server/sources/ldapuser.py
author Sylvain Thénault <sylvain.thenault@logilab.fr>
Thu, 03 Mar 2011 17:50:13 +0100
branchstable
changeset 7037 6a8235456fe1
parent 7029 bae4d11a104b
child 7040 9b1f9bc74f5d
child 7055 a393ebb880cd
permissions -rw-r--r--
[multi-sources] add missing close method on ConnectionWrapper
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
5421
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
     1
# copyright 2003-2010 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
     2
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
     3
#
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
     4
# This file is part of CubicWeb.
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
     5
#
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
     6
# CubicWeb is free software: you can redistribute it and/or modify it under the
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
     7
# terms of the GNU Lesser General Public License as published by the Free
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
     8
# Software Foundation, either version 2.1 of the License, or (at your option)
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
     9
# any later version.
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
    10
#
5424
8ecbcbff9777 replace logilab-common by CubicWeb in disclaimer
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5421
diff changeset
    11
# CubicWeb is distributed in the hope that it will be useful, but WITHOUT
5421
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
    12
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
    13
# FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
    14
# details.
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
    15
#
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
    16
# You should have received a copy of the GNU Lesser General Public License along
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
    17
# with CubicWeb.  If not, see <http://www.gnu.org/licenses/>.
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    18
"""cubicweb ldap user source
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    19
1398
5fe84a5f7035 rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents: 1263
diff changeset
    20
this source is for now limited to a read-only CWUser source
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    21
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    22
Part of the code is coming form Zope's LDAPUserFolder
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    23
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    24
Copyright (c) 2004 Jens Vagelpohl.
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    25
All Rights Reserved.
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    26
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    27
This software is subject to the provisions of the Zope Public License,
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    28
Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    29
THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    30
WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    31
WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    32
FOR A PARTICULAR PURPOSE.
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    33
"""
5637
b72a838aa109 more robust handling of looping task configuration in ldap source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5604
diff changeset
    34
from __future__ import division
1952
8e19c813750d fix extid handling: ensure encoded string is given, and store them as base64 (see note in native.py).
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 1802
diff changeset
    35
from base64 import b64decode
8e19c813750d fix extid handling: ensure encoded string is given, and store them as base64 (see note in native.py).
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 1802
diff changeset
    36
2633
bc9386c3b2c9 get_csv is being renamed to splitstrip
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 1977
diff changeset
    37
from logilab.common.textutils import splitstrip
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    38
from rql.nodes import Relation, VariableRef, Constant, Function
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    39
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    40
import ldap
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    41
from ldap.ldapobject import ReconnectLDAPObject
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    42
from ldap.filter import filter_format, escape_filter_chars
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    43
from ldapurl import LDAPUrl
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    44
5455
3dc47a52dd19 fix bad reading of options in ldapuser.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5428
diff changeset
    45
from logilab.common.configuration import time_validator
1238
fa29b5b60107 set 30sec query cache on pyro source, important speedup for pages generating multiple time the same external query
sylvain.thenault@logilab.fr
parents: 975
diff changeset
    46
from cubicweb import AuthenticationError, UnknownEid, RepositoryError
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    47
from cubicweb.server.utils import cartesian_product
1238
fa29b5b60107 set 30sec query cache on pyro source, important speedup for pages generating multiple time the same external query
sylvain.thenault@logilab.fr
parents: 975
diff changeset
    48
from cubicweb.server.sources import (AbstractSource, TrFunc, GlobTrFunc,
fa29b5b60107 set 30sec query cache on pyro source, important speedup for pages generating multiple time the same external query
sylvain.thenault@logilab.fr
parents: 975
diff changeset
    49
                                     ConnectionWrapper, TimedCache)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    50
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    51
# search scopes
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    52
BASE = ldap.SCOPE_BASE
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    53
ONELEVEL = ldap.SCOPE_ONELEVEL
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    54
SUBTREE = ldap.SCOPE_SUBTREE
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    55
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    56
# map ldap protocol to their standard port
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    57
PROTO_PORT = {'ldap': 389,
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    58
              'ldaps': 636,
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    59
              'ldapi': None,
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    60
              }
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    61
1263
01152fffd593 backport default branch
sylvain.thenault@logilab.fr
parents: 1016 1238
diff changeset
    62
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    63
class LDAPUserSource(AbstractSource):
1398
5fe84a5f7035 rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents: 1263
diff changeset
    64
    """LDAP read-only CWUser source"""
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
    65
    support_entities = {'CWUser': False}
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    66
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    67
    options = (
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    68
        ('host',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    69
         {'type' : 'string',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    70
          'default': 'ldap',
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    71
          'help': 'ldap host. It may contains port information using \
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    72
<host>:<port> notation.',
5323
329b4f6d18b4 [config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5174
diff changeset
    73
          'group': 'ldap-source', 'level': 1,
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    74
          }),
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    75
        ('protocol',
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    76
         {'type' : 'choice',
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    77
          'default': 'ldap',
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    78
          'choices': ('ldap', 'ldaps', 'ldapi'),
5138
18388a897d2a list allowed values for ldap protocol setting in help, so that the generated file includes this in a comment
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4913
diff changeset
    79
          'help': 'ldap protocol (allowed values: ldap, ldaps, ldapi)',
5323
329b4f6d18b4 [config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5174
diff changeset
    80
          'group': 'ldap-source', 'level': 1,
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    81
          }),
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    82
        ('auth-mode',
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    83
         {'type' : 'choice',
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    84
          'default': 'simple',
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    85
          'choices': ('simple', 'cram_md5', 'digest_md5', 'gssapi'),
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    86
          'help': 'authentication mode used to authenticate user to the ldap.',
5456
d040889fac4e merged back oldstable into stable
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5426 5455
diff changeset
    87
          'group': 'ldap-source', 'level': 3,
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    88
          }),
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    89
        ('auth-realm',
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    90
         {'type' : 'string',
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    91
          'default': None,
4555
8968c50818db typo fix in help string
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4212
diff changeset
    92
          'help': 'realm to use when using gssapi/kerberos authentication.',
5456
d040889fac4e merged back oldstable into stable
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5426 5455
diff changeset
    93
          'group': 'ldap-source', 'level': 3,
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    94
          }),
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    95
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    96
        ('data-cnx-dn',
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    97
         {'type' : 'string',
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    98
          'default': '',
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    99
          'help': 'user dn to use to open data connection to the ldap (eg used \
7029
bae4d11a104b add some tips for users who want to bind to an AD server
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6887
diff changeset
   100
to respond to rql queries). Leave empty for anonymous bind',
5323
329b4f6d18b4 [config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5174
diff changeset
   101
          'group': 'ldap-source', 'level': 1,
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   102
          }),
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   103
        ('data-cnx-password',
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   104
         {'type' : 'string',
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   105
