| author | Sylvain Thénault <sylvain.thenault@logilab.fr> |
| Fri, 03 Nov 2017 16:31:59 +0100 | |
| changeset 12237 | 2dd0dcb2e5f9 |
| parent 12153 | 0ff0aff4413d |
| child 12567 | 26744ad37953 |
| child 12901 | 1206b6fa1173 |
| permissions | -rw-r--r-- |
|
11755
96ced95e4002
[ldap] Stop using entities table in ldap source authentication and parser
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11279
diff
changeset
|
1 |
# copyright 2003-2016 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
|
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
2 |
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
|
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
3 |
# |
|
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
4 |
# This file is part of CubicWeb. |
|
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
5 |
# |
|
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
6 |
# CubicWeb is free software: you can redistribute it and/or modify it under the |
|
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
7 |
# terms of the GNU Lesser General Public License as published by the Free |
|
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
8 |
# Software Foundation, either version 2.1 of the License, or (at your option) |
|
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
9 |
# any later version. |
|
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
10 |
# |
|
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
11 |
# CubicWeb is distributed in the hope that it will be useful, but WITHOUT |
|
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
12 |
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
|
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
13 |
# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more |
|
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
14 |
# details. |
|
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
15 |
# |
|
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
16 |
# You should have received a copy of the GNU Lesser General Public License along |
|
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
17 |
# with CubicWeb. If not, see <http://www.gnu.org/licenses/>. |
|
8589
ee9ecfccc3e8
[ldapfeed] move docstring to the class instead of the module
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8430
diff
changeset
|
18 |
"""cubicweb ldap feed source""" |
|
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
19 |
|
|
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
20 |
from __future__ import division # XXX why? |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
21 |
|
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
22 |
from datetime import datetime |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
23 |
|
|
10768
99689a5862ea
[py3k] make ldapfeed tests pass
Julien Cristau <julien.cristau@logilab.fr>
parents:
10766
diff
changeset
|
24 |
from six import PY2, string_types |
|
10612
84468b90e9c1
[py3k] basestring → six.string_types
Rémi Cardona <remi.cardona@logilab.fr>
parents:
10011
diff
changeset
|
25 |
|
|
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
26 |
import ldap3 |
|
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
27 |
|
|
8989
8742f4bf029f
import merge_options directly from logilab.common
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
8922
diff
changeset
|
28 |
from logilab.common.configuration import merge_options |
|
8742f4bf029f
import merge_options directly from logilab.common
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
8922
diff
changeset
|
29 |
|
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
30 |
from cubicweb import ValidationError, AuthenticationError, Binary |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
31 |
from cubicweb.server import utils |
|
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
32 |
from cubicweb.server.sources import datafeed |
|
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
33 |
|
|
10666
7f6b5f023884
[py3k] replace '_ = unicode' in global scope (closes #7589459)
Rémi Cardona <remi.cardona@logilab.fr>
parents:
10662
diff
changeset
|
34 |
from cubicweb import _ |
|
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
35 |
|
|
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
36 |
# search scopes |
|
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
37 |
BASE = ldap3.SEARCH_SCOPE_BASE_OBJECT |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
38 |
ONELEVEL = ldap3.SEARCH_SCOPE_SINGLE_LEVEL |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
39 |
SUBTREE = ldap3.SEARCH_SCOPE_WHOLE_SUBTREE |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
40 |
LDAP_SCOPES = {'BASE': BASE, |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
41 |
'ONELEVEL': ONELEVEL, |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
42 |
'SUBTREE': SUBTREE} |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
43 |
|
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
44 |
# map ldap protocol to their standard port |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
45 |
PROTO_PORT = {'ldap': 389, |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
46 |
'ldaps': 636, |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
47 |
'ldapi': None, |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
48 |
} |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
49 |
|
|
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
50 |
|
|
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
51 |
def replace_filter(s): |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
52 |
s = s.replace('*', '\\2A') |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
53 |
s = s.replace('(', '\\28') |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
