server/sources/ldapfeed.py
author Sylvain Thénault <sylvain.thenault@logilab.fr>
Thu, 16 Jun 2016 14:19:20 +0200
changeset 11278 19fcce6dc6d1
parent 11263 9ae85b069325
permissions -rw-r--r--
backport changes from 3.21
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
10913
5d7f17054ae6 [ldapfeed] use source's extid2eid, the repo's one will be deprecated in a near future.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 10844
diff changeset
     1
# copyright 2003-2015 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
8188
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
     2
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
     3
#
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
     4
# This file is part of CubicWeb.
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
     5
#
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
     6
# CubicWeb is free software: you can redistribute it and/or modify it under the
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
     7
# terms of the GNU Lesser General Public License as published by the Free
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
     8
# Software Foundation, either version 2.1 of the License, or (at your option)
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
     9
# any later version.
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    10
#
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    11
# CubicWeb is distributed in the hope that it will be useful, but WITHOUT
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    12
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    13
# FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    14
# details.
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    15
#
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    16
# You should have received a copy of the GNU Lesser General Public License along
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    17
# with CubicWeb.  If not, see <http://www.gnu.org/licenses/>.
8589
ee9ecfccc3e8 [ldapfeed] move docstring to the class instead of the module
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8430
diff changeset
    18
"""cubicweb ldap feed source"""
8188
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    19
10766
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
    20
from __future__ import division  # XXX why?
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    21
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    22
from datetime import datetime
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    23
10768
99689a5862ea [py3k] make ldapfeed tests pass
Julien Cristau <julien.cristau@logilab.fr>
parents: 10766
diff changeset
    24
from six import PY2, string_types
10612
84468b90e9c1 [py3k] basestring → six.string_types
Rémi Cardona <remi.cardona@logilab.fr>
parents: 10011
diff changeset
    25
10766
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
    26
import ldap3
8922
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
    27
8989
8742f4bf029f import merge_options directly from logilab.common
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents: 8922
diff changeset
    28
from logilab.common.configuration import merge_options
8742f4bf029f import merge_options directly from logilab.common
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents: 8922
diff changeset
    29
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    30
from cubicweb import ValidationError, AuthenticationError, Binary
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    31
from cubicweb.server import utils
8188
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    32
from cubicweb.server.sources import datafeed
8922
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
    33
10666
7f6b5f023884 [py3k] replace '_ = unicode' in global scope (closes #7589459)
Rémi Cardona <remi.cardona@logilab.fr>
parents: 10662
diff changeset
    34
from cubicweb import _
8188
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    35
8922
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
    36
# search scopes
10766
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
    37
BASE = ldap3.SEARCH_SCOPE_BASE_OBJECT
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
    38
ONELEVEL = ldap3.SEARCH_SCOPE_SINGLE_LEVEL
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
    39
SUBTREE = ldap3.SEARCH_SCOPE_WHOLE_SUBTREE
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
    40
LDAP_SCOPES = {'BASE': BASE,
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
    41
               'ONELEVEL': ONELEVEL,
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
    42
               'SUBTREE': SUBTREE}
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    43
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    44
# map ldap protocol to their standard port
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    45
PROTO_PORT = {'ldap': 389,
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    46
              'ldaps': 636,
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    47
              'ldapi': None,
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    48
              }
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    49
8188
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    50
10766
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
    51
def replace_filter(s):
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
    52
    s = s.replace('*', '\\2A')
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
    53
    s = s.replace('(', '\\28')
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
    54
    s = s.replace(')', '\\29')
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
    55
    s = s.replace('\\', '\\5c')
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
    56
    s = s.replace('\0', '\\00')
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
    57
    return s
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
    58
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
    59
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    60
class LDAPFeedSource(datafeed.DataFeedSource):
8589
ee9ecfccc3e8 [ldapfeed] move docstring to the class instead of the module
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8430
diff changeset
    61
    """LDAP feed source: unlike ldapuser source, this source is copy based and
ee9ecfccc3e8 [ldapfeed] move docstring to the class instead of the module
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8430
diff changeset
    62
    will import ldap content (beside passwords for authentication) into the
ee9ecfccc3e8 [ldapfeed] move docstring to the class instead of the module
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8430
diff changeset
    63
    system source.