          'default': '',
7029
bae4d11a104b add some tips for users who want to bind to an AD server
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6887
diff changeset
   106
          'help': 'password to use to open data connection to the ldap (eg used to respond to rql queries). Leave empty for anonymous bind.',
5323
329b4f6d18b4 [config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5174
diff changeset
   107
          'group': 'ldap-source', 'level': 1,
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   108
          }),
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   109
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   110
        ('user-base-dn',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   111
         {'type' : 'string',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   112
          'default': 'ou=People,dc=logilab,dc=fr',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   113
          'help': 'base DN to lookup for users',
7029
bae4d11a104b add some tips for users who want to bind to an AD server
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6887
diff changeset
   114
          'group': 'ldap-source', 'level': 1,
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   115
          }),
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   116
        ('user-scope',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   117
         {'type' : 'choice',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   118
          'default': 'ONELEVEL',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   119
          'choices': ('BASE', 'ONELEVEL', 'SUBTREE'),
7029
bae4d11a104b add some tips for users who want to bind to an AD server
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6887
diff changeset
   120
          'help': 'user search scope (valid values: "BASE", "ONELEVEL", "SUBTREE")',
5323
329b4f6d18b4 [config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5174
diff changeset
   121
          'group': 'ldap-source', 'level': 1,
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   122
          }),
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   123
        ('user-classes',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   124
         {'type' : 'csv',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   125
          'default': ('top', 'posixAccount'),
7029
bae4d11a104b add some tips for users who want to bind to an AD server
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6887
diff changeset
   126
          'help': 'classes of user (with Active Directory, you want to say "user" here)',
5323
329b4f6d18b4 [config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5174
diff changeset
   127
          'group': 'ldap-source', 'level': 1,
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   128
          }),
6728
f68bd4c876d1 allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5972
diff changeset
   129
        ('user-filter',
f68bd4c876d1 allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5972
diff changeset
   130
         {'type': 'string',
f68bd4c876d1 allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5972
diff changeset
   131
          'default': '',
f68bd4c876d1 allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5972
diff changeset
   132
          'help': 'additional filters to be set in the ldap query to find valid users',
f68bd4c876d1 allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5972
diff changeset
   133
          'group': 'ldap-source', 'level': 2,
f68bd4c876d1 allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5972
diff changeset
   134
          }),
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   135
        ('user-login-attr',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   136
         {'type' : 'string',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   137
          'default': 'uid',
7029
bae4d11a104b add some tips for users who want to bind to an AD server
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6887
diff changeset
   138
          'help': 'attribute used as login on authentication (with Active Directory, you want to use "sAMAccountName" here)',
5323
329b4f6d18b4 [config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5174
diff changeset
   139
          'group': 'ldap-source', 'level': 1,
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   140
          }),
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   141
        ('user-default-group',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   142
         {'type' : 'csv',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   143
          'default': ('users',),
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   144
          'help': 'name of a group in which ldap users will be by default. \
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   145
You can set multiple groups by separating them by a comma.',
5323
329b4f6d18b4 [config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5174
diff changeset
   146
          'group': 'ldap-source', 'level': 1,
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   147
          }),
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   148
        ('user-attrs-map',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   149
         {'type' : 'named',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   150
          'default': {'uid': 'login', 'gecos': 'email'},
7029
bae4d11a104b add some tips for users who want to bind to an AD server
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6887
diff changeset
   151
          'help': 'map from ldap user attributes to cubicweb attributes (with Active Directory, you want to use sAMAccountName:login,mail:email,givenName:firstname,sn:surname)',
5323
329b4f6d18b4 [config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5174
diff changeset
   152
          'group': 'ldap-source', 'level': 1,
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   153
          }),
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   154
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   155
        ('synchronization-interval',
5326
0d9054eb3bd1 [config] properly use time type for options representing a time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5153
diff changeset
   156
         {'type' : 'time',
0d9054eb3bd1 [config] properly use time type for options representing a time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5153
diff changeset
   157
          'default': '1d',
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   158
          'help': 'interval between synchronization with the ldap \
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   159
directory (default to once a day).',
5456
d040889fac4e merged back oldstable into stable
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5426 5455
diff changeset
   160
          'group': 'ldap-source', 'level': 3,
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   161
          }),
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   162
        ('cache-life-time',
5326
0d9054eb3bd1 [config] properly use time type for options representing a time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5153
diff changeset
   163
         {'type' : 'time',
0d9054eb3bd1 [config] properly use time type for options representing a time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5153
diff changeset
   164
          'default': '2h',
5637
b72a838aa109 more robust handling of looping task configuration in ldap source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5604
diff changeset
   165
          'help': 'life time of query cache (default to two hours).',
5456
d040889fac4e merged back oldstable into stable
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5426 5455
diff changeset
   166
          'group': 'ldap-source', 'level': 3,
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   167
          }),
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   168
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   169
    )
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   170
6427
c8a5ac2d1eaa [schema / sources] store data sources as cubicweb entities
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6142
diff changeset
   171
    def __init__(self, repo, source_config, *args, **kwargs):
c8a5ac2d1eaa [schema / sources] store data sources as cubicweb entities
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6142
diff changeset
   172
        AbstractSource.__init__(self, repo, source_config, *args, **kwargs)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   173
        self.host = source_config['host']
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   174
        self.protocol = source_config.get('protocol', 'ldap')
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   175
        self.authmode = source_config.get('auth-mode', 'simple')
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   176
        self._authenticate = getattr(self, '_auth_%s' % self.authmode)
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   177
        self.cnx_dn = source_config.get('data-cnx-dn') or ''
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   178
        self.cnx_pwd = source_config.get('data-cnx-password') or ''
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   179
        self.user_base_scope = globals()[source_config['user-scope']]
6887
72d7feeb071e [tests] make ldap source test run its own local (Open)LDAP server
David Douard <david.douard@logilab.fr>
parents: 6886
diff changeset
   180
        self.user_base_dn = str(source_config['user-base-dn'])
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   181
        self.user_base_scope = globals()[source_config['user-scope']]
2633
bc9386c3b2c9 get_csv is being renamed to splitstrip
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 1977
diff changeset
   182
        self.user_classes = splitstrip(source_config['user-classes'])
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   183
        self.user_login_attr = source_config['user-login-attr']
2633
bc9386c3b2c9 get_csv is being renamed to splitstrip
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 1977
diff changeset
   184
        self.user_default_groups = splitstrip(source_config['user-default-group'])
bc9386c3b2c9 get_csv is being renamed to splitstrip
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 1977
diff changeset
   185
        self.user_attrs = dict(v.split(':', 1) for v in splitstrip(source_config['user-attrs-map']))
6733
627a93027605 [ldap] fix user-filter handling
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6728
diff changeset
   186
        self.user_filter = source_config.get('user-filter')
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   187
        self.user_rev_attrs = {'eid': 'dn'}
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   188
        for ldapattr, cwattr in self.user_attrs.items():
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   189
            self.user_rev_attrs[cwattr] = ldapattr
6728
f68bd4c876d1 allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5972
diff changeset
   190
        self.base_filters = self._make_base_filters()
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   191
        self._conn = None
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   192
        self._cache = {}
5637
b72a838aa109 more robust handling of looping task configuration in ldap source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5604
