216 |
216 |
'groupstaff': None,
|
217 |
217 |
'groupactive': None,
|
218 |
218 |
'group_mapping': (),
|
|
219 |
'role_mapping': (),
|
219 |
220 |
'replicas': True,
|
220 |
221 |
'email_field': 'mail',
|
221 |
222 |
'fname_field': 'givenName',
|
... | ... | |
514 |
515 |
elif dn not in group_dns and group in groups:
|
515 |
516 |
user.groups.remove(group)
|
516 |
517 |
|
|
518 |
def populate_roles_by_mapping(self, user, dn, conn, block, group_dns):
|
|
519 |
'''Assign role to user based on a mapping from group (sic) DNs'''
|
|
520 |
role_mapping = block.get('role_mapping')
|
|
521 |
if not role_mapping:
|
|
522 |
return
|
|
523 |
if not user.pk:
|
|
524 |
user.save()
|
|
525 |
user._changed = False
|
|
526 |
roles = user.roles.all()
|
|
527 |
for dn, role_names in role_mapping:
|
|
528 |
for role_name in role_names:
|
|
529 |
role = self.get_role_by_name(block, role_name)
|
|
530 |
if role is None:
|
|
531 |
continue
|
|
532 |
# Add missing roles
|
|
533 |
if dn in group_dns and role not in roles:
|
|
534 |
user.roles.add(role)
|
|
535 |
# Remove extra roles
|
|
536 |
elif dn not in group_dns and role in roles:
|
|
537 |
user.roles.remove(role)
|
|
538 |
|
517 |
539 |
def get_ldap_group_dns(self, user, dn, conn, block, attributes):
|
518 |
540 |
'''Retrieve group DNs from the LDAP by attributes (memberOf) or by
|
519 |
541 |
filter.
|
... | ... | |
546 |
568 |
self.populate_admin_flags_by_group(user, block, group_dns)
|
547 |
569 |
self.populate_groups_by_mapping(user, dn, conn, block, group_dns)
|
548 |
570 |
|
|
571 |
def populate_user_roles(self, user, dn, conn, block, attributes):
|
|
572 |
group_dns = self.get_ldap_group_dns(user, dn, conn, block, attributes)
|
|
573 |
log.debug('groups for dn %r: %r', dn, group_dns)
|
|
574 |
# Admin flags by roles ?
|
|
575 |
self.populate_roles_by_mapping(user, dn, conn, block, group_dns)
|
|
576 |
|
549 |
577 |
def get_group_by_name(self, block, group_name, create=None):
|
550 |
578 |
'''Obtain a Django group'''
|
551 |
579 |
if create is None:
|
... | ... | |
621 |
649 |
self.populate_mandatory_groups(user, block)
|
622 |
650 |
self.populate_mandatory_roles(user, block)
|
623 |
651 |
self.populate_user_groups(user, dn, conn, block, attributes)
|
|
652 |
self.populate_user_roles(user, dn, conn, block, attributes)
|
624 |
653 |
|
625 |
654 |
def populate_user_ou(self, user, dn, conn, block, attributes):
|
626 |
655 |
'''Assign LDAP user to an ou, the default one if ou_slug setting is
|
627 |
|
-
|