author | Sylvain Thénault <sylvain.thenault@logilab.fr> |
Thu, 16 Jun 2016 14:19:20 +0200 | |
changeset 11278 | 19fcce6dc6d1 |
parent 11263 | 9ae85b069325 |
permissions | -rw-r--r-- |
10913
5d7f17054ae6
[ldapfeed] use source's extid2eid, the repo's one will be deprecated in a near future.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
10844
diff
changeset
|
1 |
# copyright 2003-2015 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
2 |
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
3 |
# |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
4 |
# This file is part of CubicWeb. |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
5 |
# |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
6 |
# CubicWeb is free software: you can redistribute it and/or modify it under the |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
7 |
# terms of the GNU Lesser General Public License as published by the Free |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
8 |
# Software Foundation, either version 2.1 of the License, or (at your option) |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
9 |
# any later version. |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
10 |
# |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
11 |
# CubicWeb is distributed in the hope that it will be useful, but WITHOUT |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
12 |
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
13 |
# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
14 |
# details. |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
15 |
# |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
16 |
# You should have received a copy of the GNU Lesser General Public License along |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
17 |
# with CubicWeb. If not, see <http://www.gnu.org/licenses/>. |
8589
ee9ecfccc3e8
[ldapfeed] move docstring to the class instead of the module
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8430
diff
changeset
|
18 |
"""cubicweb ldap feed source""" |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
19 |
|
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
20 |
from __future__ import division # XXX why? |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
21 |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
22 |
from datetime import datetime |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
23 |
|
10768
99689a5862ea
[py3k] make ldapfeed tests pass
Julien Cristau <julien.cristau@logilab.fr>
parents:
10766
diff
changeset
|
24 |
from six import PY2, string_types |
10612
84468b90e9c1
[py3k] basestring → six.string_types
Rémi Cardona <remi.cardona@logilab.fr>
parents:
10011
diff
changeset
|
25 |
|
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
26 |
import ldap3 |
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
27 |
|
8989
8742f4bf029f
import merge_options directly from logilab.common
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
8922
diff
changeset
|
28 |
from logilab.common.configuration import merge_options |
8742f4bf029f
import merge_options directly from logilab.common
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
8922
diff
changeset
|
29 |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
30 |
from cubicweb import ValidationError, AuthenticationError, Binary |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
31 |
from cubicweb.server import utils |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
32 |
from cubicweb.server.sources import datafeed |
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
33 |
|
10666
7f6b5f023884
[py3k] replace '_ = unicode' in global scope (closes #7589459)
Rémi Cardona <remi.cardona@logilab.fr>
parents:
10662
diff
changeset
|
34 |
from cubicweb import _ |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
35 |
|
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
36 |
# search scopes |
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
37 |
BASE = ldap3.SEARCH_SCOPE_BASE_OBJECT |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
38 |
ONELEVEL = ldap3.SEARCH_SCOPE_SINGLE_LEVEL |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
39 |
SUBTREE = ldap3.SEARCH_SCOPE_WHOLE_SUBTREE |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
40 |
LDAP_SCOPES = {'BASE': BASE, |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
41 |
'ONELEVEL': ONELEVEL, |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
42 |
'SUBTREE': SUBTREE} |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
43 |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
44 |
# map ldap protocol to their standard port |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
45 |
PROTO_PORT = {'ldap': 389, |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
46 |
'ldaps': 636, |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
47 |
'ldapi': None, |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
48 |
} |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
49 |
|
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
50 |
|
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
51 |
def replace_filter(s): |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
52 |
s = s.replace('*', '\\2A') |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
53 |
s = s.replace('(', '\\28') |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
54 |
s = s.replace(')', '\\29') |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
55 |
s = s.replace('\\', '\\5c') |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
56 |
s = s.replace('\0', '\\00') |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
57 |
return s |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
58 |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
59 |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
60 |
class LDAPFeedSource(datafeed.DataFeedSource): |
8589
ee9ecfccc3e8
[ldapfeed] move docstring to the class instead of the module
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8430
diff
changeset
|
61 |
"""LDAP feed source: unlike ldapuser source, this source is copy based and |
ee9ecfccc3e8
[ldapfeed] move docstring to the class instead of the module
