://github.com/kakwa/ldapcherry
synced 2024-11-25 18:54:29 +01:00
multiple modification in backend ldap
* better handling of which attributes is recovered * fix set_attrs method * change api of set_attrs method for constancy * change calls to _get_user and _search methods (internal api change)
This commit is contained in:
parent
beb6d96d90
commit
a2fe74539b
@ -17,6 +17,11 @@ class DelUserDontExists(Exception):
|
|||||||
self.user = user
|
self.user = user
|
||||||
self.log = "cannot remove user, user <%(user)s> does not exist" % { 'user' : user}
|
self.log = "cannot remove user, user <%(user)s> does not exist" % { 'user' : user}
|
||||||
|
|
||||||
|
NO_ATTR = 0
|
||||||
|
DISPLAYED_ATTRS = 1
|
||||||
|
LISTED_ATTRS = 2
|
||||||
|
ALL_ATTRS = 3
|
||||||
|
|
||||||
|
|
||||||
class Backend(ldapcherry.backend.Backend):
|
class Backend(ldapcherry.backend.Backend):
|
||||||
|
|
||||||
@ -100,12 +105,24 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
return ldap_client
|
return ldap_client
|
||||||
|
|
||||||
def _search(self, searchfilter, attrs, basedn):
|
def _search(self, searchfilter, attrs, basedn):
|
||||||
|
if attrs == NO_ATTR:
|
||||||
|
attrlist = []
|
||||||
|
elif attrs == DISPLAYED_ATTRS:
|
||||||
|
# fix me later (to much attributes)
|
||||||
|
attrlist = self.attrlist
|
||||||
|
elif attrs == LISTED_ATTRS:
|
||||||
|
attrlist = self.attrlist
|
||||||
|
elif attrs == ALL_ATTRS:
|
||||||
|
attrlist = None
|
||||||
|
else:
|
||||||
|
attrlist = None
|
||||||
|
|
||||||
ldap_client = self._bind()
|
ldap_client = self._bind()
|
||||||
try:
|
try:
|
||||||
r = ldap_client.search_s(basedn,
|
r = ldap_client.search_s(basedn,
|
||||||
ldap.SCOPE_SUBTREE,
|
ldap.SCOPE_SUBTREE,
|
||||||
searchfilter,
|
searchfilter,
|
||||||
attrlist=attrs
|
attrlist=attrlist
|
||||||
)
|
)
|
||||||
except ldap.FILTER_ERROR as e:
|
except ldap.FILTER_ERROR as e:
|
||||||
self._logger(
|
self._logger(
|
||||||
@ -128,25 +145,21 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
ldap_client.unbind_s()
|
ldap_client.unbind_s()
|
||||||
return r
|
return r
|
||||||
|
|
||||||
def _get_user(self, username, attrs=True):
|
def _get_user(self, username, attrs=ALL_ATTRS):
|
||||||
if attrs:
|
|
||||||
a = self.attrlist
|
|
||||||
else:
|
|
||||||
a = None
|
|
||||||
|
|
||||||
user_filter = self.user_filter_tmpl % {
|
user_filter = self.user_filter_tmpl % {
|
||||||
'username': username
|
'username': username
|
||||||
}
|
}
|
||||||
|
|
||||||
r = self._search(user_filter, a, self.userdn)
|
r = self._search(user_filter, attrs, self.userdn)
|
||||||
|
|
||||||
if len(r) == 0:
|
if len(r) == 0:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
if attrs:
|
if attrs == NO_ATTR:
|
||||||
dn_entry = r[0]
|
|
||||||
else:
|
|
||||||
dn_entry = r[0][0]
|
dn_entry = r[0][0]
|
||||||
|
else:
|
||||||
|
dn_entry = r[0]
|
||||||
return dn_entry
|
return dn_entry
|
||||||
|
|
||||||
def _str(self, s):
|
def _str(self, s):
|
||||||
@ -157,7 +170,7 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
|
|
||||||
def auth(self, username, password):
|
def auth(self, username, password):
|
||||||
|
|
||||||
binddn = self._get_user(username, False)
|
binddn = self._get_user(username, NO_ATTR)
|
||||||
if not binddn is None:
|
if not binddn is None:
|
||||||
ldap_client = self._connect()
|
ldap_client = self._connect()
|
||||||
try:
|
try:
|
||||||
@ -210,33 +223,34 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
|
|
||||||
def del_user(self, username):
|
def del_user(self, username):
|
||||||
ldap_client = self._bind()
|
ldap_client = self._bind()
|
||||||
dn = self._get_user(username, False)
|
dn = self._get_user(username, NO_ATTR)
|
||||||
if not dn is None:
|
if not dn is None:
|
||||||
ldap_client.delete_s(dn)
|
ldap_client.delete_s(dn)
|
||||||
else:
|
else:
|
