author | Aurelien Campeas <aurelien.campeas@logilab.fr> |
Wed, 17 Sep 2014 10:31:50 +0200 | |
branch | stable |
changeset 9938 | 341b63331e4b |
parent 8989 | 8742f4bf029f |
child 9461 | fc3b8798737c |
permissions | -rw-r--r-- |
8674
001c1592060a
[repo sources] move handling of source's url into abstract source as this becomes shared by most sources
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8589
diff
changeset
|
1 |
# copyright 2003-2013 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
2 |
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
3 |
# |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
4 |
# This file is part of CubicWeb. |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
5 |
# |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
6 |
# CubicWeb is free software: you can redistribute it and/or modify it under the |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
7 |
# terms of the GNU Lesser General Public License as published by the Free |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
8 |
# Software Foundation, either version 2.1 of the License, or (at your option) |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
9 |
# any later version. |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
10 |
# |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
11 |
# CubicWeb is distributed in the hope that it will be useful, but WITHOUT |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
12 |
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
13 |
# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
14 |
# details. |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
15 |
# |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
16 |
# You should have received a copy of the GNU Lesser General Public License along |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
17 |
# with CubicWeb. If not, see <http://www.gnu.org/licenses/>. |
8589
ee9ecfccc3e8
[ldapfeed] move docstring to the class instead of the module
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8430
diff
changeset
|
18 |
"""cubicweb ldap feed source""" |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
19 |
|
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
20 |
import ldap |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
21 |
from ldap.filter import filter_format |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
22 |
|
8989
8742f4bf029f
import merge_options directly from logilab.common
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
8922
diff
changeset
|
23 |
from logilab.common.configuration import merge_options |
8742f4bf029f
import merge_options directly from logilab.common
Nicolas Chauvat <nicolas.chauvat@logilab.fr>
parents:
8922
diff
changeset
|
24 |
|
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
25 |
from cubicweb.server.sources import datafeed |
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
26 |
from cubicweb.server import ldaputils, utils |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
27 |
from cubicweb import Binary |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
28 |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
29 |
_ = unicode |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
30 |
|
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
31 |
# search scopes |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
32 |
ldapscope = {'BASE': ldap.SCOPE_BASE, |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
33 |
'ONELEVEL': ldap.SCOPE_ONELEVEL, |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
34 |
'SUBTREE': ldap.SCOPE_SUBTREE} |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
35 |
|
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
36 |
class LDAPFeedSource(ldaputils.LDAPSourceMixIn, |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
37 |
datafeed.DataFeedSource): |
8589
ee9ecfccc3e8
[ldapfeed] move docstring to the class instead of the module
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8430
diff
changeset
|
38 |
"""LDAP feed source: unlike ldapuser source, this source is copy based and |
ee9ecfccc3e8
[ldapfeed] move docstring to the class instead of the module
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8430
diff
changeset
|
39 |
will import ldap content (beside passwords for authentication) into the |
ee9ecfccc3e8
[ldapfeed] move docstring to the class instead of the module
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8430
diff
changeset
|
40 |
system source. |
ee9ecfccc3e8
[ldapfeed] move docstring to the class instead of the module
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8430
diff
changeset
|
41 |
""" |
8229
b7bc631816f7
[ldapfeed] make authentication actually working
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8188
diff
changeset
|
42 |
support_entities = {'CWUser': False} |
8428
f1b721ca73cc
[sources/ldapfeed] do not user cwuri as url (closes #2380324)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8229
diff
changeset
|
43 |
use_cwuri_as_url = False |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
44 |
|
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
45 |
options_group = ( |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
46 |
('group-base-dn', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
47 |
{'type' : 'string', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
48 |
'default': '', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
49 |
'help': 'base DN to lookup for groups; disable group importation mechanism if unset', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
50 |
'group': 'ldap-source', 'level': 1, |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
51 |
}), |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
52 |
('group-scope', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
53 |
{'type' : 'choice', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
54 |
'default': 'ONELEVEL', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
55 |
'choices': ('BASE', 'ONELEVEL', 'SUBTREE'), |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
56 |
'help': 'group search scope (valid values: "BASE", "ONELEVEL", "SUBTREE")', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
57 |
'group': 'ldap-source', 'level': 1, |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
58 |
}), |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
59 |
('group-classes', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
60 |
{'type' : 'csv', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
61 |
'default': ('top', 'posixGroup'), |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
62 |
'help': 'classes of group', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
63 |
'group': 'ldap-source', 'level': 1, |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
64 |
}), |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
65 |
('group-filter', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
66 |
{'type': 'string', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
67 |
'default': '', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
68 |
'help': 'additional filters to be set in the ldap query to find valid groups', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
69 |
'group': 'ldap-source', 'level': 2, |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
70 |
}), |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
71 |
('group-attrs-map', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
72 |
{'type' : 'named', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
73 |
'default': {'cn': 'name', 'memberUid': 'member'}, |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
74 |
'help': 'map from ldap group attributes to cubicweb attributes', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
75 |
'group': 'ldap-source', 'level': 1, |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
76 |
}), |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
77 |
) |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
78 |
|
8708
78a99960286a
[ldapfeed] all options of a source should be in the same group, else you get AssertionError on c-c add-source. Closes #2538398
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8674
diff
changeset
|
79 |
options = merge_options(datafeed.DataFeedSource.options |
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
80 |
+ ldaputils.LDAPSourceMixIn.options |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
81 |
+ options_group, |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
82 |
optgroup='ldap-source',) |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
83 |
|
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
84 |
def update_config(self, source_entity, typedconfig): |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
85 |
"""update configuration from source entity. `typedconfig` is config |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
86 |
properly typed with defaults set |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
87 |
""" |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
88 |
super(LDAPFeedSource, self).update_config(source_entity, typedconfig) |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
89 |
self.group_base_dn = str(typedconfig['group-base-dn']) |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
90 |
self.group_base_scope = ldapscope[typedconfig['group-scope']] |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
91 |
self.group_attrs = typedconfig['group-attrs-map'] |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
92 |
self.group_attrs = {'dn': 'eid', 'modifyTimestamp': 'modification_date'} |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
93 |
self.group_attrs.update(typedconfig['group-attrs-map']) |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
94 |
self.group_rev_attrs = dict((v, k) for k, v in self.group_attrs.iteritems()) |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
95 |
self.group_base_filters = [filter_format('(%s=%s)', ('objectClass', o)) |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
96 |
for o in typedconfig['group-classes']] |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
97 |
if typedconfig['group-filter']: |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
98 |
self.group_base_filters.append(typedconfig['group-filter']) |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
99 |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
100 |
def _process_ldap_item(self, dn, iterator): |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
101 |
itemdict = super(LDAPFeedSource, self)._process_ldap_item(dn, iterator) |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
102 |
# we expect memberUid to be a list of user ids, make sure of it |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
103 |
member = self.group_rev_attrs['member'] |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
104 |
if isinstance(itemdict.get(member), basestring): |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
105 |
itemdict[member] = [itemdict[member]] |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8708
diff
changeset
|
106 |
return itemdict |