cubicweb: server/sources/ldapfeed.py@4e0d8f06efbc (annotated)

8674 001c1592060a [repo sources] move handling of source's url into abstract source as this becomes shared by most sources Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 8589 diff changeset	1	# copyright 2003-2013 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
8188 1867e252e487 [repository] ldap-feed source. Closes #2086984 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	2	# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr
1867e252e487 [repository] ldap-feed source. Closes #2086984 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	3	#
1867e252e487 [repository] ldap-feed source. Closes #2086984 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	4	# This file is part of CubicWeb.
1867e252e487 [repository] ldap-feed source. Closes #2086984 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	5	#
1867e252e487 [repository] ldap-feed source. Closes #2086984 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	6	# CubicWeb is free software: you can redistribute it and/or modify it under the
1867e252e487 [repository] ldap-feed source. Closes #2086984 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	7	# terms of the GNU Lesser General Public License as published by the Free
1867e252e487 [repository] ldap-feed source. Closes #2086984 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	8	# Software Foundation, either version 2.1 of the License, or (at your option)
1867e252e487 [repository] ldap-feed source. Closes #2086984 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	9	# any later version.
1867e252e487 [repository] ldap-feed source. Closes #2086984 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	10	#
1867e252e487 [repository] ldap-feed source. Closes #2086984 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	11	# CubicWeb is distributed in the hope that it will be useful, but WITHOUT
1867e252e487 [repository] ldap-feed source. Closes #2086984 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	12	# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
1867e252e487 [repository] ldap-feed source. Closes #2086984 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	13	# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
1867e252e487 [repository] ldap-feed source. Closes #2086984 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	14	# details.
1867e252e487 [repository] ldap-feed source. Closes #2086984 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	15	#
1867e252e487 [repository] ldap-feed source. Closes #2086984 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	16	# You should have received a copy of the GNU Lesser General Public License along
1867e252e487 [repository] ldap-feed source. Closes #2086984 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	17	# with CubicWeb. If not, see <http://www.gnu.org/licenses/>.
8589 ee9ecfccc3e8 [ldapfeed] move docstring to the class instead of the module Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 8430 diff changeset	18	"""cubicweb ldap feed source"""
8188 1867e252e487 [repository] ldap-feed source. Closes #2086984 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	19
8922 715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	20	import ldap
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	21	from ldap.filter import filter_format
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	22
8989 8742f4bf029f import merge_options directly from logilab.common Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 8922 diff changeset	23	from logilab.common.configuration import merge_options
8742f4bf029f import merge_options directly from logilab.common Nicolas Chauvat <nicolas.chauvat@logilab.fr> parents: 8922 diff changeset	24
8188 1867e252e487 [repository] ldap-feed source. Closes #2086984 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	25	from cubicweb.server.sources import datafeed
8922 715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	26	from cubicweb.server import ldaputils, utils
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	27	from cubicweb import Binary
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	28
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	29	_ = unicode
8188 1867e252e487 [repository] ldap-feed source. Closes #2086984 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	30
8922 715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	31	# search scopes
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	32	ldapscope = {'BASE': ldap.SCOPE_BASE,
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	33	'ONELEVEL': ldap.SCOPE_ONELEVEL,
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	34	'SUBTREE': ldap.SCOPE_SUBTREE}
8188 1867e252e487 [repository] ldap-feed source. Closes #2086984 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	35
1867e252e487 [repository] ldap-feed source. Closes #2086984 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	36	class LDAPFeedSource(ldaputils.LDAPSourceMixIn,
1867e252e487 [repository] ldap-feed source. Closes #2086984 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	37	datafeed.DataFeedSource):
8589 ee9ecfccc3e8 [ldapfeed] move docstring to the class instead of the module Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 8430 diff changeset	38	"""LDAP feed source: unlike ldapuser source, this source is copy based and
ee9ecfccc3e8 [ldapfeed] move docstring to the class instead of the module Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 8430 diff changeset	39	will import ldap content (beside passwords for authentication) into the
ee9ecfccc3e8 [ldapfeed] move docstring to the class instead of the module Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 8430 diff changeset	40	system source.