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8430
diff
changeset
|
62 |
will import ldap content (beside passwords for authentication) into the |
ee9ecfccc3e8
[ldapfeed] move docstring to the class instead of the module
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8430
diff
changeset
|
63 |
system source. |
ee9ecfccc3e8
[ldapfeed] move docstring to the class instead of the module
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8430
diff
changeset
|
64 |
""" |
8229
b7bc631816f7
[ldapfeed] make authentication actually working
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8188
diff
changeset
|
65 |
support_entities = {'CWUser': False} |
8428
f1b721ca73cc
[sources/ldapfeed] do not user cwuri as url (closes #2380324)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8229
diff
changeset
|
66 |
use_cwuri_as_url = False |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
67 |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
68 |
options = ( |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
69 |
('auth-mode', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
70 |
{'type' : 'choice', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
71 |
'default': 'simple', |
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
72 |
'choices': ('simple', 'digest_md5', 'gssapi'), |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
73 |
'help': 'authentication mode used to authenticate user to the ldap.', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
74 |
'group': 'ldap-source', 'level': 3, |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
75 |
}), |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
76 |
('auth-realm', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
77 |
{'type' : 'string', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
78 |
'default': None, |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
79 |
'help': 'realm to use when using gssapi/kerberos authentication.', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
80 |
'group': 'ldap-source', 'level': 3, |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
81 |
}), |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
82 |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
83 |
('data-cnx-dn', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
84 |
{'type' : 'string', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
85 |
'default': '', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
86 |
'help': 'user dn to use to open data connection to the ldap (eg used \ |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
87 |
to respond to rql queries). Leave empty for anonymous bind', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
88 |
'group': 'ldap-source', 'level': 1, |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
89 |
}), |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
90 |
('data-cnx-password', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
91 |
{'type' : 'string', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
92 |
'default': '', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
93 |
'help': 'password to use to open data connection to the ldap (eg used to respond to rql queries). Leave empty for anonymous bind.', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
94 |
'group': 'ldap-source', 'level': 1, |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
95 |
}), |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
96 |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
97 |
('user-base-dn', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
98 |
{'type' : 'string', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
99 |
'default': '', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
100 |
'help': 'base DN to lookup for users; disable user importation mechanism if unset', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
101 |
'group': 'ldap-source', 'level': 1, |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
102 |
}), |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
103 |
('user-scope', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
104 |
{'type' : 'choice', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
105 |
'default': 'ONELEVEL', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
106 |
'choices': ('BASE', 'ONELEVEL', 'SUBTREE'), |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
107 |
'help': 'user search scope (valid values: "BASE", "ONELEVEL", "SUBTREE")', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
108 |
'group': 'ldap-source', 'level': 1, |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
109 |
}), |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
110 |
('user-classes', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
111 |
{'type' : 'csv', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
112 |
'default': ('top', 'posixAccount'), |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
113 |
'help': 'classes of user (with Active Directory, you want to say "user" here)', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
114 |
'group': 'ldap-source', 'level': 1, |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
115 |
}), |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
116 |
('user-filter', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
117 |
{'type': 'string', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
118 |
'default': '', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
119 |
'help': 'additional filters to be set in the ldap query to find valid users', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
120 |
'group': 'ldap-source', 'level': 2, |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
121 |
}), |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
122 |
('user-login-attr', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
123 |
{'type' : 'string', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
124 |
'default': 'uid', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
125 |
'help': 'attribute used as login on authentication (with Active Directory, you want to use "sAMAccountName" here)', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
126 |
'group': 'ldap-source', 'level': 1, |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