ee9ecfccc3e8 [ldapfeed] move docstring to the class instead of the module
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8430
diff changeset
    64
    """
8229
b7bc631816f7 [ldapfeed] make authentication actually working
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8188
diff changeset
    65
    support_entities = {'CWUser': False}
8428
f1b721ca73cc [sources/ldapfeed] do not user cwuri as url (closes #2380324)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8229
diff changeset
    66
    use_cwuri_as_url = False
8188
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    67
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    68
    options = (
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    69
        ('auth-mode',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    70
         {'type' : 'choice',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    71
          'default': 'simple',
10766
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
    72
          'choices': ('simple', 'digest_md5', 'gssapi'),
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    73
          'help': 'authentication mode used to authenticate user to the ldap.',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    74
          'group': 'ldap-source', 'level': 3,
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    75
          }),
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    76
        ('auth-realm',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    77
         {'type' : 'string',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    78
          'default': None,
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    79
          'help': 'realm to use when using gssapi/kerberos authentication.',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    80
          'group': 'ldap-source', 'level': 3,
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    81
          }),
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    82
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    83
        ('data-cnx-dn',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    84
         {'type' : 'string',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    85
          'default': '',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    86
          'help': 'user dn to use to open data connection to the ldap (eg used \
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    87
to respond to rql queries). Leave empty for anonymous bind',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    88
          'group': 'ldap-source', 'level': 1,
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    89
          }),
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    90
        ('data-cnx-password',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    91
         {'type' : 'string',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    92
          'default': '',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    93
          'help': 'password to use to open data connection to the ldap (eg used to respond to rql queries). Leave empty for anonymous bind.',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    94
          'group': 'ldap-source', 'level': 1,
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    95
          }),
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    96
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    97
        ('user-base-dn',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    98
         {'type' : 'string',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
    99
          'default': '',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   100
          'help': 'base DN to lookup for users; disable user importation mechanism if unset',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   101
          'group': 'ldap-source', 'level': 1,
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   102
          }),
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   103
        ('user-scope',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   104
         {'type' : 'choice',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   105
          'default': 'ONELEVEL',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   106
          'choices': ('BASE', 'ONELEVEL', 'SUBTREE'),
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   107
          'help': 'user search scope (valid values: "BASE", "ONELEVEL", "SUBTREE")',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   108
          'group': 'ldap-source', 'level': 1,
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   109
          }),
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   110
        ('user-classes',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   111
         {'type' : 'csv',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   112
          'default': ('top', 'posixAccount'),
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   113
          'help': 'classes of user (with Active Directory, you want to say "user" here)',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   114
          'group': 'ldap-source', 'level': 1,
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   115
          }),
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   116
        ('user-filter',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   117
         {'type': 'string',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   118
          'default': '',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   119
          'help': 'additional filters to be set in the ldap query to find valid users',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   120
          'group': 'ldap-source', 'level': 2,
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   121
          }),
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   122
        ('user-login-attr',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   123
         {'type' : 'string',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   124
          'default': 'uid',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   125
          'help': 'attribute used as login on authentication (with Active Directory, you want to use "sAMAccountName" here)',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   126
          'group': 'ldap-source', 'level': 1,
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   127
          }),
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   128
        ('user-default-group',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   129