diff changeset
   193
        # ttlm is in minutes!
5642
6a90357b9769 TimedCache now only accepts values expressed in seconds
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5637
diff changeset
   194
        self._cache_ttl = time_validator(None, None,
6a90357b9769 TimedCache now only accepts values expressed in seconds
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5637
diff changeset
   195
                              source_config.get('cache-life-time', 2*60*60))
6a90357b9769 TimedCache now only accepts values expressed in seconds
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5637
diff changeset
   196
        self._cache_ttl = max(71, self._cache_ttl)
5646
c9550c1239f0 various brown paper bag fixes
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5642
diff changeset
   197
        self._query_cache = TimedCache(self._cache_ttl)
5637
b72a838aa109 more robust handling of looping task configuration in ldap source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5604
diff changeset
   198
        # interval is in seconds !
5455
3dc47a52dd19 fix bad reading of options in ldapuser.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5428
diff changeset
   199
        self._interval = time_validator(None, None,
5642
6a90357b9769 TimedCache now only accepts values expressed in seconds
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5637
diff changeset
   200
                                    source_config.get('synchronization-interval',
6a90357b9769 TimedCache now only accepts values expressed in seconds
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5637
diff changeset
   201
                                                      24*60*60))
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   202
6728
f68bd4c876d1 allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5972
diff changeset
   203
    def _make_base_filters(self):
6733
627a93027605 [ldap] fix user-filter handling
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6728
diff changeset
   204
        filters =  [filter_format('(%s=%s)', ('objectClass', o))
627a93027605 [ldap] fix user-filter handling
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6728
diff changeset
   205
                              for o in self.user_classes] 
627a93027605 [ldap] fix user-filter handling
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6728
diff changeset
   206
        if self.user_filter:
627a93027605 [ldap] fix user-filter handling
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6728
diff changeset
   207
            filters += [self.user_filter]
627a93027605 [ldap] fix user-filter handling
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6728
diff changeset
   208
        return filters
6728
f68bd4c876d1 allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5972
diff changeset
   209
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   210
    def reset_caches(self):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   211
        """method called during test to reset potential source caches"""
2763
39b42e158249 [ms] proper reset cache on external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2707
diff changeset
   212
        self._cache = {}
5642
6a90357b9769 TimedCache now only accepts values expressed in seconds
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5637
diff changeset
   213
        self._query_cache = TimedCache(self._cache_ttl)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   214
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   215
    def init(self):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   216
        """method called by the repository once ready to handle request"""
5603
d8d9f4ec252d ldap source logging
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5456
diff changeset
   217
        self.info('ldap init')
5637
b72a838aa109 more robust handling of looping task configuration in ldap source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5604
diff changeset
   218
        # set minimum period of 5min 1s (the additional second is to minimize
b72a838aa109 more robust handling of looping task configuration in ldap source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5604
diff changeset
   219
        # resonnance effet)
b72a838aa109 more robust handling of looping task configuration in ldap source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5604
diff changeset
   220
        self.repo.looping_task(max(301, self._interval), self.synchronize)
5646
c9550c1239f0 various brown paper bag fixes
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5642
diff changeset
   221
        self.repo.looping_task(self._cache_ttl // 10,
1954
9b20f3504af8 cleanup
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 1952
diff changeset
   222
                               self._query_cache.clear_expired)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   223
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   224
    def synchronize(self):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   225
        """synchronize content known by this repository with content in the
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   226
        external repository
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   227
        """
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   228
        self.info('synchronizing ldap source %s', self.uri)
938
a69188963ccb check ldap source has email configured before synchronization
sylvain.thenault@logilab.fr
parents: 257
diff changeset
   229
        try:
a69188963ccb check ldap source has email configured before synchronization
sylvain.thenault@logilab.fr
parents: 257
diff changeset
   230
            ldap_emailattr = self.user_rev_attrs['email']
a69188963ccb check ldap source has email configured before synchronization
sylvain.thenault@logilab.fr
parents: 257
diff changeset
   231
        except KeyError:
a69188963ccb check ldap source has email configured before synchronization
sylvain.thenault@logilab.fr
parents: 257
diff changeset
   232
            return # no email in ldap, we're done
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   233
        session = self.repo.internal_session()
5153
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   234
        execute = session.execute
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   235
        try:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   236
            cursor = session.system_sql("SELECT eid, extid FROM entities WHERE "
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   237
                                        "source='%s'" % self.uri)
1952
8e19c813750d fix extid handling: ensure encoded string is given, and store them as base64 (see note in native.py).
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 1802
diff changeset
   238
            for eid, b64extid in cursor.fetchall():
8e19c813750d fix extid handling: ensure encoded string is given, and store them as base64 (see note in native.py).
