483 |
483 |
transaction.savepoint_rollback(sid)
|
484 |
484 |
username = u'{0}{1}@{2}'.format(left, i, right)
|
485 |
485 |
|
486 |
|
def populate_user_attributes(self, user, uri, dn, conn, block, attributes):
|
487 |
|
for legacy_attribute, legacy_field in (('email', 'email_field'),
|
|
486 |
def populate_user_attributes(self, user, block, attributes):
|
|
487 |
for legacy_attribute, legacy_field in (('email', 'email_field'),
|
488 |
488 |
('first_name', 'fname_field'), ('last_name', 'lname_field')):
|
489 |
489 |
ldap_attribute = block[legacy_field]
|
490 |
490 |
if not ldap_attribute:
|
... | ... | |
514 |
514 |
return True
|
515 |
515 |
return False
|
516 |
516 |
|
517 |
|
def populate_admin_flags_by_group(self, user, uri, dn, conn, block, group_dns):
|
|
517 |
def populate_admin_flags_by_group(self, user, block, group_dns):
|
518 |
518 |
'''Attribute admin flags based on groups.
|
519 |
519 |
|
520 |
520 |
It supersedes is_staff, is_superuser and is_active.'''
|
... | ... | |
529 |
529 |
else:
|
530 |
530 |
setattr(user, attr, False)
|
531 |
531 |
|
532 |
|
def populate_groups_by_mapping(self, user, uri, dn, conn, block, group_dns):
|
|
532 |
def populate_groups_by_mapping(self, user, dn, conn, block, group_dns):
|
533 |
533 |
'''Assign group to user based on a mapping from group DNs'''
|
534 |
534 |
group_mapping = block['group_mapping']
|
535 |
535 |
if not group_mapping:
|
... | ... | |
544 |
544 |
except KeyError:
|
545 |
545 |
pass
|
546 |
546 |
|
547 |
|
def get_ldap_group_dns(self, user, uri, dn, conn, block):
|
|
547 |
def get_ldap_group_dns(self, user, dn, conn, block):
|
548 |
548 |
'''Retrieve group DNs from the LDAP by attributes (memberOf) or by
|
549 |
549 |
filter.
|
550 |
550 |
'''
|
... | ... | |
568 |
568 |
group_dns.update(dn for dn, attributes in results)
|
569 |
569 |
return group_dns
|
570 |
570 |
|
571 |
|
def populate_user_groups(self, user, uri, dn, conn, block):
|
572 |
|
group_dns = self.get_ldap_group_dns(user, uri, dn, conn, block)
|
|
571 |
def populate_user_groups(self, user, dn, conn, block):
|
|
572 |
group_dns = self.get_ldap_group_dns(user, dn, conn, block)
|
573 |
573 |
log.debug('groups for dn %r: %r', dn, group_dns)
|
574 |
|
self.populate_admin_flags_by_group(user, uri, dn, conn, block, group_dns)
|
575 |
|
self.populate_groups_by_mapping(user, uri, dn, conn, block, group_dns)
|
|
574 |
self.populate_admin_flags_by_group(user, block, group_dns)
|
|
575 |
self.populate_groups_by_mapping(user, dn, conn, block, group_dns)
|
576 |
576 |
|
577 |
577 |
|
578 |
578 |
def get_group_by_name(self, block, group_name, create=None):
|
... | ... | |
588 |
588 |
except Group.DoesNotExist:
|
589 |
589 |
return None
|
590 |
590 |
|
591 |
|
def populate_mandatory_groups(self, user, uri, dn, conn, block):
|
|
591 |
def populate_mandatory_groups(self, user, block):
|
592 |
592 |
mandatory_groups = block.get('set_mandatory_groups')
|
593 |
593 |
if not mandatory_groups:
|
594 |
594 |
return
|
... | ... | |
597 |
597 |
if group:
|
598 |
598 |
user.groups.add(group)
|
599 |
599 |
|
600 |
|
def populate_admin_fields(self, user, uri, dn, conn, block):
|
|
600 |
def populate_admin_fields(self, user, block):
|
601 |
601 |
if block['is_staff'] is not None:
|
602 |
602 |
user.is_staff = block['is_staff']
|
603 |
603 |
if block['is_superuser'] is not None:
|
604 |
604 |
user.is_superuser = block['is_superuser']
|
605 |
605 |
|
606 |
|
def populate_user(self, user, uri, dn, username, conn, block, attributes):
|
607 |
|
self.update_user_identifiers(user, uri, dn, username, conn, block,
|
608 |
|
attributes)
|
609 |
|
self.populate_user_attributes(user, uri, dn, conn, block, attributes)
|
610 |
|
self.populate_admin_fields(user, uri, dn, conn, block)
|
611 |
|
self.populate_mandatory_groups(user, uri, dn, conn, block)
|
612 |
|
self.populate_user_groups(user, uri, dn, conn, block)
