Produits Entr'ouvert » Authentic 2

Here is the start of a provisionning application for a2. The application provide just one command provision. It only targets LDAP dictories for now, it allow to select a group of user (a Django filter can be provided) and to create LDAP records based on their attributes. LDAP records matching a filter but none of the users are deleted, this behaviour can be disabled. All configuration is done through a setting named A2_PROVISIONNING_RESOURCES, an example configuration take from the unittest is given later.

This patch serie also include start of test framework for working with OpenLDAP, the class authentic2_provisionning.ldap_utils.Slapd allow to create a temporary OpenLDAP server to initialize its configuration and its database from scratch. It's currently used to test the provisionning command.

A2_PROVISIONNING_RESSOURCES = [{
            'name': 'ldap',
            'url': self.slapd.ldapi_url,
            'bind_dn': 'uid=admin,o=orga',
            'bind_pw': 'admin',
            'base_dn': 'o=orga',
            'rdn_attributes': ['uid',],
            'attribute_mapping': {
                'uid': 'django_user_username',
                'givenName': 'django_user_first_name',
                'sn': 'django_user_last_name',
                'mail': 'django_user_email',
            },
            'format_mapping': {
                'cn': ['{django_user_first_name} {django_user_last_name}'],
            },
            'static_attributes': {
                'objectclass': 'inetorgperson',
            },
            'ldap_filter': '(objectclass=inetorgperson)',
        }]

The goal is to extend this sripts to other databases like SQL, SCIM in the future and to allow creating ressource instances from the manager.

This is lightweight provisionning, the goal is not to handle complex use cases needing user workflows or validation.