54 |
s = s.replace(')', '\\29') |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
55 |
s = s.replace('\\', '\\5c') |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
56 |
s = s.replace('\0', '\\00') |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
57 |
return s |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
58 |
|
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
59 |
|
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
60 |
class LDAPFeedSource(datafeed.DataFeedSource): |
|
8589
ee9ecfccc3e8
[ldapfeed] move docstring to the class instead of the module
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8430
diff
changeset
|
61 |
"""LDAP feed source: unlike ldapuser source, this source is copy based and |
|
ee9ecfccc3e8
[ldapfeed] move docstring to the class instead of the module
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8430
diff
changeset
|
62 |
will import ldap content (beside passwords for authentication) into the |
|
ee9ecfccc3e8
[ldapfeed] move docstring to the class instead of the module
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8430
diff
changeset
|
63 |
system source. |
|
ee9ecfccc3e8
[ldapfeed] move docstring to the class instead of the module
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8430
diff
changeset
|
64 |
""" |
|
8229
b7bc631816f7
[ldapfeed] make authentication actually working
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8188
diff
changeset
|
65 |
support_entities = {'CWUser': False} |
|
8428
f1b721ca73cc
[sources/ldapfeed] do not user cwuri as url (closes #2380324)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8229
diff
changeset
|
66 |
use_cwuri_as_url = False |
|
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
67 |
|
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
68 |
options = ( |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
69 |
('auth-mode', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
70 |
{'type' : 'choice', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
71 |
'default': 'simple', |
|
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
72 |
'choices': ('simple', 'digest_md5', 'gssapi'), |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
73 |
'help': 'authentication mode used to authenticate user to the ldap.', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
74 |
'group': 'ldap-source', 'level': 3, |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
75 |
}), |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
76 |
('auth-realm', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
77 |
{'type' : 'string', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
78 |
'default': None, |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
79 |
'help': 'realm to use when using gssapi/kerberos authentication.', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
80 |
'group': 'ldap-source', 'level': 3, |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
81 |
}), |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
82 |
|
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
83 |
('data-cnx-dn', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
84 |
{'type' : 'string', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
85 |
'default': '', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
86 |
'help': 'user dn to use to open data connection to the ldap (eg used \ |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
87 |
to respond to rql queries). Leave empty for anonymous bind', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
88 |
'group': 'ldap-source', 'level': 1, |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
89 |
}), |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
90 |
('data-cnx-password', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
91 |
{'type' : 'string', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
92 |
'default': '', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
93 |
'help': 'password to use to open data connection to the ldap (eg used to respond to rql queries). Leave empty for anonymous bind.', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
94 |
'group': 'ldap-source', 'level': 1, |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
95 |
}), |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
96 |
|
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
97 |
('user-base-dn', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
98 |
{'type' : 'string', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
99 |
'default': '', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
100 |
'help': 'base DN to lookup for users; disable user importation mechanism if unset', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
101 |
'group': 'ldap-source', 'level': 1, |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
102 |
}), |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
103 |
('user-scope', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
104 |
{'type' : 'choice', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
105 |
'default': 'ONELEVEL', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
106 |
'choices': ('BASE', 'ONELEVEL', 'SUBTREE'), |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
107 |
'help': 'user search scope (valid values: "BASE", "ONELEVEL", "SUBTREE")', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
108 |
'group': 'ldap-source', 'level': 1, |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
109 |
}), |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
110 |
('user-classes', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
111 |
{'type' : 'csv', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
112 |