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 1802
diff changeset
   239
                extid = b64decode(b64extid)
5603
d8d9f4ec252d ldap source logging
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5456
diff changeset
   240
                self.debug('ldap eid %s', eid)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   241
                # if no result found, _search automatically delete entity information
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   242
                res = self._search(session, extid, BASE)
5603
d8d9f4ec252d ldap source logging
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5456
diff changeset
   243
                self.debug('ldap search %s', res)
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   244
                if res:
938
a69188963ccb check ldap source has email configured before synchronization
sylvain.thenault@logilab.fr
parents: 257
diff changeset
   245
                    ldapemailaddr = res[0].get(ldap_emailattr)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   246
                    if ldapemailaddr:
5972
220856aff85e [ldap] take care, email address may be a list. In such case, only consider the first one (XXX). Also, fix call to reset_caches.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5856
diff changeset
   247
                        if isinstance(ldapemailaddr, list):
220856aff85e [ldap] take care, email address may be a list. In such case, only consider the first one (XXX). Also, fix call to reset_caches.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5856
diff changeset
   248
                            ldapemailaddr = ldapemailaddr[0] # XXX consider only the first email in the list
5153
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   249
                        rset = execute('Any X,A WHERE '
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   250
                                       'X address A, U use_email X, U eid %(u)s',
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   251
                                       {'u': eid})
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   252
                        ldapemailaddr = unicode(ldapemailaddr)
5153
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   253
                        for emaileid, emailaddr, in rset:
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   254
                            if emailaddr == ldapemailaddr:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   255
                                break
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   256
                        else:
5800
2bc88fb424bc reduced logging verbosity in ldapuser source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5789
diff changeset
   257
                            self.debug('updating email address of user %s to %s',
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   258
                                      extid, ldapemailaddr)
5153
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   259
                            emailrset = execute('EmailAddress A WHERE A address %(addr)s',
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   260
                                                {'addr': ldapemailaddr})
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   261
                            if emailrset:
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   262
                                execute('SET U use_email X WHERE '
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   263
                                        'X eid %(x)s, U eid %(u)s',
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   264
                                        {'x': emailrset[0][0], 'u': eid})
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   265
                            elif rset:
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   266
                                if not execute('SET X address %(addr)s WHERE '
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   267
                                               'U primary_email X, U eid %(u)s',
5174
78438ad513ca #759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5153
diff changeset
   268
                                               {'addr': ldapemailaddr, 'u': eid}):
5153
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   269
                                    execute('SET X address %(addr)s WHERE '
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   270
                                            'X eid %(x)s',
5174
78438ad513ca #759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5153
diff changeset
   271
                                            {'addr': ldapemailaddr, 'x': rset[0][0]})
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   272
                            else:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   273
                                # no email found, create it
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   274
                                _insert_email(session, ldapemailaddr, eid)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   275
        finally:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   276
            session.commit()
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   277
            session.close()
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   278
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   279
    def get_connection(self):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   280
        """open and return a connection to the source"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   281
        if self._conn is None:
6653
52d1568af412 [ldap] don't refuse to start if ldap is unreachable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6427
diff changeset
   282
            try:
52d1568af412 [ldap] don't refuse to start if ldap is unreachable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6427
diff changeset
   283
                self._connect()
52d1568af412 [ldap] don't refuse to start if ldap is unreachable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6427
diff changeset
   284
            except:
7029
bae4d11a104b add some tips for users who want to bind to an AD server
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6887
diff changeset
   285
                self.exception('unable to connect to ldap:')
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   286
        return ConnectionWrapper(self._conn)
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   287
3647
2941f4a0aab9 refactor repo authentication to allow pluggable authentifier to login with something else than a password
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3245
diff changeset
   288
    def authenticate(self, session, login, password=None, **kwargs):
1398
5fe84a5f7035 rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents: 1263
diff changeset
   289
        """return CWUser eid for the given login/password if this account is
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   290
        defined in this source, else raise `AuthenticationError`
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   291
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   292
        two queries are needed since passwords are stored crypted, so we have
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   293
        to fetch the salt first
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   294
        """
5603
d8d9f4ec252d ldap source logging
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5456
diff changeset
   295
        self.info('ldap authenticate %s', login)
5855
db59080f1c8d [ldap] cleanup password checking
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5836
diff changeset
   296
        if not password:
db59080f1c8d [ldap] cleanup password checking
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5836
diff changeset
   297
            # On Windows + ADAM this would have succeeded (!!!)
db59080f1c8d [ldap] cleanup password checking
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5836
diff changeset
   298
            # You get Authenticated as: 'NT AUTHORITY\ANONYMOUS LOGON'.
db59080f1c8d [ldap] cleanup password checking
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5836
diff changeset
   299
            # we really really don't want that
3647
2941f4a0aab9 refactor repo authentication to allow pluggable authentifier to login with something else than a password
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3245
diff changeset
   300
            raise AuthenticationError()
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   301
        searchfilter = [filter_format('(%s=%s)', (self.user_login_attr, login))]
6728
f68bd4c876d1 allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5972
diff changeset
   302
        searchfilter.extend(self._make_base_filters())
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   303
        searchstr = '(&%s)' % ''.join(searchfilter)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   304
        # first search the user
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   305
        try:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   306
            user = self._search(session, self.user_base_dn,
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   307
                                self.user_base_scope, searchstr)[0]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   308
        except IndexError:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   309
            # no such user
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   310
            raise AuthenticationError()
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   311
        # check password by establishing a (unused) connection
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   312
        try:
5855
db59080f1c8d [ldap] cleanup password checking
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5836
diff changeset
   313
            self._connect(user, password)
5856
a02129508378 [ldap] fix exception handling on authentication error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5855
diff changeset
   314
        except ldap.LDAPError, ex:
a02129508378 [ldap] fix exception handling on authentication error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5855
diff changeset
   315
            # Something went wrong, most likely bad credentials
a02129508378 [ldap] fix exception handling on authentication error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5855
diff changeset
   316
            self.info('while trying to authenticate %s: %s', user, ex)
a02129508378 [ldap] fix exception handling on authentication error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5855
diff changeset
   317
            raise AuthenticationError()
5855
db59080f1c8d [ldap] cleanup password checking
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5836
diff changeset
   318
        except Exception:
5856
a02129508378 [ldap] fix exception handling on authentication error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5855
diff changeset
   319
            self.error('while trying to authenticate %s', user, exc_info=True)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   320
            raise AuthenticationError()
1398
5fe84a5f7035 rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents: 1263
diff changeset
   321
        return self.extid2eid(user['dn'], 'CWUser', session)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   322
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   323
    def ldap_name(self, var):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   324
        if var.stinfo['relations']:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   325
            relname = iter(var.stinfo['relations']).next().r_type
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   326
            return self.user_rev_attrs.get(relname)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   327
        return None
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   328
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   329
    def prepare_columns(self, mainvars, rqlst):
6886
b571d2d32971 [ldap] small code cleanups
David Douard <david.douard@logilab.fr>
parents: 6750
diff changeset
   330
        """return two list describing how to build the final results
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   331
        from the result of an ldap search (ie a list of dictionnary)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   332
        """
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   333
        columns = []
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   334
        global_transforms = []
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   335
        for i, term in enumerate(rqlst.selection):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   336
            if isinstance(term, Constant):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   337
                columns.append(term)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   338
                continue
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   339
            if isinstance(term, Function): # LOWER, UPPER, COUNT...
