security-and-privacy/ldapcherry
security-and-privacy
/
ldapcherry
mirror of https://github.com/kakwa/ldapcherry
1
0
Fork 0
Code Releases Activity

multiple modification/fix 

* add display_name parameter for backend
* handle display_name in modify template (lonely groups) and error
  message
* fix bug in modify when user is in only one backend
* remove redondant exception in ad/ldap backend
* fix unit test accordingly
* fix License in AD backend (GPLv3 -> MIT, previously tought of using
  samba4 python library which is GPL, but this module finaly uses
  python-ldap which is MIT compatible)
This commit is contained in:
kakwa 2015-07-31 20:08:21 +02:00
parent 8c0cbaac3b
commit efcaad54fc
6 changed files with 35 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
conf/ldapcherry.ini
View File

@ -72,6 +72,8 @@ roles.file = '/etc/ldapcherry/roles.yml'
# name of the module # name of the module
ldap.module = 'ldapcherry.backend.backendLdap' ldap.module = 'ldapcherry.backend.backendLdap'
# display name of the ldap
ldap.display_name = 'My Ldap Directory'
# uri of the ldap directory # uri of the ldap directory
ldap.uri = 'ldap://ldap.ldapcherry.org' ldap.uri = 'ldap://ldap.ldapcherry.org'
@ -113,6 +115,8 @@ ldap.dn_user_attr = 'uid'
## Name of the backend ## Name of the backend
#ad.module = 'ldapcherry.backend.backendAD' #ad.module = 'ldapcherry.backend.backendAD'
## display name of the ldap
#ldap.display_name = 'My Active Directory'
## ad domain ## ad domain
#ad.domain = 'dc.ldapcherry.org' #ad.domain = 'dc.ldapcherry.org'
## ad login ## ad login

27
ldapcherry/__init__.py
View File

@ -176,6 +176,7 @@ class LdapCherry(object):
""" """
self.backends_params = {} self.backends_params = {}
self.backends = {} self.backends = {}
self.backends_display_names = {}
for entry in config['backends']: for entry in config['backends']:
# split at the first dot # split at the first dot
backend, sep, param = entry.partition('.') backend, sep, param = entry.partition('.')
@ -184,6 +185,13 @@ class LdapCherry(object):
self.backends_params[backend] = {} self.backends_params[backend] = {}
self.backends_params[backend][param] = value self.backends_params[backend][param] = value
for backend in self.backends_params: for backend in self.backends_params:
# get the backend display_name
try:
self.backends_display_names[backend] = \
self.backends_params[backend]['display_name']
except:
self.backends_display_names[backend] = backend
self.backends_params[backend]['display_name'] = backend
params = self.backends_params[backend] params = self.backends_params[backend]
# Loading the backend module # Loading the backend module
try: try:
@ -527,7 +535,7 @@ class LdapCherry(object):
try: try:
tmp = self.backends[b].get_user(username) tmp = self.backends[b].get_user(username)
except UserDoesntExist as e: except UserDoesntExist as e:
break tmp = {}
for attr in tmp: for attr in tmp:
if attr in self.attributes.backend_attributes[b]: if attr in self.attributes.backend_attributes[b]:
attrid = self.attributes.backend_attributes[b][attr] attrid = self.attributes.backend_attributes[b][attr]
@ -1011,7 +1019,7 @@ class LdapCherry(object):
graph=self.roles.graph, graph=self.roles.graph,
graph_js=graph_js, graph_js=graph_js,
roles_js=roles_js, roles_js=roles_js,
current_roles=None current_roles=None,
) )
return self.temp_adduser.render( return self.temp_adduser.render(
form=form, form=form,
@ -1026,7 +1034,10 @@ class LdapCherry(object):
""" remove user page """ """ remove user page """
self._check_auth(must_admin=True) self._check_auth(must_admin=True)
is_admin = self._check_admin() is_admin = self._check_admin()
referer = cherrypy.request.headers['Referer'] try:
referer = cherrypy.request.headers['Referer']
except:
referer = '/'
self._deleteuser(user) self._deleteuser(user)
raise cherrypy.HTTPRedirect(referer) raise cherrypy.HTTPRedirect(referer)
@ -1043,7 +1054,10 @@ class LdapCherry(object):
"</script>" "</script>"
params = self._parse_params(params) params = self._parse_params(params)
self._modify(params) self._modify(params)
referer = cherrypy.request.headers['Referer'] try:
referer = cherrypy.request.headers['Referer']
except:
referer = '/'
raise cherrypy.HTTPRedirect(referer) raise cherrypy.HTTPRedirect(referer)
else: else:
notification = '' notification = ''
@ -1081,14 +1095,15 @@ class LdapCherry(object):
graph=self.roles.graph, graph=self.roles.graph,
graph_js=graph_js, graph_js=graph_js,
roles_js=roles_js, roles_js=roles_js,
current_roles=user_roles current_roles=user_roles,
) )
return self.temp_modify.render( return self.temp_modify.render(
form=form, form=form,
roles=roles, roles=roles,
is_admin=is_admin, is_admin=is_admin,
notification=notification, notification=notification,
standalone_groups=user_lonely_groups standalone_groups=user_lonely_groups,
backends_display_names=self.backends_display_names,
) )
@cherrypy.expose @cherrypy.expose