'default': ('top', 'posixAccount'), |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
113 |
'help': 'classes of user (with Active Directory, you want to say "user" here)', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
114 |
'group': 'ldap-source', 'level': 1, |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
115 |
}), |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
116 |
('user-filter', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
117 |
{'type': 'string', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
118 |
'default': '', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
119 |
'help': 'additional filters to be set in the ldap query to find valid users', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
120 |
'group': 'ldap-source', 'level': 2, |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
121 |
}), |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
122 |
('user-login-attr', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
123 |
{'type' : 'string', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
124 |
'default': 'uid', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
125 |
'help': 'attribute used as login on authentication (with Active Directory, you want to use "sAMAccountName" here)', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
126 |
'group': 'ldap-source', 'level': 1, |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
127 |
}), |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
128 |
('user-default-group', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
129 |
{'type' : 'csv', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
130 |
'default': ('users',), |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
131 |
'help': 'name of a group in which ldap users will be by default. \ |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
132 |
You can set multiple groups by separating them by a comma.', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
133 |
'group': 'ldap-source', 'level': 1, |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
134 |
}), |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
135 |
('user-attrs-map', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
136 |
{'type' : 'named', |
|
10011
340d4ef55b6f
[ldapfeed] Reduce default value for user-attrs-map option (closes #3824889)
Paul Tonelli <paul.tonelli@logilab.fr>
parents:
9662
diff
changeset
|
137 |
'default': {'uid': 'login'}, |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
138 |
'help': 'map from ldap user attributes to cubicweb attributes (with Active Directory, you want to use sAMAccountName:login,mail:email,givenName:firstname,sn:surname)', |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
139 |
'group': 'ldap-source', 'level': 1, |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
140 |
}), |
|
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
141 |
('group-base-dn', |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
142 |
{'type' : 'string', |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
143 |
'default': '', |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
144 |
'help': 'base DN to lookup for groups; disable group importation mechanism if unset', |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
145 |
'group': 'ldap-source', 'level': 1, |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
146 |
}), |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
147 |
('group-scope', |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
148 |
{'type' : 'choice', |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
149 |
'default': 'ONELEVEL', |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
150 |
'choices': ('BASE', 'ONELEVEL', 'SUBTREE'), |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
151 |
'help': 'group search scope (valid values: "BASE", "ONELEVEL", "SUBTREE")', |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
152 |
'group': 'ldap-source', 'level': 1, |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
153 |
}), |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
154 |
('group-classes', |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
155 |
{'type' : 'csv', |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
156 |
'default': ('top', 'posixGroup'), |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
157 |
'help': 'classes of group', |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
158 |
'group': 'ldap-source', 'level': 1, |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
159 |
}), |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
160 |
('group-filter', |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
161 |
{'type': 'string', |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
162 |
'default': '', |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
163 |
'help': 'additional filters to be set in the ldap query to find valid groups', |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
164 |
'group': 'ldap-source', 'level': 2, |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
165 |
}), |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
166 |
('group-attrs-map', |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
167 |
{'type' : 'named', |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
168 |
'default': {'cn': 'name', 'memberUid': 'member'}, |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
169 |
'help': 'map from ldap group attributes to cubicweb attributes', |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
170 |
'group': 'ldap-source', 'level': 1, |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
171 |
}), |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
172 |
) |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