127 |
}), |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
128 |
('user-default-group', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
129 |
{'type' : 'csv', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
130 |
'default': ('users',), |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
131 |
'help': 'name of a group in which ldap users will be by default. \ |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
132 |
You can set multiple groups by separating them by a comma.', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
133 |
'group': 'ldap-source', 'level': 1, |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
134 |
}), |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
135 |
('user-attrs-map', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
136 |
{'type' : 'named', |
10011
340d4ef55b6f
[ldapfeed] Reduce default value for user-attrs-map option (closes #3824889)
Paul Tonelli <paul.tonelli@logilab.fr>
parents:
9662
diff
changeset
|
137 |
'default': {'uid': 'login'}, |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
138 |
'help': 'map from ldap user attributes to cubicweb attributes (with Active Directory, you want to use sAMAccountName:login,mail:email,givenName:firstname,sn:surname)', |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
139 |
'group': 'ldap-source', 'level': 1, |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
140 |
}), |
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
141 |
('group-base-dn', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
142 |
{'type' : 'string', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
143 |
'default': '', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
144 |
'help': 'base DN to lookup for groups; disable group importation mechanism if unset', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
145 |
'group': 'ldap-source', 'level': 1, |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
146 |
}), |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
147 |
('group-scope', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
148 |
{'type' : 'choice', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
149 |
'default': 'ONELEVEL', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
150 |
'choices': ('BASE', 'ONELEVEL', 'SUBTREE'), |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
151 |
'help': 'group search scope (valid values: "BASE", "ONELEVEL", "SUBTREE")', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
152 |
'group': 'ldap-source', 'level': 1, |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
153 |
}), |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
154 |
('group-classes', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
155 |
{'type' : 'csv', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
156 |
'default': ('top', 'posixGroup'), |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
157 |
'help': 'classes of group', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
158 |
'group': 'ldap-source', 'level': 1, |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
159 |
}), |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
160 |
('group-filter', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
161 |
{'type': 'string', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
162 |
'default': '', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
163 |
'help': 'additional filters to be set in the ldap query to find valid groups', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
164 |
'group': 'ldap-source', 'level': 2, |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
165 |
}), |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
166 |
('group-attrs-map', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
167 |
{'type' : 'named', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
168 |
'default': {'cn': 'name', 'memberUid': 'member'}, |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
169 |
'help': 'map from ldap group attributes to cubicweb attributes', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
170 |
'group': 'ldap-source', 'level': 1, |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
171 |
}), |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
172 |
) |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
173 |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
174 |
options = merge_options(datafeed.DataFeedSource.options + options, |
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
175 |
optgroup='ldap-source',) |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
176 |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
177 |
_conn = None |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
178 |
|
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
179 |
def update_config(self, source_entity, typedconfig): |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
180 |
"""update configuration from source entity. `typedconfig` is config |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
181 |
properly typed with defaults set |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
182 |
""" |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
183 |
super(LDAPFeedSource, self).update_config(source_entity, typedconfig) |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
184 |
self.authmode = typedconfig['auth-mode'] |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
185 |
self._authenticate = getattr(self, '_auth_%s' % self.authmode) |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
186 |
self.cnx_dn = typedconfig['data-cnx-dn'] |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
187 |
self.cnx_pwd = typedconfig['data-cnx-password'] |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
188 |
self.user_base_dn = str(typedconfig['user-base-dn']) |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
189 |
self.user_base_scope = globals()[typedconfig['user-scope']] |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
190 |
self.user_login_attr = typedconfig['user-login-attr'] |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
191 |
self.user_default_groups = typedconfig['user-default-group'] |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