10
ldapcherry/backend/backendAD.py
View File

@ -1,7 +1,7 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# vim:set expandtab tabstop=4 shiftwidth=4: # vim:set expandtab tabstop=4 shiftwidth=4:
# #
# License GPLv3 # License MIT
# LdapCherry # LdapCherry
# Copyright (c) 2014 Carpentier Pierre-Francois # Copyright (c) 2014 Carpentier Pierre-Francois
@ -17,13 +17,6 @@ import os
import re import re
class DelUserDontExists(Exception):
def __init__(self, user):
self.user = user
self.log = "cannot remove user, user <%(user)s> does not exist" % \
{'user': user}
class CaFileDontExist(Exception): class CaFileDontExist(Exception):
def __init__(self, cafile): def __init__(self, cafile):
self.cafile = cafile self.cafile = cafile
@ -77,6 +70,7 @@ class Backend(ldapcherry.backend.backendLdap.Backend):
self.config = config self.config = config
self._logger = logger self._logger = logger
self.backend_name = name self.backend_name = name
self.backend_display_name = self.get_param('display_name')
self.domain = self.get_param('domain') self.domain = self.get_param('domain')
self.login = self.get_param('login') self.login = self.get_param('login')
basedn = 'dc=' + re.sub(r'\.', ',DC=', self.domain) basedn = 'dc=' + re.sub(r'\.', ',DC=', self.domain)

14
ldapcherry/backend/backendLdap.py
View File

@ -16,13 +16,6 @@ import os
import re import re
class DelUserDontExists(Exception):
def __init__(self, user):
self.user = user
self.log = "cannot remove user, user <%(user)s> does not exist" % \
{'user': user}
class CaFileDontExist(Exception): class CaFileDontExist(Exception):
def __init__(self, cafile): def __init__(self, cafile):
self.cafile = cafile self.cafile = cafile
@ -42,6 +35,7 @@ class Backend(ldapcherry.backend.Backend):
self.config = config self.config = config
self._logger = logger self._logger = logger
self.backend_name = name self.backend_name = name
self.backend_display_name = self.get_param('display_name')
self.binddn = self.get_param('binddn') self.binddn = self.get_param('binddn')
self.bindpassword = self.get_param('password') self.bindpassword = self.get_param('password')
self.ca = self.get_param('ca', False) self.ca = self.get_param('ca', False)
@ -332,7 +326,7 @@ class Backend(ldapcherry.backend.Backend):
ldap_client.delete_s(dn) ldap_client.delete_s(dn)
else: else:
ldap_client.unbind_s() ldap_client.unbind_s()
raise DelUserDontExists(username) raise UserDoesntExist(username, self.backend_display_name)
ldap_client.unbind_s() ldap_client.unbind_s()
def set_attrs(self, username, attrs): def set_attrs(self, username, attrs):
@ -423,7 +417,7 @@ class Backend(ldapcherry.backend.Backend):
} }
) )
except ldap.NO_SUCH_OBJECT as e: except ldap.NO_SUCH_OBJECT as e:
raise GroupDoesntExist(group, self.backend_name) raise GroupDoesntExist(group, self.backend_display_name)
except Exception as e: except Exception as e:
ldap_client.unbind_s() ldap_client.unbind_s()
self._exception_handler(e) self._exception_handler(e)
@ -493,7 +487,7 @@ class Backend(ldapcherry.backend.Backend):
ret = {} ret = {}
tmp = self._get_user(username, ALL_ATTRS) tmp = self._get_user(username, ALL_ATTRS)
if tmp is None: if tmp is None:
raise UserDoesntExist(username, self.backend_name) raise UserDoesntExist(username, self.backend_display_name)
attrs_tmp = tmp[1] attrs_tmp = tmp[1]
for attr in attrs_tmp: for attr in attrs_tmp:
value_tmp = attrs_tmp[attr] value_tmp = attrs_tmp[attr]

2
resources/templates/modify.tmpl
View File

@ -37,7 +37,7 @@
% for group in standalone_groups[backend]: % for group in standalone_groups[backend]:
<tr> <tr>
<td> <td>
${backend} ${backends_display_names[backend]}
</td> </td>
<td> <td>
${group} ${group}

5
tests/test_BackendLdap.py
View File

@ -7,7 +7,7 @@ from __future__ import unicode_literals
import pytest import pytest
import sys import sys
from sets import Set from sets import Set
from ldapcherry.backend.backendLdap import Backend, DelUserDontExists, CaFileDontExist from ldapcherry.backend.backendLdap import Backend, CaFileDontExist
from ldapcherry.exceptions import * from ldapcherry.exceptions import *
from disable import travis_disabled from disable import travis_disabled
import cherrypy import cherrypy
@ -31,6 +31,7 @@ cfg = {
'dn_user_attr' : 'uid', 'dn_user_attr' : 'uid',
'group_attr.member' : "%(dn)s", 'group_attr.member' : "%(dn)s",
'timeout' : 10, 'timeout' : 10,
'display_name' : 'My Test Ldap',
} }
def syslog_error(msg='', context='', def syslog_error(msg='', context='',
@ -228,7 +229,7 @@ class TestError(object):
try: try:
inv.del_user('test') inv.del_user('test')
inv.del_user('test') inv.del_user('test')
except DelUserDontExists: except UserDoesntExist:
return return
else: else:
raise AssertionError("expected an exception") raise AssertionError("expected an exception")