173 |
|
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
174 |
options = merge_options(datafeed.DataFeedSource.options + options, |
|
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
175 |
optgroup='ldap-source',) |
|
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
176 |
|
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
177 |
_conn = None |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
178 |
|
|
12153
0ff0aff4413d
[sources] Check source's url attribute value on creation/modification
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
12148
diff
changeset
|
179 |
def check_urls(self, source_entity): |
|
0ff0aff4413d
[sources] Check source's url attribute value on creation/modification
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
12148
diff
changeset
|
180 |
urls = super(LDAPFeedSource, self).check_urls(source_entity) |
|
0ff0aff4413d
[sources] Check source's url attribute value on creation/modification
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
12148
diff
changeset
|
181 |
|
|
0ff0aff4413d
[sources] Check source's url attribute value on creation/modification
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
12148
diff
changeset
|
182 |
if len(urls) > 1: |
|
0ff0aff4413d
[sources] Check source's url attribute value on creation/modification
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
12148
diff
changeset
|
183 |
raise ValidationError(source_entity.eid, {'url': _('can only have one url')}) |
|
0ff0aff4413d
[sources] Check source's url attribute value on creation/modification
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
12148
diff
changeset
|
184 |
|
|
0ff0aff4413d
[sources] Check source's url attribute value on creation/modification
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
12148
diff
changeset
|
185 |
try: |
|
0ff0aff4413d
[sources] Check source's url attribute value on creation/modification
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
12148
diff
changeset
|
186 |
protocol, hostport = urls[0].split('://') |
|
0ff0aff4413d
[sources] Check source's url attribute value on creation/modification
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
12148
diff
changeset
|
187 |
except ValueError: |
|
0ff0aff4413d
[sources] Check source's url attribute value on creation/modification
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
12148
diff
changeset
|
188 |
raise ValidationError(source_entity.eid, {'url': _('badly formatted url')}) |
|
0ff0aff4413d
[sources] Check source's url attribute value on creation/modification
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
12148
diff
changeset
|
189 |
if protocol not in PROTO_PORT: |
|
0ff0aff4413d
[sources] Check source's url attribute value on creation/modification
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
12148
diff
changeset
|
190 |
raise ValidationError(source_entity.eid, {'url': _('unsupported protocol')}) |
|
0ff0aff4413d
[sources] Check source's url attribute value on creation/modification
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
12148
diff
changeset
|
191 |
|
|
0ff0aff4413d
[sources] Check source's url attribute value on creation/modification
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
12148
diff
changeset
|
192 |
return urls |
|
0ff0aff4413d
[sources] Check source's url attribute value on creation/modification
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
12148
diff
changeset
|
193 |
|
|
12148
79160d54662e
[sources] Simplify source's init method
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
12144
diff
changeset
|
194 |
def init(self, source_entity): |
|
79160d54662e
[sources] Simplify source's init method
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
12144
diff
changeset
|
195 |
super(LDAPFeedSource, self).init(source_entity) |
|
12143
a446124bcf3c
[server] Drop update_config method of source
Denis Laxalde <denis.laxalde@logilab.fr>
parents:
11755
diff
changeset
|
196 |
typedconfig = self.config |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
197 |
self.authmode = typedconfig['auth-mode'] |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
198 |
self._authenticate = getattr(self, '_auth_%s' % self.authmode) |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
199 |
self.cnx_dn = typedconfig['data-cnx-dn'] |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
200 |
self.cnx_pwd = typedconfig['data-cnx-password'] |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
201 |
self.user_base_dn = str(typedconfig['user-base-dn']) |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
202 |
self.user_base_scope = globals()[typedconfig['user-scope']] |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
203 |
self.user_login_attr = typedconfig['user-login-attr'] |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
204 |
self.user_default_groups = typedconfig['user-default-group'] |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
205 |
self.user_attrs = {'dn': 'eid', 'modifyTimestamp': 'modification_date'} |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
206 |
self.user_attrs.update(typedconfig['user-attrs-map']) |
|
10662
10942ed172de
[py3k] dict.iteritems → dict.items
Rémi Cardona <remi.cardona@logilab.fr>
parents:
10612
diff
changeset
|
207 |
self.user_rev_attrs = dict((v, k) for k, v in self.user_attrs.items()) |
|
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
208 |
self.base_filters = ['(objectclass=%s)' % replace_filter(o) |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
209 |
for o in typedconfig['user-classes']] |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
210 |
if typedconfig['user-filter']: |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
211 |
