You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
200 lines
8.8 KiB
200 lines
8.8 KiB
#!/bin/usr/env python3
|
|
import ldap3
|
|
import utils
|
|
import config
|
|
import time
|
|
|
|
def check_result(conn):
|
|
if conn.result['result'] != 0: #see https://www.ietf.org/rfc/rfc4511.txt 4.1.9
|
|
raise RuntimeError(str(conn.result))
|
|
|
|
def connection_decorator(f):
|
|
with ldap3.Connection(config.SERVER, auto_bind=True, client_strategy=ldap3.STRATEGY_SYNC_RESTARTABLE) as conn:
|
|
def wrapped_f(*args, **kwargs):
|
|
return f(args[0], conn, *args[1:], **kwargs)
|
|
return wrapped_f
|
|
|
|
def admin_connection_decorator(f):
|
|
with ldap3.Connection(config.SERVER, user=config.ADMIN_CN, password=config.ADMIN_PASSWORD, auto_bind=True, client_strategy=ldap3.STRATEGY_SYNC_RESTARTABLE) as conn:
|
|
def wrapped_f(*args, **kwargs):
|
|
return f(args[0], conn, *args[1:], **kwargs)
|
|
return wrapped_f
|
|
|
|
class LILiK_USER(object):
|
|
_attributes = ['cn']
|
|
_read_only_attributes = ['uid']
|
|
_flags = {'mail': 'accountActive'}
|
|
_hosts = ['ltsp',
|
|
'users']
|
|
_groups = ['admin',
|
|
'wiki',
|
|
'lilik.it',
|
|
'cloud',
|
|
'projects',
|
|
'teambox',
|
|
'im']
|
|
_posix_groups = ['users_sites']
|
|
def __init__(self, entry, posix_groups):
|
|
results = {}
|
|
for attribute in self._attributes + self._read_only_attributes:
|
|
self.__setattr__(attribute, str(entry.__getattr__(attribute)))
|
|
services = {}
|
|
|
|
for service, flag in self._flags.items():
|
|
services[service] = flag in entry and str(entry[flag]) == 'TRUE'
|
|
for host in self._hosts:
|
|
services[host] = 'host' in entry and host in entry['host']
|
|
for group in self._groups:
|
|
services[group] = 'memberOf' in entry and utils.ldap_path("cn=%s"%utils.clean_value(group), config.GROUP, config.DOMAIN) in list(entry['memberOf'])
|
|
for posix_group in self._posix_groups:
|
|
services[posix_group] = posix_group in posix_groups and str(entry.uid) in list(posix_groups[posix_group])
|
|
self.__setattr__('services', services)
|
|
|
|
def to_json(self):
|
|
return json.dumps(self, default=lambda o: o.__dict__,)
|
|
|
|
def to_dict(self):
|
|
return self.__dict__
|
|
|
|
@admin_connection_decorator
|
|
def diff(self, conn, new_lilik_user):
|
|
user_cn = utils.ldap_path('uid=%s'%self.uid, config.PEOPLE, config.DOMAIN)
|
|
return utils.DictDiffer(new_lilik_user, self.__dict__)
|
|
|
|
@admin_connection_decorator
|
|
def update(self, conn, new_lilik_user):
|
|
user_cn = utils.ldap_path('uid=%s'%self.uid, config.PEOPLE, config.DOMAIN)
|
|
diff = utils.DictDiffer(new_lilik_user, self.__dict__)
|
|
modifiers = {user_cn: {}}
|
|
if 'userPassword' in diff.added() and new_lilik_user['userPassword']:
|
|
hashed = ldap3.utils.hashed.hashed(ldap3.HASHED_SALTED_SHA512, new_lilik_user['userPassword'])
|
|
modifiers[user_cn]['userPassword'] = [(ldap3.MODIFY_REPLACE, [hashed])]
|
|
for changed in diff.changed():
|
|
if changed == 'services':
|
|
services_diff = utils.DictDiffer(self.__dict__[changed], new_lilik_user[changed])
|
|
for service_changed in services_diff.changed():
|
|
if service_changed in self._flags:
|
|
flag = self._flags[service_changed]
|
|
modifiers[user_cn][flag] = [(ldap3.MODIFY_REPLACE, [str(new_lilik_user['services'][service_changed]).upper()])]
|
|
|
|
elif service_changed in self._hosts:
|
|
action = ldap3.MODIFY_ADD if new_lilik_user['services'][service_changed] else ldap3.MODIFY_DELETE
|
|
modifiers[user_cn]['host'] = [(action, [service_changed])]
|
|
|
|
elif service_changed in self._groups:
|
|
group_cn = utils.ldap_path('cn=%s'%service_changed, config.GROUP, config.DOMAIN)
|
|
action = ldap3.MODIFY_ADD if new_lilik_user['services'][service_changed] else ldap3.MODIFY_DELETE
|
|
modifiers[group_cn] = {'member': [(action, [user_cn])]}
|
|
|
|
elif service_changed in self._posix_groups:
|
|
group_cn = utils.ldap_path('cn=%s'%service_changed, config.GROUP, config.DOMAIN)
|
|