||||||
raise DelUserDontExists(username)
|
raise DelUserDontExists(username)
|
||||||
ldap_client.unbind_s()
|
ldap_client.unbind_s()
|
||||||
|
|
||||||
def set_attrs(self, attrs, username):
|
def set_attrs(self, username, attrs):
|
||||||
ldap_client = self._bind()
|
ldap_client = self._bind()
|
||||||
tmp = self._get_user(username, True)
|
tmp = self._get_user(username, ALL_ATTRS)
|
||||||
dn = tmp[0]
|
dn = tmp[0]
|
||||||
old_attrs = tmp[1]
|
old_attrs = tmp[1]
|
||||||
for attr in attrs:
|
for attr in attrs:
|
||||||
content = attrs[attr]
|
content = self._str(attrs[attr])
|
||||||
|
attr = self._str(attr)
|
||||||
new = { attr : content }
|
new = { attr : content }
|
||||||
if attr in old_attrs:
|
if attr in old_attrs:
|
||||||
old = { attr: old_attrs[attr]}
|
old = { attr: old_attrs[attr]}
|
||||||
ldif = modlist.modifyModlist(old,new)
|
|
||||||
ldap_client.modify_s(dn,ldif)
|
|
||||||
else:
|
else:
|
||||||
ldif = modlist.addModlist({ attr : content })
|
old = {}
|
||||||
ldap_client.add_s(dn,ldif)
|
ldif = modlist.modifyModlist(old, new)
|
||||||
|
ldap_client.modify_s(dn, ldif)
|
||||||
|
|
||||||
ldap_client.unbind_s()
|
ldap_client.unbind_s()
|
||||||
|
|
||||||
def add_to_group(self, username, groups):
|
def add_to_group(self, username, groups):
|
||||||
ldap_client = self._bind()
|
ldap_client = self._bind()
|
||||||
tmp = self._get_user(username, True)
|
tmp = self._get_user(username, NO_ATTR)
|
||||||
dn = tmp[0]
|
dn = tmp[0]
|
||||||
attrs = tmp[1]
|
attrs = tmp[1]
|
||||||
attrs['dn'] = dn
|
attrs['dn'] = dn
|
||||||
@ -249,7 +263,7 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
|
|
||||||
def rm_from_group(self, username):
|
def rm_from_group(self, username):
|
||||||
ldap_client = self._bind()
|
ldap_client = self._bind()
|
||||||
tmp = self._get_user(username, True)
|
tmp = self._get_user(username, NO_ATTR)
|
||||||
dn = tmp[0]
|
dn = tmp[0]
|
||||||
attrs = tmp[1]
|
attrs = tmp[1]
|
||||||
attrs['dn'] = dn
|
attrs['dn'] = dn
|
||||||
@ -266,7 +280,7 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
searchfilter = self.search_filter_tmpl % {
|
searchfilter = self.search_filter_tmpl % {
|
||||||
'searchstring': searchstring
|
'searchstring': searchstring
|
||||||
}
|
}
|
||||||
for u in self._search(searchfilter, None, self.userdn):
|
for u in self._search(searchfilter, DISPLAYED_ATTRS, self.userdn):
|
||||||
attrs = {}
|
attrs = {}
|
||||||
attrs_tmp = u[1]
|
attrs_tmp = u[1]
|
||||||
for attr in attrs_tmp:
|
for attr in attrs_tmp:
|
||||||
@ -282,7 +296,7 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
|
|
||||||
def get_user(self, username):
|
def get_user(self, username):
|
||||||
ret = {}
|
ret = {}
|
||||||
attrs_tmp = self._get_user(username)[1]
|
attrs_tmp = self._get_user(username, ALL_ATTRS)[1]
|
||||||
for attr in attrs_tmp:
|
for attr in attrs_tmp:
|
||||||
value_tmp = attrs_tmp[attr]
|
value_tmp = attrs_tmp[attr]
|
||||||
if len(value_tmp) == 1:
|
if len(value_tmp) == 1:
|
||||||
@ -292,14 +306,14 @@ class Backend(ldapcherry.backend.Backend):
|
|||||||
return ret
|
return ret
|
||||||
|
|
||||||
def get_groups(self, username):
|
def get_groups(self, username):
|
||||||
userdn = self._get_user(username, False)
|
userdn = self._get_user(username, NO_ATTR)
|
||||||
|
|
||||||
searchfilter = self.group_filter_tmpl % {
|
searchfilter = self.group_filter_tmpl % {
|
||||||
'userdn': userdn,
|
'userdn': userdn,
|
||||||
'username': username
|
'username': username
|
||||||
}
|
}
|
||||||
|
|
||||||
groups = self._search(searchfilter, None, self.groupdn)
|
groups = self._search(searchfilter, NO_ATTR, self.groupdn)
|
||||||
ret = []
|
ret = []
|
||||||
for entry in groups:
|
for entry in groups:
|
||||||
ret.append(entry[0])
|
ret.append(entry[0])
|
||||||
|
Loading…
Reference in New Issue
Block a user