self.base_filters.append(typedconfig['user-filter']) |
|
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
212 |
self.group_base_dn = str(typedconfig['group-base-dn']) |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
213 |
self.group_base_scope = LDAP_SCOPES[typedconfig['group-scope']] |
|
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
214 |
self.group_attrs = typedconfig['group-attrs-map'] |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
215 |
self.group_attrs = {'dn': 'eid', 'modifyTimestamp': 'modification_date'} |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
216 |
self.group_attrs.update(typedconfig['group-attrs-map']) |
|
10662
10942ed172de
[py3k] dict.iteritems → dict.items
Rémi Cardona <remi.cardona@logilab.fr>
parents:
10612
diff
changeset
|
217 |
self.group_rev_attrs = dict((v, k) for k, v in self.group_attrs.items()) |
|
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
218 |
self.group_base_filters = ['(objectClass=%s)' % replace_filter(o) |
|
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
219 |
for o in typedconfig['group-classes']] |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
220 |
if typedconfig['group-filter']: |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
221 |
self.group_base_filters.append(typedconfig['group-filter']) |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
222 |
self._conn = None |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
223 |
|
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
224 |
def connection_info(self): |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
225 |
assert len(self.urls) == 1, self.urls |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
226 |
protocol, hostport = self.urls[0].split('://') |
|
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
227 |
if protocol != 'ldapi' and ':' in hostport: |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
228 |
host, port = hostport.rsplit(':', 1) |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
229 |
else: |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
230 |
host, port = hostport, PROTO_PORT[protocol] |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
231 |
return protocol, host, port |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
232 |
|
|
9512
88dc96fc9fc1
[server] use a connection instead of a session for user authentication
Julien Cristau <julien.cristau@logilab.fr>
parents:
9468
diff
changeset
|
233 |
def authenticate(self, cnx, login, password=None, **kwargs): |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
234 |
"""return CWUser eid for the given login/password if this account is |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
235 |
defined in this source, else raise `AuthenticationError` |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
236 |
|
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
237 |
two queries are needed since passwords are stored crypted, so we have |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
238 |
to fetch the salt first |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
239 |
""" |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
240 |
self.info('ldap authenticate %s', login) |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
241 |
if not password: |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
242 |
# On Windows + ADAM this would have succeeded (!!!) |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
243 |
# You get Authenticated as: 'NT AUTHORITY\ANONYMOUS LOGON'. |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
244 |
# we really really don't want that |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
245 |
raise AuthenticationError() |
|
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
246 |
searchfilter = ['(%s=%s)' % (replace_filter(self.user_login_attr), replace_filter(login))] |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
247 |
searchfilter.extend(self.base_filters) |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
248 |
searchstr = '(&%s)' % ''.join(searchfilter) |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
249 |
# first search the user |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
250 |
try: |
|
9512
88dc96fc9fc1
[server] use a connection instead of a session for user authentication
Julien Cristau <julien.cristau@logilab.fr>
parents:
9468
diff
changeset
|
251 |
user = self._search(cnx, self.user_base_dn, |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
252 |
self.user_base_scope, searchstr)[0] |
|
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
253 |
except IndexError: |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
254 |
# no such user |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
255 |
raise AuthenticationError() |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
256 |
# check password by establishing a (unused) connection |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
257 |
try: |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
258 |
self._connect(user, password) |
|
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
259 |
except ldap3.LDAPException as ex: |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
260 |
# Something went wrong, most likely bad credentials |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
261 |
self.info('while trying to authenticate %s: %s', user, ex) |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
262 |
raise AuthenticationError() |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
263 |
except Exception: |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
264 |
self.error('while trying to authenticate %s', user, exc_info=True) |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
265 |