192 |
self.user_attrs = {'dn': 'eid', 'modifyTimestamp': 'modification_date'} |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
193 |
self.user_attrs.update(typedconfig['user-attrs-map']) |
10662
10942ed172de
[py3k] dict.iteritems → dict.items
Rémi Cardona <remi.cardona@logilab.fr>
parents:
10612
diff
changeset
|
194 |
self.user_rev_attrs = dict((v, k) for k, v in self.user_attrs.items()) |
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
195 |
self.base_filters = ['(objectclass=%s)' % replace_filter(o) |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
196 |
for o in typedconfig['user-classes']] |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
197 |
if typedconfig['user-filter']: |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
198 |
self.base_filters.append(typedconfig['user-filter']) |
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
199 |
self.group_base_dn = str(typedconfig['group-base-dn']) |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
200 |
self.group_base_scope = LDAP_SCOPES[typedconfig['group-scope']] |
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
201 |
self.group_attrs = typedconfig['group-attrs-map'] |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
202 |
self.group_attrs = {'dn': 'eid', 'modifyTimestamp': 'modification_date'} |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
203 |
self.group_attrs.update(typedconfig['group-attrs-map']) |
10662
10942ed172de
[py3k] dict.iteritems → dict.items
Rémi Cardona <remi.cardona@logilab.fr>
parents:
10612
diff
changeset
|
204 |
self.group_rev_attrs = dict((v, k) for k, v in self.group_attrs.items()) |
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
205 |
self.group_base_filters = ['(objectClass=%s)' % replace_filter(o) |
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
206 |
for o in typedconfig['group-classes']] |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
207 |
if typedconfig['group-filter']: |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
208 |
self.group_base_filters.append(typedconfig['group-filter']) |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
209 |
self._conn = None |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
210 |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
211 |
def _entity_update(self, source_entity): |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
212 |
super(LDAPFeedSource, self)._entity_update(source_entity) |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
213 |
if self.urls: |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
214 |
if len(self.urls) > 1: |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
215 |
raise ValidationError(source_entity.eid, {'url': _('can only have one url')}) |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
216 |
try: |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
217 |
protocol, hostport = self.urls[0].split('://') |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
218 |
except ValueError: |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
219 |
raise ValidationError(source_entity.eid, {'url': _('badly formatted url')}) |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
220 |
if protocol not in PROTO_PORT: |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
221 |
raise ValidationError(source_entity.eid, {'url': _('unsupported protocol')}) |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
222 |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
223 |
def connection_info(self): |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
224 |
assert len(self.urls) == 1, self.urls |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
225 |
protocol, hostport = self.urls[0].split('://') |
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
226 |
if protocol != 'ldapi' and ':' in hostport: |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
227 |
host, port = hostport.rsplit(':', 1) |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
228 |
else: |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
229 |
host, port = hostport, PROTO_PORT[protocol] |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
230 |
return protocol, host, port |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
231 |
|
9512
88dc96fc9fc1
[server] use a connection instead of a session for user authentication
Julien Cristau <julien.cristau@logilab.fr>
parents:
9468
diff
changeset
|
232 |
def authenticate(self, cnx, login, password=None, **kwargs): |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
233 |
"""return CWUser eid for the given login/password if this account is |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
234 |
defined in this source, else raise `AuthenticationError` |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
235 |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
236 |
two queries are needed since passwords are stored crypted, so we have |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
237 |
to fetch the salt first |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
238 |
""" |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
239 |
self.info('ldap authenticate %s', login) |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
240 |
if not password: |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
241 |
# On Windows + ADAM this would have succeeded (!!!) |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
242 |
# You get Authenticated as: 'NT AUTHORITY\ANONYMOUS LOGON'. |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
243 |
# we really really don't want that |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
244 |
raise AuthenticationError() |
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
245 |
searchfilter = ['(%s=%s)' % (replace_filter(self.user_login_attr), replace_filter(login))] |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
246 |
searchfilter.extend(self.base_filters) |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
247 |
searchstr = '(&%s)' % ''.join(searchfilter) |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
248 |
# first search the user |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
249 |