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   340
                var = term.get_nodes(VariableRef)[0]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   341
                var = var.variable
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   342
                try:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   343
                    mainvar = var.stinfo['attrvar'].name
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   344
                except AttributeError: # no attrvar set
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   345
                    mainvar = var.name
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   346
                assert mainvar in mainvars
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   347
                trname = term.name
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   348
                ldapname = self.ldap_name(var)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   349
                if trname in ('COUNT', 'MIN', 'MAX', 'SUM'):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   350
                    global_transforms.append(GlobTrFunc(trname, i, ldapname))
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   351
                    columns.append((mainvar, ldapname))
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   352
                    continue
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   353
                if trname in ('LOWER', 'UPPER'):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   354
                    columns.append((mainvar, TrFunc(trname, i, ldapname)))
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   355
                    continue
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   356
                raise NotImplementedError('no support for %s function' % trname)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   357
            if term.name in mainvars:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   358
                columns.append((term.name, 'dn'))
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   359
                continue
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   360
            var = term.variable
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   361
            mainvar = var.stinfo['attrvar'].name
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   362
            columns.append((mainvar, self.ldap_name(var)))
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   363
            #else:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   364
            #    # probably a bug in rql splitting if we arrive here
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   365
            #    raise NotImplementedError
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   366
        return columns, global_transforms
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   367
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   368
    def syntax_tree_search(self, session, union,
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   369
                           args=None, cachekey=None, varmap=None, debug=0):
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   370
        """return result from this source for a rql query (actually from a rql
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   371
        syntax tree and a solution dictionary mapping each used variable to a
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   372
        possible type). If cachekey is given, the query necessary to fetch the
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   373
        results (but not the results themselves) may be cached using this key.
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   374
        """
5603
d8d9f4ec252d ldap source logging
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5456
diff changeset
   375
        self.debug('ldap syntax tree search')
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   376
        # XXX not handled : transform/aggregat function, join on multiple users...
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   377
        assert len(union.children) == 1, 'union not supported'
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   378
        rqlst = union.children[0]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   379
        assert not rqlst.with_, 'subquery not supported'
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   380
        rqlkey = rqlst.as_string(kwargs=args)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   381
        try:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   382
            results = self._query_cache[rqlkey]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   383
        except KeyError:
6693
65bd93b72f1e [ldap] make instance still usable if we can't contact ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6653
diff changeset
   384
            try:
65bd93b72f1e [ldap] make instance still usable if we can't contact ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6653
diff changeset
   385
                results = self.rqlst_search(session, rqlst, args)
65bd93b72f1e [ldap] make instance still usable if we can't contact ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6653
diff changeset
   386
                self._query_cache[rqlkey] = results
65bd93b72f1e [ldap] make instance still usable if we can't contact ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6653
diff changeset
   387
            except ldap.SERVER_DOWN:
65bd93b72f1e [ldap] make instance still usable if we can't contact ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6653
diff changeset
   388
                # cant connect to server
65bd93b72f1e [ldap] make instance still usable if we can't contact ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6653
diff changeset
   389
                msg = session._("can't connect to source %s, some data may be missing")
65bd93b72f1e [ldap] make instance still usable if we can't contact ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6653
diff changeset
   390
                session.set_shared_data('sources_error', msg % self.uri)
65bd93b72f1e [ldap] make instance still usable if we can't contact ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6653
diff changeset
   391
                return []
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   392
        return results
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   393
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   394
    def rqlst_search(self, session, rqlst, args):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   395
        mainvars = []
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   396
        for varname in rqlst.defined_vars:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   397
            for sol in rqlst.solutions:
1398
5fe84a5f7035 rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents: 1263
diff changeset
   398
                if sol[varname] == 'CWUser':
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   399
                    mainvars.append(varname)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   400
                    break
3245
7ef021ac8dec cleanup
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2763
diff changeset
   401
        assert mainvars, rqlst
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   402
        columns, globtransforms = self.prepare_columns(mainvars, rqlst)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   403
        eidfilters = []
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   404
        allresults = []
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   405
        generator = RQL2LDAPFilter(self, session, args, mainvars)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   406
        for mainvar in mainvars:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   407
            # handle restriction
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   408
            try:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   409
                eidfilters_, ldapfilter = generator.generate(rqlst, mainvar)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   410
            except GotDN, ex:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   411
                assert ex.dn, 'no dn!'
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   412
                try:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   413
                    res = [self._cache[ex.dn]]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   414
                except KeyError:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   415
                    res = self._search(session, ex.dn, BASE)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   416
            except UnknownEid, ex:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   417
                # raised when we are looking for the dn of an eid which is not
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   418
                # coming from this source
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   419
                res = []
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   420
            else:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   421
                eidfilters += eidfilters_
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   422
                res = self._search(session, self.user_base_dn,
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   423
                                   self.user_base_scope, ldapfilter)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   424
            allresults.append(res)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   425
        # 1. get eid for each dn and filter according to that eid if necessary
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   426
        for i, res in enumerate(allresults):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   427
            filteredres = []
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   428
            for resdict in res:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   429
                # get sure the entity exists in the system table
1398
5fe84a5f7035 rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents: 1263
diff changeset
   430
                eid = self.extid2eid(resdict['dn'], 'CWUser', session)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   431
                for eidfilter in eidfilters:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   432
                    if not eidfilter(eid):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   433
                        break
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   434
                else:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   435
                    resdict['eid'] = eid
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   436
                    filteredres.append(resdict)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   437
            allresults[i] = filteredres
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   438
        # 2. merge result for each "mainvar": cartesian product
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   439
        allresults = cartesian_product(allresults)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   440
        # 3. build final result according to column definition
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   441
        result = []
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   442
        for rawline in allresults:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   443
            rawline = dict(zip(mainvars, rawline))
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   444
            line = []
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   445
            for varname, ldapname in columns:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   446
                if ldapname is None:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   447
                    value = None # no mapping available
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   448
                elif ldapname == 'dn':
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   449
                    value = rawline[varname]['eid']
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   450
                elif isinstance(ldapname, Constant):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   451
                    if ldapname.type == 'Substitute':
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   452
                        value = args[ldapname.value]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   453
                    else:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   454
                        value = ldapname.value
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   455
                elif isinstance(ldapname, TrFunc):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   456
                    value = ldapname.apply(rawline[varname])
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   457
                else:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   458
                    value = rawline[varname].get(ldapname)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   459
                line.append(value)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   460
            result.append(line)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   461
        for trfunc in globtransforms:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   462
            result = trfunc.apply(result)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   463
        #print '--> ldap result', result
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   464
        return result
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   465
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   466
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   467
    def _connect(self, user=None, userpwd=None):
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   468
        if self.protocol == 'ldapi':
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   469
            hostport = self.host
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   470
        elif not ':' in self.host:
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   471
            hostport = '%s:%s' % (self.host, PROTO_PORT[self.protocol])
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   472
        else:
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   473
            hostport = self.host
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   474
        self.info('connecting %s://%s as %s', self.protocol, hostport,
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   475
                  user and user['dn'] or 'anonymous')
5407
7730796f9506 disable CERT check
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5326
diff changeset
   476
        # don't require server certificate when using ldaps (will
7730796f9506 disable CERT check
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5326
diff changeset
   477
        # enable self signed certs)
7730796f9506 disable CERT check
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5326
diff changeset
   478
        ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   479
        url = LDAPUrl(urlscheme=self.protocol, hostport=hostport)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   480
        conn = ReconnectLDAPObject(url.initializeUrl())
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   481
        # Set the protocol version - version 3 is preferred
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   482
        try:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   483
            conn.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   484
        except ldap.LDAPError: # Invalid protocol version, fall back safely
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   485
            conn.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION2)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   486
        # Deny auto-chasing of referrals to be safe, we handle them instead
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   487
        #try:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   488
        #    connection.set_option(ldap.OPT_REFERRALS, 0)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   489
        #except ldap.LDAPError: # Cannot set referrals, so do nothing
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   490
        #    pass
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   491
        #conn.set_option(ldap.OPT_NETWORK_TIMEOUT, conn_timeout)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   492