ee9ecfccc3e8 [ldapfeed] move docstring to the class instead of the module Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 8430 diff changeset	41	"""
8229 b7bc631816f7 [ldapfeed] make authentication actually working Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 8188 diff changeset	42	support_entities = {'CWUser': False}
8428 f1b721ca73cc [sources/ldapfeed] do not user cwuri as url (closes #2380324) Aurelien Campeas <aurelien.campeas@logilab.fr> parents: 8229 diff changeset	43	use_cwuri_as_url = False
8188 1867e252e487 [repository] ldap-feed source. Closes #2086984 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	44
8922 715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	45	options_group = (
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	46	('group-base-dn',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	47	{'type' : 'string',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	48	'default': '',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	49	'help': 'base DN to lookup for groups; disable group importation mechanism if unset',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	50	'group': 'ldap-source', 'level': 1,
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	51	}),
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	52	('group-scope',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	53	{'type' : 'choice',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	54	'default': 'ONELEVEL',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	55	'choices': ('BASE', 'ONELEVEL', 'SUBTREE'),
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	56	'help': 'group search scope (valid values: "BASE", "ONELEVEL", "SUBTREE")',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	57	'group': 'ldap-source', 'level': 1,
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	58	}),
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	59	('group-classes',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	60	{'type' : 'csv',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	61	'default': ('top', 'posixGroup'),
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	62	'help': 'classes of group',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	63	'group': 'ldap-source', 'level': 1,
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	64	}),
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	65	('group-filter',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	66	{'type': 'string',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	67	'default': '',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	68	'help': 'additional filters to be set in the ldap query to find valid groups',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	69	'group': 'ldap-source', 'level': 2,
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	70	}),
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	71	('group-attrs-map',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	72	{'type' : 'named',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	73	'default': {'cn': 'name', 'memberUid': 'member'},
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	74	'help': 'map from ldap group attributes to cubicweb attributes',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	75	'group': 'ldap-source', 'level': 1,
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	76	}),
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	77	)
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	78
8708 78a99960286a [ldapfeed] all options of a source should be in the same group, else you get AssertionError on c-c add-source. Closes #2538398 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: 8674 diff changeset	79	options = merge_options(datafeed.DataFeedSource.options
8922 715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	80	+ ldaputils.LDAPSourceMixIn.options
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	81	+ options_group,
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	82	optgroup='ldap-source',)
8188 1867e252e487 [repository] ldap-feed source. Closes #2086984 Sylvain Thénault <sylvain.thenault@logilab.fr> parents: diff changeset	83
8922 715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	84	def update_config(self, source_entity, typedconfig):
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	85	"""update configuration from source entity. `typedconfig` is config
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	86	properly typed with defaults set
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	87	"""
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	88	super(LDAPFeedSource, self).update_config(source_entity, typedconfig)
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	89	self.group_base_dn = str(typedconfig['group-base-dn'])
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	90	self.group_base_scope = ldapscope[typedconfig['group-scope']]
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	91	self.group_attrs = typedconfig['group-attrs-map']
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	92	self.group_attrs = {'dn': 'eid', 'modifyTimestamp': 'modification_date'}
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	93	self.group_attrs.update(typedconfig['group-attrs-map'])
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	94	self.group_rev_attrs = dict((v, k) for k, v in self.group_attrs.iteritems())
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	95	self.group_base_filters = [filter_format('(%s=%s)', ('objectClass', o))
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	96	for o in typedconfig['group-classes']]
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	97	if typedconfig['group-filter']:
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	98	self.group_base_filters.append(typedconfig['group-filter'])
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	99
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	100	def _process_ldap_item(self, dn, iterator):
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	101	itemdict = super(LDAPFeedSource, self)._process_ldap_item(dn, iterator)
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	102	# we expect memberUid to be a list of user ids, make sure of it
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	103	member = self.group_rev_attrs['member']
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	104	if isinstance(itemdict.get(member), basestring):
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	105	itemdict[member] = [itemdict[member]]
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116) David Douard <david.douard@logilab.fr> parents: 8708 diff changeset	106	return itemdict

author	Aurelien Campeas <aurelien.campeas@logilab.fr>
	Wed, 08 Jan 2014 14:00:31 +0100
changeset 9377	4e0d8f06efbc
parent 8989	8742f4bf029f
child 9461	fc3b8798737c
permissions	-rw-r--r--