action = ldap3.MODIFY_ADD if new_lilik_user['services'][service_changed] else ldap3.MODIFY_DELETE
|
|
modifiers[group_cn] = {'memberUid': [(action, [self.uid])]}
|
|
else:
|
|
raise NameError('Unknown user attribute: %s'%service_changed)
|
|
elif changed in self._attributes:
|
|
if changed == 'cn':
|
|
try:
|
|
firstname, surname = new_lilik_user[changed].strip().rsplit(' ', 1)
|
|
except ValueError:
|
|
firstname = new_lilik_user[changed].strip()
|
|
surname = " "
|
|
modifiers[user_cn]['sn'] = [(ldap3.MODIFY_REPLACE, [surname])]
|
|
modifiers[user_cn]['givenname'] = [(ldap3.MODIFY_REPLACE, [firstname])]
|
|
modifiers[user_cn][changed] = [(ldap3.MODIFY_REPLACE, [new_lilik_user[changed]])]
|
|
for entry_cn, modifier in modifiers.items():
|
|
print(modifier.keys())
|
|
if modifier:
|
|
if 'userPassword' in modifier.keys():
|
|
print(entry_cn, list(modifier.keys())[0], '****** (HIDDEN)')
|
|
else:
|
|
print(entry_cn, modifier)
|
|
conn.modify(entry_cn, modifier)
|
|
check_result(conn)
|
|
print(conn.result)
|
|
if conn.result['result'] != 0:
|
|
return False
|
|
return True
|
|
|
|
class LILiK_LDAP(object):
|
|
|
|
def login(self, user_name, password):
|
|
bind_dn = utils.ldap_path('uid=%s'%utils.clean_user_name(user_name), config.PEOPLE, config.DOMAIN)
|
|
c = ldap3.Connection(config.SERVER, user=bind_dn, password=password)
|
|
return c.bind()
|
|
|
|
@admin_connection_decorator
|
|
def get_users(self, conn):
|
|
conn.search(utils.ldap_path(config.PEOPLE, config.DOMAIN), '(objectclass=posixAccount)', attributes=['uid'])
|
|
check_result(conn)
|
|
return [str(a.uid) for a in conn.entries]
|
|
|
|
@admin_connection_decorator
|
|
def get_user(self, conn, user_name):
|
|
conn.search(utils.ldap_path(config.PEOPLE, config.DOMAIN), '(&(objectclass=posixAccount)(uid=%s))'%utils.clean_user_name(user_name), attributes=['*', 'memberOf'])
|
|
check_result(conn)
|
|
if len(conn.entries) == 0:
|
|
raise IndexError("no user found for %s"%user_name)
|
|
entry = conn.entries[0]
|
|
return LILiK_USER(entry, self.get_posix_groups())
|
|
|
|
@connection_decorator
|
|
def get_max_uidnumber(self, conn):
|
|
conn.search(utils.ldap_path(config.PEOPLE, config.DOMAIN),
|
|
"(objectClass=posixAccount)",
|
|
attributes=['uidnumber'])
|
|
check_result(conn)
|
|
max = 0
|
|
for entry in conn.response:
|
|
max = int(entry['attributes']['uidnumber'][0]) if int(entry['attributes']['uidnumber'][0]) > max else max
|
|
return max
|
|
|
|
@admin_connection_decorator
|
|
def new_user(self, conn, user_dict):
|
|
username = utils.clean_user_name(user_dict['uid'])
|
|
user_dn = "uid=%s,o=People,dc=lilik,dc=it"%username
|
|
mail_dn = "mail=%s,vd=lilik.it,o=hosting,dc=lilik,dc=it"%username
|
|
# print("delete user")
|
|
# conn.delete(user_dn)
|
|
# print("delete mail")
|
|
# conn.delete(mail_dn)
|
|
print(" creating")
|
|
conn.add(user_dn,
|
|
['top', 'inetOrgPerson', 'VirtualMailAccount', 'posixAccount', 'shadowAccount'],
|
|
{'accountactive': "FALSE",
|
|
'cn': 'undefined',
|
|
'delete': "FALSE",
|
|
'gidnumber': 100,
|
|
'givenname': 'undefined',
|
|
'homedirectory': "/home/%s"%username,
|
|
'loginshell': '/bin/bash',
|
|
'mail': username,
|
|
'othertransport': 'phamm:',
|
|
'quota': 1024000,
|
|
'smtpauth': "FALSE",
|
|
'sn': 'undefined',
|
|
'uid': username,
|
|
'uidnumber': self.get_max_uidnumber() + 1,
|
|
'userpassword': '',
|
|
'vdhome': 'undefined',
|
|
'mailbox': 'undefined',
|
|
'lastChange': int(time.time())}
|
|
)
|
|
check_result(conn)
|
|
print(conn.result)
|
|
print("user created")
|
|
conn.add(mail_dn,
|
|
['alias', 'extensibleObject'],
|
|
{'aliasedobjectname': user_dn}
|
|
)
|
|
check_result(conn)
|
|
print(conn.result)
|
|
|
|
@connection_decorator
|
|
def get_posix_groups(self, conn):
|
|
conn.search(utils.ldap_path(config.GROUP, config.DOMAIN), '(objectclass=posixGroup)', attributes=['*'])
|
|
check_result(conn)
|
|
results = {}
|
|
for group in conn.entries:
|
|
results[str(group.cn)] = list(group.memberUid) if 'memberUid' in group else []
|
|
return results
|