         {'type' : 'csv',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   130
          'default': ('users',),
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   131
          'help': 'name of a group in which ldap users will be by default. \
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   132
You can set multiple groups by separating them by a comma.',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   133
          'group': 'ldap-source', 'level': 1,
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   134
          }),
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   135
        ('user-attrs-map',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   136
         {'type' : 'named',
10011
340d4ef55b6f [ldapfeed] Reduce default value for user-attrs-map option (closes #3824889)
Paul Tonelli <paul.tonelli@logilab.fr>
parents: 9662
diff changeset
   137
          'default': {'uid': 'login'},
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   138
          'help': 'map from ldap user attributes to cubicweb attributes (with Active Directory, you want to use sAMAccountName:login,mail:email,givenName:firstname,sn:surname)',
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   139
          'group': 'ldap-source', 'level': 1,
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   140
          }),
8922
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   141
        ('group-base-dn',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   142
         {'type' : 'string',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   143
          'default': '',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   144
          'help': 'base DN to lookup for groups; disable group importation mechanism if unset',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   145
          'group': 'ldap-source', 'level': 1,
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   146
          }),
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   147
        ('group-scope',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   148
         {'type' : 'choice',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   149
          'default': 'ONELEVEL',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   150
          'choices': ('BASE', 'ONELEVEL', 'SUBTREE'),
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   151
          'help': 'group search scope (valid values: "BASE", "ONELEVEL", "SUBTREE")',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   152
          'group': 'ldap-source', 'level': 1,
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   153
          }),
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   154
        ('group-classes',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   155
         {'type' : 'csv',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   156
          'default': ('top', 'posixGroup'),
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   157
          'help': 'classes of group',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   158
          'group': 'ldap-source', 'level': 1,
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   159
          }),
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   160
        ('group-filter',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   161
         {'type': 'string',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   162
          'default': '',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   163
          'help': 'additional filters to be set in the ldap query to find valid groups',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   164
          'group': 'ldap-source', 'level': 2,
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   165
          }),
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   166
        ('group-attrs-map',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   167
         {'type' : 'named',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   168
          'default': {'cn': 'name', 'memberUid': 'member'},
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   169
          'help': 'map from ldap group attributes to cubicweb attributes',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   170
          'group': 'ldap-source', 'level': 1,
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   171
          }),
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   172
    )
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   173
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   174
    options = merge_options(datafeed.DataFeedSource.options + options,
8922
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   175
                            optgroup='ldap-source',)
8188
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   176
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   177
    _conn = None
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   178
8922
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   179
    def update_config(self, source_entity, typedconfig):
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   180
        """update configuration from source entity. `typedconfig` is config
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   181
        properly typed with defaults set
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   182
        """
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   183
        super(LDAPFeedSource, self).update_config(source_entity, typedconfig)
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   184
        self.authmode = typedconfig['auth-mode']
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   185
        self._authenticate = getattr(self, '_auth_%s' % self.authmode)
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   186
        self.cnx_dn = typedconfig['data-cnx-dn']
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   187
        self.cnx_pwd = typedconfig['data-cnx-password']
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   188
        self.user_base_dn = str(typedconfig['user-base-dn'])
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   189
        self.user_base_scope = globals()[typedconfig['user-scope']]
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   190
        self.user_login_attr = typedconfig['user-login-attr']
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   191
        self.user_default_groups = typedconfig['user-default-group']
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   192
        self.user_attrs = {'dn': 'eid', 'modifyTimestamp': 'modification_date'}
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   193
