renaming and begining implementing the ad backend

2024-11-22 09:24:21 +01:00 · 2015-07-25 22:04:48 +02:00 · 2015-07-25 22:04:48 +02:00 · f0d43d9460
commit f0d43d9460
parent f6b1128274
2 changed files with 143 additions and 14 deletions
--- a/ldapcherry/backend/backendAD.py
+++ b/ldapcherry/backend/backendAD.py
@ -0,0 +1,143 @@
+# -*- coding: utf-8 -*-
+# vim:set expandtab tabstop=4 shiftwidth=4:
+#
+# License GPLv3
+# LdapCherry
+# Copyright (c) 2014 Carpentier Pierre-Francois
+
+import ldapcherry.backend.backendLdap
+import cherrypy
+import ldap
+import ldap.modlist as modlist
+import ldap.filter
+import logging
+import ldapcherry.backend
+from ldapcherry.exceptions import UserDoesntExist, GroupDoesntExist
+import os
+import re
+
+
+class DelUserDontExists(Exception):
+    def __init__(self, user):
+        self.user = user
+        self.log = "cannot remove user, user <%(user)s> does not exist" % \
+            {'user': user}
+
+
+class CaFileDontExist(Exception):
+    def __init__(self, cafile):
+        self.cafile = cafile
+        self.log = "CA file %(cafile)s don't exist" % {'cafile': cafile}
+
+NO_ATTR = 0
+DISPLAYED_ATTRS = 1
+LISTED_ATTRS = 2
+ALL_ATTRS = 3
+
+
+# Generated by the followin command:
+
+# samba-tool group list | \
+# while read line; \
+# do
+# ldapsearch -x -h localhost -D "administrator@dc.ldapcherry.org" \
+#     -w qwertyP455 -b "dc=dc,dc=ldapcherry,dc=org"  "(cn=$line)" dn; \
+# done | grep -e "dn: .*CN=Builtin" | \
+# sed "s/dn: CN=\(.*\),CN=.*/'\1',/"
+
+AD_BUILTIN_GROUPS = [
+    'Pre-Windows 2000 Compatible Access',
+    'Windows Authorization Access Group',
+    'Certificate Service DCOM Access',
+    'Network Configuration Operators',
+    'Terminal Server License Servers',
+    'Incoming Forest Trust Builders',
+    'Performance Monitor Users',
+    'Cryptographic Operators',
+    'Distributed COM Users',
+    'Performance Log Users',
+    'Remote Desktop Users',
+    'Account Operators',
+    'Event Log Readers',
+    'Backup Operators',
+    'Server Operators',
+    'Print Operators',
+    'Administrators',
+    'Replicator',
+    'IIS_IUSRS',
+    'Guests',
+    'Users',
+]
+
+class Backend(ldapcherry.backend.backendLdap.Backend):
+
+    def __init__(self, config, logger, name, attrslist, key):
+        self.config = config
+        self._logger = logger
+        self.backend_name = name
+        self.domain = self.get_param('domain')
+        self.login = self.get_param('login')
+        basedn = 'dc=' + re.sub(r'\.',',DC=', self.domain)
+        self.binddn = self.get_param('login') + '@' + self.domain 
+        self.bindpassword = self.get_param('password')
+        self.ca = self.get_param('ca', False)
+        self.checkcert = self.get_param('checkcert', 'on')
+        self.starttls = self.get_param('starttls', 'off')
+        self.uri = self.get_param('uri')
+        self.timeout = self.get_param('timeout', 1)
+        self.userdn = 'CN=Users,' + basedn
+        self.groupdn = self.userdn 
+        self.builtin = 'CN=Builtin,' + basedn
+        self.user_filter_tmpl = '(sAMAccountName=%(username)s)'
+        self.group_filter_tmpl = '(uid=%(userdn)s)'
+        self.search_filter_tmpl = '(|(sAMAccountName=%(searchstring)s*)(sn=%(searchstring)s*)(cn=%(searchstring)s*))' 
+        self.dn_user_attr = 'cn'
+        self.key = 'sAMAccountName'
+        self.objectlasses = ['top', 'person', 'organizationalPerson', 'user']
+        self.group_attrs = {
+            'member': "%(dn)s"
+            }
+
+        self.attrlist = []
+        for a in attrslist:
+            self.attrlist.append(self._str(a))
+
+    def _search_group(self, searchfilter, groupdn):
+        ldap_client = self._bind()
+        try:
+            r = ldap_client.search_s(
+                groupdn,
+                ldap.SCOPE_SUBTREE,
+                searchfilter,
+                attrlist=['CN']
+                )
+        except Exception as e:
+            ldap_client.unbind_s()
+            self._exception_handler(e)
+
+        ldap_client.unbind_s()
+        return r
+
+
+    def get_groups(self, username):
+
+        username = ldap.filter.escape_filter_chars(username)
+        userdn = self._get_user(username, NO_ATTR)
+
+        searchfilter = self.group_filter_tmpl % {
+            'userdn': userdn,
+            'username': username
+        }
+
+        groups = self._search_group(searchfilter, NO_ATTR, self.groupdn)
+        ret = []
+        for entry in groups:
+            ret.append(self._uni(entry[0]['CN']))
+
+        groups = self._search_group(searchfilter, NO_ATTR, self.builtin)
+        ret = []
+        for entry in groups:
+            ret.append(self._uni(entry[0]['CN']))
+
+        return ret
+
--- a/ldapcherry/backend/backendSamba4.py
+++ b/ldapcherry/backend/backendSamba4.py
@ -1,14 +0,0 @@
-# -*- coding: utf-8 -*-
-# vim:set expandtab tabstop=4 shiftwidth=4:
-#
-# License GPLv3
-# LdapCherry
-# Copyright (c) 2014 Carpentier Pierre-Francois
-
-import ldapcherry.backend
-
-
-class Backend(ldapcherry.backend.Backend):
-
-    def __init__(self, config, logger, name, attrslist, key):
-        pass