raise AuthenticationError() |
|
11755
96ced95e4002
[ldap] Stop using entities table in ldap source authentication and parser
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11279
diff
changeset
|
266 |
rset = cnx.execute('Any X,SN WHERE X cwuri %(extid)s, X is CWUser, ' |
|
96ced95e4002
[ldap] Stop using entities table in ldap source authentication and parser
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11279
diff
changeset
|
267 |
'X cw_source S, S name SN', {'extid': user['dn']}) |
|
96ced95e4002
[ldap] Stop using entities table in ldap source authentication and parser
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11279
diff
changeset
|
268 |
if not rset or rset[0][1] != self.uri: |
|
10913
5d7f17054ae6
[ldapfeed] use source's extid2eid, the repo's one will be deprecated in a near future.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
10844
diff
changeset
|
269 |
# user is not known or has been moved away from this source |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
270 |
raise AuthenticationError() |
|
11755
96ced95e4002
[ldap] Stop using entities table in ldap source authentication and parser
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
11279
diff
changeset
|
271 |
return rset[0][0] |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
272 |
|
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
273 |
def _connect(self, user=None, userpwd=None): |
|
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
274 |
protocol, host, port = self.connection_info() |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
275 |
self.info('connecting %s://%s:%s as %s', protocol, host, port, |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
276 |
user and user['dn'] or 'anonymous') |
|
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
277 |
server = ldap3.Server(host, port=int(port)) |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
278 |
conn = ldap3.Connection(server, user=user and user['dn'], client_strategy=ldap3.STRATEGY_SYNC_RESTARTABLE, auto_referrals=False) |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
279 |
# Now bind with the credentials given. Let exceptions propagate out. |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
280 |
if user is None: |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
281 |
# XXX always use simple bind for data connection |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
282 |
if not self.cnx_dn: |
|
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
283 |
conn.bind() |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
284 |
else: |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
285 |
self._authenticate(conn, {'dn': self.cnx_dn}, self.cnx_pwd) |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
286 |
else: |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
287 |
# user specified, we want to check user/password, no need to return |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
288 |
# the connection which will be thrown out |
|
11263
9ae85b069325
[ldapfeed] ldap3 do not raise an exception in case of failure of cnx.bind()
David Douard <david.douard@logilab.fr>
parents:
10913
diff
changeset
|
289 |
if not self._authenticate(conn, user, userpwd): |
|
9ae85b069325
[ldapfeed] ldap3 do not raise an exception in case of failure of cnx.bind()
David Douard <david.douard@logilab.fr>
parents:
10913
diff
changeset
|
290 |
raise AuthenticationError() |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
291 |
return conn |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
292 |
|
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
293 |
def _auth_simple(self, conn, user, userpwd): |
|
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
294 |
conn.authentication = ldap3.AUTH_SIMPLE |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
295 |
conn.user = user['dn'] |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
296 |
conn.password = userpwd |
|
11263
9ae85b069325
[ldapfeed] ldap3 do not raise an exception in case of failure of cnx.bind()
David Douard <david.douard@logilab.fr>
parents:
10913
diff
changeset
|
297 |
return conn.bind() |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
298 |
|
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
299 |
def _auth_digest_md5(self, conn, user, userpwd): |
|
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
300 |
conn.authentication = ldap3.AUTH_SASL |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
301 |
conn.sasl_mechanism = 'DIGEST-MD5' |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
302 |
# realm, user, password, authz-id |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
303 |
conn.sasl_credentials = (None, user['dn'], userpwd, None) |
|
11263
9ae85b069325
[ldapfeed] ldap3 do not raise an exception in case of failure of cnx.bind()
David Douard <david.douard@logilab.fr>
parents:
10913
diff
changeset
|
304 |
return conn.bind() |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
305 |
|
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
306 |
def _auth_gssapi(self, conn, user, userpwd): |
|
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
307 |
conn.authentication = ldap3.AUTH_SASL |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
308 |
conn.sasl_mechanism = 'GSSAPI' |
|
11263
9ae85b069325
[ldapfeed] ldap3 do not raise an exception in case of failure of cnx.bind()
David Douard <david.douard@logilab.fr>
parents:
10913
diff
changeset
|
309 |
return conn.bind() |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
310 |
|
|
9512
88dc96fc9fc1
[server] use a connection instead of a session for user authentication
Julien Cristau <julien.cristau@logilab.fr>
parents:
9468
diff
changeset
|
311 |