        self.user_attrs.update(typedconfig['user-attrs-map'])
10662
10942ed172de [py3k] dict.iteritems → dict.items
Rémi Cardona <remi.cardona@logilab.fr>
parents: 10612
diff changeset
   194
        self.user_rev_attrs = dict((v, k) for k, v in self.user_attrs.items())
10766
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   195
        self.base_filters = ['(objectclass=%s)' % replace_filter(o)
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   196
                             for o in typedconfig['user-classes']]
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   197
        if typedconfig['user-filter']:
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   198
            self.base_filters.append(typedconfig['user-filter'])
8922
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   199
        self.group_base_dn = str(typedconfig['group-base-dn'])
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   200
        self.group_base_scope = LDAP_SCOPES[typedconfig['group-scope']]
8922
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   201
        self.group_attrs = typedconfig['group-attrs-map']
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   202
        self.group_attrs = {'dn': 'eid', 'modifyTimestamp': 'modification_date'}
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   203
        self.group_attrs.update(typedconfig['group-attrs-map'])
10662
10942ed172de [py3k] dict.iteritems → dict.items
Rémi Cardona <remi.cardona@logilab.fr>
parents: 10612
diff changeset
   204
        self.group_rev_attrs = dict((v, k) for k, v in self.group_attrs.items())
10766
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   205
        self.group_base_filters = ['(objectClass=%s)' % replace_filter(o)
8922
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   206
                                   for o in typedconfig['group-classes']]
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   207
        if typedconfig['group-filter']:
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   208
            self.group_base_filters.append(typedconfig['group-filter'])
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   209
        self._conn = None
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   210
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   211
    def _entity_update(self, source_entity):
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   212
        super(LDAPFeedSource, self)._entity_update(source_entity)
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   213
        if self.urls:
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   214
            if len(self.urls) > 1:
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   215
                raise ValidationError(source_entity.eid, {'url': _('can only have one url')})
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   216
            try:
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   217
                protocol, hostport = self.urls[0].split('://')
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   218
            except ValueError:
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   219
                raise ValidationError(source_entity.eid, {'url': _('badly formatted url')})
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   220
            if protocol not in PROTO_PORT:
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   221
                raise ValidationError(source_entity.eid, {'url': _('unsupported protocol')})
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   222
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   223
    def connection_info(self):
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   224
        assert len(self.urls) == 1, self.urls
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   225
        protocol, hostport = self.urls[0].split('://')
10766
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   226
        if protocol != 'ldapi' and ':' in hostport:
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   227
            host, port = hostport.rsplit(':', 1)
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   228
        else:
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   229
            host, port = hostport, PROTO_PORT[protocol]
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   230
        return protocol, host, port
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   231
9512
88dc96fc9fc1 [server] use a connection instead of a session for user authentication
Julien Cristau <julien.cristau@logilab.fr>
parents: 9468
diff changeset
   232
    def authenticate(self, cnx, login, password=None, **kwargs):
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   233
        """return CWUser eid for the given login/password if this account is
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   234
        defined in this source, else raise `AuthenticationError`
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   235
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   236
        two queries are needed since passwords are stored crypted, so we have
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   237
        to fetch the salt first
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   238
        """
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   239
        self.info('ldap authenticate %s', login)
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   240
        if not password:
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   241
            # On Windows + ADAM this would have succeeded (!!!)
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   242
            # You get Authenticated as: 'NT AUTHORITY\ANONYMOUS LOGON'.
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   243
            # we really really don't want that
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   244
            raise AuthenticationError()
10766
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   245
        searchfilter = ['(%s=%s)' % (replace_filter(self.user_login_attr), replace_filter(login))]
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   246
        searchfilter.extend(self.base_filters)
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   247
        searchstr = '(&%s)' % ''.join(searchfilter)
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   248
        # first search the user
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   249
        try:
9512
88dc96fc9fc1 [server] use a connection instead of a session for user authentication
Julien Cristau <julien.cristau@logilab.fr>