        #conn.timeout = op_timeout
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   493
        # Now bind with the credentials given. Let exceptions propagate out.
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   494
        if user is None:
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   495
            # no user specified, we want to initialize the 'data' connection,
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   496
            assert self._conn is None
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   497
            self._conn = conn
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   498
            # XXX always use simple bind for data connection
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   499
            if not self.cnx_dn:
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   500
                conn.simple_bind_s(self.cnx_dn, self.cnx_pwd)
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   501
            else:
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   502
                self._authenticate(conn, {'dn': self.cnx_dn}, self.cnx_pwd)
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   503
        else:
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   504
            # user specified, we want to check user/password, no need to return
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   505
            # the connection which will be thrown out
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   506
            self._authenticate(conn, user, userpwd)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   507
        return conn
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   508
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   509
    def _auth_simple(self, conn, user, userpwd):
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   510
        conn.simple_bind_s(user['dn'], userpwd)
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   511
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   512
    def _auth_cram_md5(self, conn, user, userpwd):
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   513
        from ldap import sasl
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   514
        auth_token = sasl.cram_md5(user['dn'], userpwd)
4716
55b6a3262071 fix some pylint detected errors
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4556
diff changeset
   515
        conn.sasl_interactive_bind_s('', auth_token)
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   516
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   517
    def _auth_digest_md5(self, conn, user, userpwd):
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   518
        from ldap import sasl
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   519
        auth_token = sasl.digest_md5(user['dn'], userpwd)
4716
55b6a3262071 fix some pylint detected errors
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4556
diff changeset
   520
        conn.sasl_interactive_bind_s('', auth_token)
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   521
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   522
    def _auth_gssapi(self, conn, user, userpwd):
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   523
        # print XXX not proper sasl/gssapi
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   524
        import kerberos
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   525
        if not kerberos.checkPassword(user[self.user_login_attr], userpwd):
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   526
            raise Exception('BAD login / mdp')
2707
15ffc3c8923c cleanup
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2699
diff changeset
   527
        #from ldap import sasl
15ffc3c8923c cleanup
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2699
diff changeset
   528
        #conn.sasl_interactive_bind_s('', sasl.gssapi())
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   529
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   530
    def _search(self, session, base, scope,
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   531
                searchstr='(objectClass=*)', attrs=()):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   532
        """make an ldap query"""
5800
2bc88fb424bc reduced logging verbosity in ldapuser source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5789
diff changeset
   533
        self.debug('ldap search %s %s %s %s %s', self.uri, base, scope, searchstr, list(attrs))
6886
b571d2d32971 [ldap] small code cleanups
David Douard <david.douard@logilab.fr>
parents: 6750
diff changeset
   534
        # XXX for now, we do not have connection pool support for LDAP, so
b571d2d32971 [ldap] small code cleanups
David Douard <david.douard@logilab.fr>
parents: 6750
diff changeset
   535
        # this is always self._conn
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   536
        cnx = session.pool.connection(self.uri).cnx
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   537
        try:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   538
            res = cnx.search_s(base, scope, searchstr, attrs)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   539
        except ldap.PARTIAL_RESULTS:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   540
            res = cnx.result(all=0)[1]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   541
        except ldap.NO_SUCH_OBJECT:
5603
d8d9f4ec252d ldap source logging
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5456
diff changeset
   542
            self.info('ldap NO SUCH OBJECT')
1398
5fe84a5f7035 rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents: 1263
diff changeset
   543
            eid = self.extid2eid(base, 'CWUser', session, insert=False)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   544
            if eid:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   545
                self.warning('deleting ldap user with eid %s and dn %s',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   546
                             eid, base)
4913
083b4d454192 server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents: 4719
diff changeset
   547
                entity = session.entity_from_eid(eid, 'CWUser')
083b4d454192 server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents: 4719
diff changeset
   548
                self.repo.delete_info(session, entity, self.uri, base)
5972
220856aff85e [ldap] take care, email address may be a list. In such case, only consider the first one (XXX). Also, fix call to reset_caches.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5856
diff changeset
   549
                self.reset_caches()
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   550
            return []
5789
0f969e5c579a [ldapuser] quieter ldap result info, fix commented block style
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5646
diff changeset
   551
        # except ldap.REFERRAL, e:
0f969e5c579a [ldapuser] quieter ldap result info, fix commented block style
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5646
diff changeset
   552
        #     cnx = self.handle_referral(e)
0f969e5c579a [ldapuser] quieter ldap result info, fix commented block style
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5646
diff changeset
   553
        #     try:
0f969e5c579a [ldapuser] quieter ldap result info, fix commented block style
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5646
diff changeset
   554
        #         res = cnx.search_s(base, scope, searchstr, attrs)
0f969e5c579a [ldapuser] quieter ldap result info, fix commented block style
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5646
diff changeset
   555
        #     except ldap.PARTIAL_RESULTS:
0f969e5c579a [ldapuser] quieter ldap result info, fix commented block style
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5646
diff changeset
   556
        #         res_type, res = cnx.result(all=0)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   557
        result = []
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   558
        for rec_dn, rec_dict in res:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   559