|
|
606 |
def populate_user(self, user, dn, username, conn, block, attributes):
|
|
607 |
self.update_user_identifiers(user, username, block, attributes)
|
|
608 |
self.populate_user_attributes(user, block, attributes)
|
|
609 |
self.populate_admin_fields(user, block)
|
|
610 |
self.populate_mandatory_groups(user, block)
|
|
611 |
self.populate_user_groups(user, dn, conn, block)
|
613 |
612 |
|
614 |
613 |
@classmethod
|
615 |
614 |
def attribute_name_from_external_id_tuple(cls, external_id_tuple):
|
... | ... | |
726 |
725 |
except User.DoesNotExist:
|
727 |
726 |
pass
|
728 |
727 |
|
729 |
|
def lookup_existing_user(self, uri, dn, username, password, conn, block, attributes):
|
|
728 |
def lookup_existing_user(self, username, block, attributes):
|
730 |
729 |
for lookup_type in block['lookups']:
|
731 |
730 |
if lookup_type == 'username':
|
732 |
731 |
return self.lookup_by_username(username)
|
733 |
732 |
elif lookup_type == 'external_id':
|
734 |
733 |
return self.lookup_by_external_id(block, attributes)
|
735 |
734 |
|
736 |
|
def update_user_identifiers(self, user, uri, dn, username, conn,
|
737 |
|
block, attributes):
|
|
735 |
def update_user_identifiers(self, user, username, block, attributes):
|
738 |
736 |
if block['transient']:
|
739 |
737 |
return
|
740 |
738 |
# if username has changed and we propagate those changes, update it
|
... | ... | |
782 |
780 |
def _return_transient_user(self, uri, dn, username, password, conn, block, attributes):
|
783 |
781 |
user = LDAPUser(username=username)
|
784 |
782 |
user.ldap_init(block, dn, password, transient=True)
|
785 |
|
self.populate_user(user, uri, dn, username, conn, block, attributes)
|
|
783 |
self.populate_user(user, dn, username, conn, block, attributes)
|
786 |
784 |
user.pk = 'transient!{0}'.format(base64.b64encode(pickle.dumps(user)))
|
787 |
785 |
return user
|
788 |
786 |
|
789 |
787 |
def _return_django_user(self, uri, dn, username, password, conn, block, attributes):
|
790 |
|
user = self.lookup_existing_user(uri, dn, username, password, conn, block, attributes)
|
|
788 |
user = self.lookup_existing_user(username, block, attributes)
|
791 |
789 |
if user:
|
792 |
790 |
created = False
|
793 |
791 |
log.debug('found existing user %r', user)
|
... | ... | |
795 |
793 |
created = True
|
796 |
794 |
user = LDAPUser()
|
797 |
795 |
user.ldap_init(block, dn, password)
|
798 |
|
self.populate_user(user, uri, dn, username, conn, block, attributes)
|
|
796 |
self.populate_user(user, dn, username, conn, block, attributes)
|
799 |
797 |
if block['keep_password']:
|
800 |
798 |
if created:
|
801 |
799 |
user.set_password(password)
|
... | ... | |
819 |
817 |
names.update(cls.get_ldap_attributes_names(block))
|
820 |
818 |
names.update(block['mandatory_attributes_values'].keys())
|
821 |
819 |
return [(a, '%s (LDAP)' % a) for a in sorted(names)]
|
|
820 |
|
|
821 |
@classmethod
|
|
822 |
def get_users(cls):
|
|
823 |
for block in cls.get_config():
|
|
824 |
conn = get_connection(block)
|
|
825 |
user_basedn = block.get('user_basedn', block['basedn'])
|
|
826 |
user_filter = block['user_filter'].replace('%s', '*')
|
|
827 |
attrs = block['attributes']
|
|
828 |
users = conn.search_s(user_basedn, ldap.SCOPE_SUBTREE, user_filter, attrs)
|
|
829 |
backend = cls()
|
|
830 |
for user_dn, data in users:
|
|
831 |
attrs = cls.get_ldap_attributes(block, conn, user_dn)
|
|
832 |
username = backend.create_username(block['url'], user_dn,
|
|
833 |
conn, block, attrs)
|
|
834 |
user = backend.lookup_existing_user(username, block, attrs)
|
|
835 |
if not user:
|
|
836 |
user = LDAPUser(username=username)
|
|
837 |
user.transient = False
|
|
838 |
backend.populate_user(user, user_dn, username, conn, block, attrs)
|
|
839 |
for name, value in user.attributes.iteritems():
|
|
840 |
setattr(user, name, value)
|
|
841 |
yield user
|