parents: 9468
diff changeset
   250
            user = self._search(cnx, self.user_base_dn,
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   251
                                self.user_base_scope, searchstr)[0]
10766
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   252
        except IndexError:
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   253
            # no such user
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   254
            raise AuthenticationError()
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   255
        # check password by establishing a (unused) connection
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   256
        try:
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   257
            self._connect(user, password)
10766
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   258
        except ldap3.LDAPException as ex:
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   259
            # Something went wrong, most likely bad credentials
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   260
            self.info('while trying to authenticate %s: %s', user, ex)
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   261
            raise AuthenticationError()
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   262
        except Exception:
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   263
            self.error('while trying to authenticate %s', user, exc_info=True)
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   264
            raise AuthenticationError()
10913
5d7f17054ae6 [ldapfeed] use source's extid2eid, the repo's one will be deprecated in a near future.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 10844
diff changeset
   265
        eid = self.repo.system_source.extid2eid(cnx, user['dn'].encode('ascii'))
5d7f17054ae6 [ldapfeed] use source's extid2eid, the repo's one will be deprecated in a near future.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 10844
diff changeset
   266
        if eid is None or eid < 0:
5d7f17054ae6 [ldapfeed] use source's extid2eid, the repo's one will be deprecated in a near future.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 10844
diff changeset
   267
            # user is not known or has been moved away from this source
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   268
            raise AuthenticationError()
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   269
        return eid
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   270
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   271
    def _connect(self, user=None, userpwd=None):
10766
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   272
        protocol, host, port = self.connection_info()
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   273
        self.info('connecting %s://%s:%s as %s', protocol, host, port,
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   274
                  user and user['dn'] or 'anonymous')
10766
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   275
        server = ldap3.Server(host, port=int(port))
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   276
        conn = ldap3.Connection(server, user=user and user['dn'], client_strategy=ldap3.STRATEGY_SYNC_RESTARTABLE, auto_referrals=False)
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   277
        # Now bind with the credentials given. Let exceptions propagate out.
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   278
        if user is None:
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   279
            # XXX always use simple bind for data connection
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   280
            if not self.cnx_dn:
10766
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   281
                conn.bind()
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   282
            else:
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   283
                self._authenticate(conn, {'dn': self.cnx_dn}, self.cnx_pwd)
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   284
        else:
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   285
            # user specified, we want to check user/password, no need to return
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   286
            # the connection which will be thrown out
11263
9ae85b069325 [ldapfeed] ldap3 do not raise an exception in case of failure of cnx.bind()
David Douard <david.douard@logilab.fr>
parents: 10913
diff changeset
   287
            if not self._authenticate(conn, user, userpwd):
9ae85b069325 [ldapfeed] ldap3 do not raise an exception in case of failure of cnx.bind()
David Douard <david.douard@logilab.fr>
parents: 10913
diff changeset
   288
                raise AuthenticationError()
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   289
        return conn
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   290
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   291
    def _auth_simple(self, conn, user, userpwd):
10766
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   292
        conn.authentication = ldap3.AUTH_SIMPLE
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   293
        conn.user = user['dn']
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   294
        conn.password = userpwd
11263
9ae85b069325 [ldapfeed] ldap3 do not raise an exception in case of failure of cnx.bind()
David Douard <david.douard@logilab.fr>
parents: 10913
diff changeset
   295
        return conn.bind()
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   296
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   297
    def _auth_digest_md5(self, conn, user, userpwd):
10766
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   298
        conn.authentication = ldap3.AUTH_SASL
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   299
        conn.sasl_mechanism = 'DIGEST-MD5'
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   300
        # realm, user, password, authz-id
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   301
        conn.sasl_credentials = (None, user['dn'], userpwd, None)
11263
9ae85b069325 [ldapfeed] ldap3 do not raise an exception in case of failure of cnx.bind()
David Douard <david.douard@logilab.fr>
parents: 10913
diff changeset
   302
        return conn.bind()
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   303
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   304
    def _auth_gssapi(self, conn, user, userpwd):
10766
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   305
        conn.authentication = ldap3.AUTH_SASL
