LILiK
/
lilik_users3
5
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
LILiK login and user managment web interface
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
81 KiB
Tree: 42191ba8d2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '42191ba8d2'
${ noResults }
lilik_users3/lilikusers.py

122 lines
5.6 KiB
Raw Normal View History

api works, admin check not implemented yet
8 years ago
 
  1. #!/bin/usr/env python3
  2. import ldap3
  3. import utils
  4. import config
  5. 

  6. def connection_decorator(f):
  7.     with ldap3.Connection(config.SERVER, auto_bind=True) as conn:
  8.         def wrapped_f(*args, **kwargs):
  9.             return f(args[0], conn, *args[1:], **kwargs)
  10.         return wrapped_f
  11. 

  12. def admin_connection_decorator(f):
  13.     with ldap3.Connection(config.SERVER, user=config.ADMIN_CN, password=config.ADMIN_PASSWORD, auto_bind=True) as conn:
  14.         def wrapped_f(*args, **kwargs):
  15.             return f(args[0], conn, *args[1:], **kwargs)
  16.         return wrapped_f
  17. 

  18. class LILiK_USER(object):
  19.     _attributes = {'uid': [], 'cn': ['givenName']}
  20.     _flags = {'mail': 'accountActive'}
  21.     _hosts = ['ltsp',
  22.     		 'users']
  23.     _groups = ['admin',
  24.     			'wiki',
  25.     			'lilik.it',
  26.     			'cloud',
  27.     			'projects',
  28.     			'teambox',
  29.     			'im']
  30.     _posix_groups = ['users_sites']
  31.     def __init__(self, entry, posix_groups):
  32.         results = {}
  33.         for attribute in self._attributes.keys():
  34.             self.__setattr__(attribute, str(entry.__getattr__(attribute)))
  35.         services = {}
  36. 

  37.         for service, flag in self._flags.items():
  38.             services[service] = flag in entry and bool(entry[flag])
  39.         for host in self._hosts:
  40.             services[host] = 'host' in entry and host in entry['host']
  41.         for group in self._groups:
  42.             services[group] = 'memberOf' in entry and utils.ldap_path("cn=%s"%utils.clean_value(group), config.GROUP, config.DOMAIN) in list(entry['memberOf'])
  43.         for posix_group in self._posix_groups:
  44.             services[posix_group] = posix_group in posix_groups and str(entry.uid) in list(posix_groups[posix_group])
  45.         self.__setattr__('services', services)
  46. 

  47.     def to_json(self):
  48.         return json.dumps(self, default=lambda o: o.__dict__,)
  49. 

  50.     def to_dict(self):
  51.         return self.__dict__
  52. 

  53.     @admin_connection_decorator
  54.     def update(self, conn, new_lilik_user):
  55.         user_cn = utils.ldap_path('uid=%s'%self.uid, config.PEOPLE, config.DOMAIN)
  56.         diff = utils.DictDiffer(new_lilik_user, self.__dict__)
  57.         modifiers = {user_cn: {}}
  58.         if 'userPassword' in diff.added():
  59.             modifiers[user_cn]['userPassword'] = [(ldap3.MODIFY_REPLACE, [new_lilik_user['userPassword']])] #TODO add hash encryption?
  60.         for changed in diff.changed():
  61.             if changed == 'services':
  62.                 services_diff = utils.DictDiffer(self.__dict__[changed], new_lilik_user[changed])
  63.                 for service_changed in services_diff.changed():
  64.                     if service_changed in self._flags:
  65.                         flag = self._flags[service_changed]
  66.                         modifiers[user_cn][flag] = [(ldap3.MODIFY_REPLACE, [new_lilik_user['services'][service_changed]])]
  67. 

  68.                     elif service_changed in self._hosts:
  69.                         action = ldap3.MODIFY_ADD if new_lilik_user['services'][service_changed] else ldap3.MODIFY_DELETE
  70.                         modifiers[user_cn]['host'] = [(action, [service_changed])]
  71. 

  72.                     elif service_changed in self._groups:
  73.                         group_cn = utils.ldap_path('cn=%s'%service_changed, config.GROUP, config.DOMAIN)
  74.                         action = ldap3.MODIFY_ADD if new_lilik_user['services'][service_changed] else ldap3.MODIFY_DELETE
  75.                         modifiers[group_cn] = {'member': [(action, [user_cn])]}
  76. 

  77.                     elif service_changed in self._posix_groups:
  78.                         group_cn = utils.ldap_path('cn=%s'%service_changed, config.GROUP, config.DOMAIN)
  79.                         action = ldap3.MODIFY_ADD if new_lilik_user['services'][service_changed] else ldap3.MODIFY_DELETE
  80.                         modifiers[group_cn] = {'memberUid': [(action, [self.uid])]}
  81.                     else:
  82.                         raise Exception('Unknown user attribute')
  83.             else:
  84.                 for alias in self._attributes[changed]:
  85.                     modifiers[user_cn][alias] = [(ldap3.MODIFY_REPLACE, [new_lilik_user[changed]])]
  86.                 modifiers[user_cn][changed] = [(ldap3.MODIFY_REPLACE, [new_lilik_user[changed]])]
  87.         for entry_cn, modifier in modifiers.items():
  88.             if modifier:
  89.                 conn.modify(entry_cn, modifier)
  90.                 if conn.result['result'] != 0:
  91.                     return False
  92.         return True
  93. 

  94. class LILiK_LDAP(object):
  95. 

  96.     def login(self, user_name, password):
  97.         bind_dn = utils.ldap_path('uid=%s'%utils.clean_user_name(user_name), config.PEOPLE, config.DOMAIN)
  98.         c = ldap3.Connection(config.SERVER, user=bind_dn, password=password)
  99.         return c.bind()
  100. 

  101.     @connection_decorator
  102.     def get_users(self, conn):
  103.         conn.search(utils.ldap_path(config.PEOPLE, config.DOMAIN), '(objectclass=posixAccount)', attributes=['uid'])
  104.         return [str(a.uid) for a in conn.entries]
  105. 

  106.     @connection_decorator
  107.     def get_user(self, conn, user_name):
  108.         conn.search(utils.ldap_path(config.PEOPLE, config.DOMAIN), '(&(objectclass=posixAccount)(uid=%s))'%utils.clean_user_name(user_name), attributes=['*', 'memberOf'])
  109.         # return clean_user_name(user_name)
  110.         if len(conn.entries) == 0:
  111.             return None
  112.         entry = conn.entries[0]
  113.         return LILiK_USER(entry, self.get_posix_groups())
  114. 

  115.     @connection_decorator
  116.     def get_posix_groups(self, conn):
  117.         conn.search(utils.ldap_path(config.GROUP, config.DOMAIN), '(objectclass=posixGroup)', attributes=['*'])
  118.         # return clean_user_name(user_name)
  119.         results = {}
  120.         for group in conn.entries:
  121.             results[str(group.cn)] = list(group.memberUid) if 'memberUid' in group else []
  122.         return results