            # When used against Active Directory, "rec_dict" may not be
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   560
            # be a dictionary in some cases (instead, it can be a list)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   561
            # An example of a useless "res" entry that can be ignored
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   562
            # from AD is
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   563
            # (None, ['ldap://ForestDnsZones.PORTAL.LOCAL/DC=ForestDnsZones,DC=PORTAL,DC=LOCAL'])
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   564
            # This appears to be some sort of internal referral, but
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   565
            # we can't handle it, so we need to skip over it.
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   566
            try:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   567
                items =  rec_dict.items()
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   568
            except AttributeError:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   569
                # 'items' not found on rec_dict, skip
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   570
                continue
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   571
            for key, value in items: # XXX syt: huuum ?
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   572
                if not isinstance(value, str):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   573
                    try:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   574
                        for i in range(len(value)):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   575
                            value[i] = unicode(value[i], 'utf8')
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   576
                    except:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   577
                        pass
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   578
                if isinstance(value, list) and len(value) == 1:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   579
                    rec_dict[key] = value = value[0]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   580
            rec_dict['dn'] = rec_dn
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   581
            self._cache[rec_dn] = rec_dict
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   582
            result.append(rec_dict)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   583
        #print '--->', result
5827
aad4496a279a reduce log verbosity in ldapuser source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5800
diff changeset
   584
        self.debug('ldap built results %s', len(result))
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   585
        return result
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   586
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   587
    def before_entity_insertion(self, session, lid, etype, eid):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   588
        """called by the repository when an eid has been attributed for an
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   589
        entity stored here but the entity has not been inserted in the system
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   590
        table yet.
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   591
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   592
        This method must return the an Entity instance representation of this
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   593
        entity.
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   594
        """
5800
2bc88fb424bc reduced logging verbosity in ldapuser source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5789
diff changeset
   595
        self.debug('ldap before entity insertion')
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   596
        entity = super(LDAPUserSource, self).before_entity_insertion(session, lid, etype, eid)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   597
        res = self._search(session, lid, BASE)[0]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   598
        for attr in entity.e_schema.indexable_attributes():
6142
8bc6eac1fac1 [session] cleanup hook / operation / entity edition api
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5972
diff changeset
   599
            entity.cw_edited[attr] = res[self.user_rev_attrs[attr]]
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   600
        return entity
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   601
6886
b571d2d32971 [ldap] small code cleanups
David Douard <david.douard@logilab.fr>
parents: 6750
diff changeset
   602
    def after_entity_insertion(self, session, lid, entity):
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   603
        """called by the repository after an entity stored here has been
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   604
        inserted in the system table.
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   605
        """
5800
2bc88fb424bc reduced logging verbosity in ldapuser source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5789
diff changeset
   606
        self.debug('ldap after entity insertion')
6886
b571d2d32971 [ldap] small code cleanups
David Douard <david.douard@logilab.fr>
parents: 6750
diff changeset
   607
        super(LDAPUserSource, self).after_entity_insertion(session, lid, entity)
b571d2d32971 [ldap] small code cleanups
David Douard <david.douard@logilab.fr>
parents: 6750
diff changeset
   608
        dn = lid
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   609
        for group in self.user_default_groups:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   610
            session.execute('SET X in_group G WHERE X eid %(x)s, G name %(group)s',
5174
78438ad513ca #759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5153
diff changeset
   611
                            {'x': entity.eid, 'group': group})
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   612
        # search for existant email first
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   613
        try:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   614
            emailaddr = self._cache[dn][self.user_rev_attrs['email']]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   615
        except KeyError:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   616
            return
5972
220856aff85e [ldap] take care, email address may be a list. In such case, only consider the first one (XXX). Also, fix call to reset_caches.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5856
diff changeset
   617
        if isinstance(emailaddr, list):
220856aff85e [ldap] take care, email address may be a list. In such case, only consider the first one (XXX). Also, fix call to reset_caches.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5856
diff changeset
   618
            emailaddr = emailaddr[0] # XXX consider only the first email in the list
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   619
        rset = session.execute('EmailAddress X WHERE X address %(addr)s',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   620
                               {'addr': emailaddr})
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   621
        if rset:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   622
            session.execute('SET U primary_email X WHERE U eid %(u)s, X eid %(x)s',
5174
78438ad513ca #759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5153
diff changeset
   623
                            {'x': rset[0][0], 'u': entity.eid})
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   624
        else:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   625
            # not found, create it
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   626
            _insert_email(session, emailaddr, entity.eid)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   627
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   628
    def update_entity(self, session, entity):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   629
        """replace an entity in the source"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   630
        raise RepositoryError('this source is read only')
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   631
4913
083b4d454192 server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents: 4719
diff changeset
   632
    def delete_entity(self, session, entity):
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   633
        """delete an entity from the source"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   634
        raise RepositoryError('this source is read only')
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   635
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   636
def _insert_email(session, emailaddr, ueid):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   637
    session.execute('INSERT EmailAddress X: X address %(addr)s, U primary_email X '
5174
78438ad513ca #759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5153
diff changeset
   638
                    'WHERE U eid %(x)s', {'addr': emailaddr, 'x': ueid})
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   639
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   640
class GotDN(Exception):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   641
    """exception used when a dn localizing the searched user has been found"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   642
    def __init__(self, dn):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   643
        self.dn = dn
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   644
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   645
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   646
class RQL2LDAPFilter(object):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   647
    """generate an LDAP filter for a rql query"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   648
    def __init__(self, source, session, args=None, mainvars=()):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   649
        self.source = source
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   650
        self._ldap_attrs = source.user_rev_attrs
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   651
        self._base_filters = source.base_filters
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   652
        self._session = session
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   653
        if args is None:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   654
            args = {}
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   655
        self._args = args
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   656
        self.mainvars = mainvars
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   657
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   658
    def generate(self, selection, mainvarname):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   659
        self._filters = res = self._base_filters[:]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   660
        self._mainvarname = mainvarname
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   661
        self._eidfilters = []
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   662
        self._done_not = set()
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   663
        restriction = selection.where
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   664
        if isinstance(restriction, Relation):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   665
            # only a single relation, need to append result here (no AND/OR)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   666
            filter = restriction.accept(self)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   667
            if filter is not None:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   668
                res.append(filter)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   669
        elif restriction:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   670
            restriction.accept(self)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   671
        if len(res) > 1:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   672
            return self._eidfilters, '(&%s)' % ''.join(res)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   673
        return self._eidfilters, res[0]
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   674
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   675
    def visit_and(self, et):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   676
        """generate filter for a AND subtree"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   677
        for c in et.children:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   678
            part = c.accept(self)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   679
            if part:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   680
                self._filters.append(part)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   681
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   682
    def visit_or(self, ou):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   683