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   306
        conn.sasl_mechanism = 'GSSAPI'
11263
9ae85b069325 [ldapfeed] ldap3 do not raise an exception in case of failure of cnx.bind()
David Douard <david.douard@logilab.fr>
parents: 10913
diff changeset
   307
        return conn.bind()
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   308
9512
88dc96fc9fc1 [server] use a connection instead of a session for user authentication
Julien Cristau <julien.cristau@logilab.fr>
parents: 9468
diff changeset
   309
    def _search(self, cnx, base, scope,
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   310
                searchstr='(objectClass=*)', attrs=()):
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   311
        """make an ldap query"""
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   312
        self.debug('ldap search %s %s %s %s %s', self.uri, base, scope,
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   313
                   searchstr, list(attrs))
9462
375fc1868b11 [ldap] simplify connection handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 9461
diff changeset
   314
        if self._conn is None:
375fc1868b11 [ldap] simplify connection handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 9461
diff changeset
   315
            self._conn = self._connect()
9512
88dc96fc9fc1 [server] use a connection instead of a session for user authentication
Julien Cristau <julien.cristau@logilab.fr>
parents: 9468
diff changeset
   316
        ldapcnx = self._conn
10766
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   317
        if not ldapcnx.search(base, searchstr, search_scope=scope, attributes=attrs):
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   318
            return []
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   319
        result = []
10766
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   320
        for rec in ldapcnx.response:
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   321
            if rec['type'] != 'searchResEntry':
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   322
                continue
10766
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   323
            items = rec['attributes'].items()
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   324
            itemdict = self._process_ldap_item(rec['dn'], items)
d730f91251af [ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents: 10666
diff changeset
   325
            result.append(itemdict)
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   326
        self.debug('ldap built results %s', len(result))
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   327
        return result
8922
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   328
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   329
    def _process_ldap_item(self, dn, iterator):
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   330
        """Turn an ldap received item into a proper dict."""
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   331
        itemdict = {'dn': dn}
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   332
        for key, value in iterator:
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   333
            if self.user_attrs.get(key) == 'upassword': # XXx better password detection
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   334
                value = value[0].encode('utf-8')
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   335
                # we only support ldap_salted_sha1 for ldap sources, see: server/utils.py
10768
99689a5862ea [py3k] make ldapfeed tests pass
Julien Cristau <julien.cristau@logilab.fr>
parents: 10766
diff changeset
   336
                if not value.startswith(b'{SSHA}'):
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   337
                    value = utils.crypt_password(value)
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   338
                itemdict[key] = Binary(value)
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   339
            elif self.user_attrs.get(key) == 'modification_date':
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   340
                itemdict[key] = datetime.strptime(value[0], '%Y%m%d%H%M%SZ')
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   341
            else:
10844
f3007bbd77e9 [server/ldap] deal with unicode or str coming out of ldap
Julien Cristau <julien.cristau@logilab.fr>
parents: 10768
diff changeset
   342
                if PY2 and value and isinstance(value[0], str):
10768
99689a5862ea [py3k] make ldapfeed tests pass
Julien Cristau <julien.cristau@logilab.fr>
parents: 10766
diff changeset
   343
                    value = [unicode(val, 'utf-8', 'replace') for val in value]
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   344
                if len(value) == 1:
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   345
                    itemdict[key] = value = value[0]
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   346
                else:
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   347
                    itemdict[key] = value
8922
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   348
        # we expect memberUid to be a list of user ids, make sure of it
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   349
        member = self.group_rev_attrs['member']
10612
84468b90e9c1 [py3k] basestring → six.string_types
Rémi Cardona <remi.cardona@logilab.fr>
parents: 10011
diff changeset
   350
        if isinstance(itemdict.get(member), string_types):
8922
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   351
            itemdict[member] = [itemdict[member]]
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8708
diff changeset
   352
        return itemdict
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   353
9512
88dc96fc9fc1 [server] use a connection instead of a session for user authentication
Julien Cristau <julien.cristau@logilab.fr>
parents: 9468
diff changeset
   354
    def _process_no_such_object(self, cnx, dn):
9461
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   355
        """Some search return NO_SUCH_OBJECT error, handle this (usually because
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   356
        an object whose dn is no more existent in ldap as been encountered).
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   357
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   358
        Do nothing by default, let sub-classes handle that.
fc3b8798737c [ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8989
diff changeset
   359
        """