try: |
9512
88dc96fc9fc1
[server] use a connection instead of a session for user authentication
Julien Cristau <julien.cristau@logilab.fr>
parents:
9468
diff
changeset
|
250 |
user = self._search(cnx, self.user_base_dn, |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
251 |
self.user_base_scope, searchstr)[0] |
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
252 |
except IndexError: |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
253 |
# no such user |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
254 |
raise AuthenticationError() |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
255 |
# check password by establishing a (unused) connection |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
256 |
try: |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
257 |
self._connect(user, password) |
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
258 |
except ldap3.LDAPException as ex: |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
259 |
# Something went wrong, most likely bad credentials |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
260 |
self.info('while trying to authenticate %s: %s', user, ex) |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
261 |
raise AuthenticationError() |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
262 |
except Exception: |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
263 |
self.error('while trying to authenticate %s', user, exc_info=True) |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
264 |
raise AuthenticationError() |
10913
5d7f17054ae6
[ldapfeed] use source's extid2eid, the repo's one will be deprecated in a near future.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
10844
diff
changeset
|
265 |
eid = self.repo.system_source.extid2eid(cnx, user['dn'].encode('ascii')) |
5d7f17054ae6
[ldapfeed] use source's extid2eid, the repo's one will be deprecated in a near future.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
10844
diff
changeset
|
266 |
if eid is None or eid < 0: |
5d7f17054ae6
[ldapfeed] use source's extid2eid, the repo's one will be deprecated in a near future.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
10844
diff
changeset
|
267 |
# user is not known or has been moved away from this source |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
268 |
raise AuthenticationError() |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
269 |
return eid |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
270 |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
271 |
def _connect(self, user=None, userpwd=None): |
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
272 |
protocol, host, port = self.connection_info() |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
273 |
self.info('connecting %s://%s:%s as %s', protocol, host, port, |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
274 |
user and user['dn'] or 'anonymous') |
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
275 |
server = ldap3.Server(host, port=int(port)) |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
276 |
conn = ldap3.Connection(server, user=user and user['dn'], client_strategy=ldap3.STRATEGY_SYNC_RESTARTABLE, auto_referrals=False) |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
277 |
# Now bind with the credentials given. Let exceptions propagate out. |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
278 |
if user is None: |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
279 |
# XXX always use simple bind for data connection |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
280 |
if not self.cnx_dn: |
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
281 |
conn.bind() |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
282 |
else: |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
283 |
self._authenticate(conn, {'dn': self.cnx_dn}, self.cnx_pwd) |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
284 |
else: |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
285 |
# user specified, we want to check user/password, no need to return |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
286 |
# the connection which will be thrown out |
11263
9ae85b069325
[ldapfeed] ldap3 do not raise an exception in case of failure of cnx.bind()
David Douard <david.douard@logilab.fr>
parents:
10913
diff
changeset
|
287 |
if not self._authenticate(conn, user, userpwd): |
9ae85b069325
[ldapfeed] ldap3 do not raise an exception in case of failure of cnx.bind()
David Douard <david.douard@logilab.fr>
parents:
10913
diff
changeset
|
288 |
raise AuthenticationError() |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
289 |
return conn |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
290 |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
291 |
def _auth_simple(self, conn, user, userpwd): |
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
292 |
conn.authentication = ldap3.AUTH_SIMPLE |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
293 |
conn.user = user['dn'] |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
294 |
conn.password = userpwd |
11263
9ae85b069325
[ldapfeed] ldap3 do not raise an exception in case of failure of cnx.bind()
David Douard <david.douard@logilab.fr>
parents:
10913
diff
changeset
|
295 |
return conn.bind() |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
296 |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
297 |
def _auth_digest_md5(self, conn, user, userpwd): |
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
298 |
conn.authentication = ldap3.AUTH_SASL |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
299 |
conn.sasl_mechanism = 'DIGEST-MD5' |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
300 |
# realm, user, password, authz-id |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
301 |
conn.sasl_credentials = (None, user['dn'], userpwd, None) |
11263
9ae85b069325
[ldapfeed] ldap3 do not raise an exception in case of failure of cnx.bind()
David Douard <david.douard@logilab.fr>
parents:
10913
diff
changeset
|
302 |
return conn.bind() |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
303 |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
304 |