        """generate filter for a OR subtree"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   684
        res = []
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   685
        for c in ou.children:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   686
            part = c.accept(self)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   687
            if part:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   688
                res.append(part)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   689
        if res:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   690
            if len(res) > 1:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   691
                part = '(|%s)' % ''.join(res)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   692
            else:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   693
                part = res[0]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   694
            self._filters.append(part)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   695
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   696
    def visit_not(self, node):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   697
        """generate filter for a OR subtree"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   698
        part = node.children[0].accept(self)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   699
        if part:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   700
            self._filters.append('(!(%s))'% part)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   701
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   702
    def visit_relation(self, relation):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   703
        """generate filter for a relation"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   704
        rtype = relation.r_type
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   705
        # don't care of type constraint statement (i.e. relation_type = 'is')
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   706
        if rtype == 'is':
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   707
            return ''
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   708
        lhs, rhs = relation.get_parts()
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   709
        # attribute relation
3689
deb13e88e037 follow yams 0.25 api changes to improve performance
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3245
diff changeset
   710
        if self.source.schema.rschema(rtype).final:
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   711
            # dunno what to do here, don't pretend anything else
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   712
            if lhs.name != self._mainvarname:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   713
                if lhs.name in self.mainvars:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   714
                    # XXX check we don't have variable as rhs
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   715
                    return
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   716
                raise NotImplementedError
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   717
            rhs_vars = rhs.get_nodes(VariableRef)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   718
            if rhs_vars:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   719
                if len(rhs_vars) > 1:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   720
                    raise NotImplementedError
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   721
                # selected variable, nothing to do here
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   722
                return
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   723
            # no variables in the RHS
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   724
            if isinstance(rhs.children[0], Function):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   725
                res = rhs.children[0].accept(self)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   726
            elif rtype != 'has_text':
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   727
                res = self._visit_attribute_relation(relation)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   728
            else:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   729
                raise NotImplementedError(relation)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   730
        # regular relation XXX todo: in_group
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   731
        else:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   732
            raise NotImplementedError(relation)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   733
        return res
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   734
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   735
    def _visit_attribute_relation(self, relation):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   736
        """generate filter for an attribute relation"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   737
        lhs, rhs = relation.get_parts()
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   738
        lhsvar = lhs.variable
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   739
        if relation.r_type == 'eid':
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   740
            # XXX hack
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   741
            # skip comparison sign
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   742
            eid = int(rhs.children[0].accept(self))
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   743
            if relation.neged(strict=True):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   744
                self._done_not.add(relation.parent)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   745
                self._eidfilters.append(lambda x: not x == eid)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   746
                return
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   747
            if rhs.operator != '=':
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   748
                filter = {'>': lambda x: x > eid,
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   749
                          '>=': lambda x: x >= eid,
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   750
                          '<': lambda x: x < eid,
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   751
                          '<=': lambda x: x <= eid,
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   752
                          }[rhs.operator]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   753
                self._eidfilters.append(filter)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   754
                return
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   755
            dn = self.source.eid2extid(eid, self._session)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   756
            raise GotDN(dn)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   757
        try:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   758
            filter = '(%s%s)' % (self._ldap_attrs[relation.r_type],
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   759
                                 rhs.accept(self))
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   760
        except KeyError:
975
0928daea04e9 fix ldapsource w/ restriction on unsupported relation (return no results in that case)
sylvain.thenault@logilab.fr
parents: 938
diff changeset
   761
            # unsupported attribute
0928daea04e9 fix ldapsource w/ restriction on unsupported relation (return no results in that case)
sylvain.thenault@logilab.fr
parents: 938
diff changeset
   762
            self.source.warning('%s source can\'t handle relation %s, no '
0928daea04e9 fix ldapsource w/ restriction on unsupported relation (return no results in that case)
sylvain.thenault@logilab.fr
parents: 938
diff changeset
   763
                                'results will be returned from this source',
0928daea04e9 fix ldapsource w/ restriction on unsupported relation (return no results in that case)
sylvain.thenault@logilab.fr
parents: 938
diff changeset
   764
                                self.source.uri, relation)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   765
            raise UnknownEid # trick to return no result
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   766
        return filter
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   767
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   768
    def visit_comparison(self, cmp):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   769
        """generate filter for a comparaison"""
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   770
        return '%s%s'% (cmp.operator, cmp.children[0].accept(self))
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   771
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   772
    def visit_mathexpression(self, mexpr):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   773
        """generate filter for a mathematic expression"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   774
        raise NotImplementedError
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   775
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   776
    def visit_function(self, function):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   777
        """generate filter name for a function"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   778
        if function.name == 'IN':
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   779
            return self.visit_in(function)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   780
        raise NotImplementedError
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   781
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   782
    def visit_in(self, function):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   783
        grandpapa = function.parent.parent
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   784
        ldapattr = self._ldap_attrs[grandpapa.r_type]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   785
        res = []
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   786
        for c in function.children:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   787
            part = c.accept(self)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   788
            if part:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   789
                res.append(part)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   790
        if res:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   791
            if len(res) > 1:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   792
                part = '(|%s)' % ''.join('(%s=%s)' % (ldapattr, v) for v in res)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   793
            else:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   794
                part = '(%s=%s)' % (ldapattr, res[0])
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   795
        return part
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   796
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   797
    def visit_constant(self, constant):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   798
        """generate filter name for a constant"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   799
        value = constant.value
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   800
        if constant.type is None:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   801
            raise NotImplementedError
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   802
        if constant.type == 'Date':
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   803
            raise NotImplementedError
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   804
            #value = self.keyword_map[value]()
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   805
        elif constant.type == 'Substitute':
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   806
            value = self._args[constant.value]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   807
        else:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   808
            value = constant.value
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   809
        if isinstance(value, unicode):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   810
            value = value.encode('utf8')
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   811
        else:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   812
            value = str(value)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   813
        return escape_filter_chars(value)
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   814
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   815
    def visit_variableref(self, variableref):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   816
        """get the sql name for a variable reference"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   817
        pass
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   818