def _search(self, cnx, base, scope, |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
312 |
searchstr='(objectClass=*)', attrs=()): |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
313 |
"""make an ldap query""" |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
314 |
self.debug('ldap search %s %s %s %s %s', self.uri, base, scope, |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
315 |
searchstr, list(attrs)) |
|
9462
375fc1868b11
[ldap] simplify connection handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
9461
diff
changeset
|
316 |
if self._conn is None: |
|
375fc1868b11
[ldap] simplify connection handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
9461
diff
changeset
|
317 |
self._conn = self._connect() |
|
9512
88dc96fc9fc1
[server] use a connection instead of a session for user authentication
Julien Cristau <julien.cristau@logilab.fr>
parents:
9468
diff
changeset
|
318 |
ldapcnx = self._conn |
|
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
319 |
if not ldapcnx.search(base, searchstr, search_scope=scope, attributes=attrs): |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
320 |
return [] |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
321 |
result = [] |
|
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
322 |
for rec in ldapcnx.response: |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
323 |
if rec['type'] != 'searchResEntry': |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
324 |
continue |
|
10766
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
325 |
items = rec['attributes'].items() |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
326 |
itemdict = self._process_ldap_item(rec['dn'], items) |
|
d730f91251af
[ldapfeed] port to ldap3
Julien Cristau <julien.cristau@logilab.fr>
parents:
10666
diff
changeset
|
327 |
result.append(itemdict) |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
328 |
self.debug('ldap built results %s', len(result)) |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
329 |
return result |
|
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
330 |
|
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
331 |
def _process_ldap_item(self, dn, iterator): |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
332 |
"""Turn an ldap received item into a proper dict.""" |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
333 |
itemdict = {'dn': dn} |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
334 |
for key, value in iterator: |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
335 |
if self.user_attrs.get(key) == 'upassword': # XXx better password detection |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
336 |
value = value[0].encode('utf-8') |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
337 |
# we only support ldap_salted_sha1 for ldap sources, see: server/utils.py |
|
10768
99689a5862ea
[py3k] make ldapfeed tests pass
Julien Cristau <julien.cristau@logilab.fr>
parents:
10766
diff
changeset
|
338 |
if not value.startswith(b'{SSHA}'): |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
339 |
value = utils.crypt_password(value) |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
340 |
itemdict[key] = Binary(value) |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
341 |
elif self.user_attrs.get(key) == 'modification_date': |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
342 |
itemdict[key] = datetime.strptime(value[0], '%Y%m%d%H%M%SZ') |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
343 |
else: |
|
10844
f3007bbd77e9
[server/ldap] deal with unicode or str coming out of ldap
Julien Cristau <julien.cristau@logilab.fr>
parents:
10768
diff
changeset
|
344 |
if PY2 and value and isinstance(value[0], str): |
|
10768
99689a5862ea
[py3k] make ldapfeed tests pass
Julien Cristau <julien.cristau@logilab.fr>
parents:
10766
diff
changeset
|
345 |
value = [unicode(val, 'utf-8', 'replace') for val in value] |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
346 |
if len(value) == 1: |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
347 |
itemdict[key] = value = value[0] |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
348 |
else: |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
349 |
itemdict[key] = value |
|
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
350 |
# we expect memberUid to be a list of user ids, make sure of it |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
351 |
member = self.group_rev_attrs['member'] |
|
10612
84468b90e9c1
[py3k] basestring → six.string_types
Rémi Cardona <remi.cardona@logilab.fr>
parents:
10011
diff
changeset
|
352 |
if isinstance(itemdict.get(member), string_types): |
|
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
353 |
itemdict[member] = [itemdict[member]] |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
354 |
return itemdict |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
355 |
|
|
9512
88dc96fc9fc1
[server] use a connection instead of a session for user authentication
Julien Cristau <julien.cristau@logilab.fr>
parents:
9468
diff
changeset
|
356 |
def _process_no_such_object(self, cnx, dn): |
|
9461
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
357 |
"""Some search return NO_SUCH_OBJECT error, handle this (usually because |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
358 |
an object whose dn is no more existent in ldap as been encountered). |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
359 |
|
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
360 |
Do nothing by default, let sub-classes handle that. |
|
fc3b8798737c
[ldap] merge cw.server.ldaputils back into ldapfeed source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8989
diff
changeset
|
361 |
""" |