def _auth_gssapi(self, conn, user, userpwd): |
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
305 |
conn.authentication = ldap3.AUTH_SASL |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
306 |
conn.sasl_mechanism = 'GSSAPI' |
11263
9ae85b069325
[ldapfeed] ldap3 do not raise an exception in case of failure of cnx.bind()
David Douard <david.douard@logilab.fr>
parents:
10913
diff
changeset
|
307 |
return conn.bind() |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
308 |
|
9512
88dc96fc9fc1
[server] use a connection instead of a session for user authentication
Julien Cristau <julien.cristau@logilab.fr>
parents:
9468
diff
changeset
|
309 |
def _search(self, cnx, base, scope, |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
310 |
searchstr='(objectClass=*)', attrs=()): |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
311 |
"""make an ldap query""" |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
312 |
self.debug('ldap search %s %s %s %s %s', self.uri, base, scope, |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
313 |
searchstr, list(attrs)) |
9462
375fc1868b11
[ldap] simplify connection handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
9461
diff
changeset
|
314 |
if self._conn is None: |
375fc1868b11
[ldap] simplify connection handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
9461
diff
changeset
|
315 |
self._conn = self._connect() |
9512
88dc96fc9fc1
[server] use a connection instead of a session for user authentication
Julien Cristau <julien.cristau@logilab.fr>
parents:
9468
diff
changeset
|
316 |
ldapcnx = self._conn |
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
317 |
if not ldapcnx.search(base, searchstr, search_scope=scope, attributes=attrs): |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
318 |
return [] |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
319 |
result = [] |
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
320 |
for rec in ldapcnx.response: |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
321 |
if rec['type'] != 'searchResEntry': |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
322 |
continue |
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
323 |
items = rec['attributes'].items() |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
324 |
itemdict = self._process_ldap_item(rec['dn'], items) |
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
325 |
result.append(itemdict) |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
326 |
self.debug('ldap built results %s', len(result)) |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
327 |
return result |
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
328 |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
329 |
def _process_ldap_item(self, dn, iterator): |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
330 |
"""Turn an ldap received item into a proper dict.""" |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
331 |
itemdict = {'dn': dn} |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
332 |
for key, value in iterator: |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
333 |
if self.user_attrs.get(key) == 'upassword': # XXx better password detection |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
334 |
value = value[0].encode('utf-8') |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
335 |
# we only support ldap_salted_sha1 for ldap sources, see: server/utils.py |
10768
99689a5862ea
[py3k] make ldapfeed tests pass
Julien Cristau <julien.cristau@logilab.fr>
parents:
10766
diff
changeset
|
336 |
if not value.startswith(b'{SSHA}'): |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
337 |
value = utils.crypt_password(value) |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
338 |
itemdict[key] = Binary(value) |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
339 |
elif self.user_attrs.get(key) == 'modification_date': |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
340 |
itemdict[key] = datetime.strptime(value[0], '%Y%m%d%H%M%SZ') |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
341 |
else: |
10844
f3007bbd77e9
[server/ldap] deal with unicode or str coming out of ldap
Julien Cristau <julien.cristau@logilab.fr>
parents:
10768
diff
changeset
|
342 |
if PY2 and value and isinstance(value[0], str): |
10768
99689a5862ea
[py3k] make ldapfeed tests pass
Julien Cristau <julien.cristau@logilab.fr>
parents:
10766
diff
changeset
|
343 |
value = [unicode(val, 'utf-8', 'replace') for val in value] |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
344 |
if len(value) == 1: |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
345 |
itemdict[key] = value = value[0] |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
346 |
else: |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
347 |
itemdict[key] = value |
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
348 |
# we expect memberUid to be a list of user ids, make sure of it |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
349 |
member = self.group_rev_attrs['member'] |
10612
84468b90e9c1
[py3k] basestring → six.string_types
Rémi Cardona <remi.cardona@logilab.fr>
parents:
10011
diff
changeset
|
350 |
if isinstance(itemdict.get(member), string_types): |
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
351 |
itemdict[member] = [itemdict[member]] |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
352 |
return itemdict |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
353 |
|
9512
88dc96fc9fc1
[server] use a connection instead of a session for user authentication
Julien Cristau <julien.cristau@logilab.fr>
parents:
9468
diff
changeset
|
354 |
def _process_no_such_object(self, cnx, dn): |
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
355 |
"""Some search return NO_SUCH_OBJECT error, handle this (usually because |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
356 |
an object whose dn is no more existent in ldap as been encountered). |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
357 |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
358 |
Do nothing by default, let sub-classes handle that. |
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
359 |
""" |