author | Sylvain Thénault <sylvain.thenault@logilab.fr> |
Thu, 16 Jun 2011 15:16:58 +0200 | |
branch | stable |
changeset 7522 | 6f6b334a14b7 |
parent 7121 | c2badb6de3fe |
child 7398 | 26695dd703d8 |
permissions | -rw-r--r-- |
6943
406a41c25e13
[sources] reorganize abstract source code, drop no more used cleanup_entities_info and _cleanup_system_relations methods
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6931
diff
changeset
|
1 |
# copyright 2003-2011 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
5421
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
2 |
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
3 |
# |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
4 |
# This file is part of CubicWeb. |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
5 |
# |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
6 |
# CubicWeb is free software: you can redistribute it and/or modify it under the |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
7 |
# terms of the GNU Lesser General Public License as published by the Free |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
8 |
# Software Foundation, either version 2.1 of the License, or (at your option) |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
9 |
# any later version. |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
10 |
# |
5424
8ecbcbff9777
replace logilab-common by CubicWeb in disclaimer
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5421
diff
changeset
|
11 |
# CubicWeb is distributed in the hope that it will be useful, but WITHOUT |
5421
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
12 |
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
13 |
# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
14 |
# details. |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
15 |
# |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
16 |
# You should have received a copy of the GNU Lesser General Public License along |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
17 |
# with CubicWeb. If not, see <http://www.gnu.org/licenses/>. |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
18 |
"""cubicweb ldap user source |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
19 |
|
1398
5fe84a5f7035
rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents:
1263
diff
changeset
|
20 |
this source is for now limited to a read-only CWUser source |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
21 |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
22 |
Part of the code is coming form Zope's LDAPUserFolder |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
23 |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
24 |
Copyright (c) 2004 Jens Vagelpohl. |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
25 |
All Rights Reserved. |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
26 |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
27 |
This software is subject to the provisions of the Zope Public License, |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
28 |
Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution. |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
29 |
THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
30 |
WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
31 |
WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
32 |
FOR A PARTICULAR PURPOSE. |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
33 |
""" |
5637
b72a838aa109
more robust handling of looping task configuration in ldap source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5604
diff
changeset
|
34 |
from __future__ import division |
1952
8e19c813750d
fix extid handling: ensure encoded string is given, and store them as base64 (see note in native.py).
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1802
diff
changeset
|
35 |
from base64 import b64decode |
8e19c813750d
fix extid handling: ensure encoded string is given, and store them as base64 (see note in native.py).
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1802
diff
changeset
|
36 |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
37 |
import ldap |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
38 |
from ldap.ldapobject import ReconnectLDAPObject |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
39 |
from ldap.filter import filter_format, escape_filter_chars |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
40 |
from ldapurl import LDAPUrl |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
41 |
|
6945
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
42 |
from rql.nodes import Relation, VariableRef, Constant, Function |
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
43 |
|
1238
fa29b5b60107
set 30sec query cache on pyro source, important speedup for pages generating multiple time the same external query
sylvain.thenault@logilab.fr
parents:
975
diff
changeset
|
44 |
from cubicweb import AuthenticationError, UnknownEid, RepositoryError |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
45 |
from cubicweb.server.utils import cartesian_product |
1238
fa29b5b60107
set 30sec query cache on pyro source, important speedup for pages generating multiple time the same external query
sylvain.thenault@logilab.fr
parents:
975
diff
changeset
|
46 |
from cubicweb.server.sources import (AbstractSource, TrFunc, GlobTrFunc, |
fa29b5b60107
set 30sec query cache on pyro source, important speedup for pages generating multiple time the same external query
sylvain.thenault@logilab.fr
parents:
975
diff
changeset
|
47 |
ConnectionWrapper, TimedCache) |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
48 |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
49 |
# search scopes |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
50 |
BASE = ldap.SCOPE_BASE |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
51 |
ONELEVEL = ldap.SCOPE_ONELEVEL |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
52 |
SUBTREE = ldap.SCOPE_SUBTREE |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
53 |
|
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
54 |
# map ldap protocol to their standard port |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
55 |
PROTO_PORT = {'ldap': 389, |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
56 |
'ldaps': 636, |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
57 |
'ldapi': None, |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
58 |
} |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
59 |
|
1263 | 60 |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
61 |
class LDAPUserSource(AbstractSource): |
1398
5fe84a5f7035
rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents:
1263
diff
changeset
|
62 |
"""LDAP read-only CWUser source""" |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
63 |
support_entities = {'CWUser': False} |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
64 |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
65 |
options = ( |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
66 |
('host', |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
67 |
{'type' : 'string', |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
68 |
'default': 'ldap', |
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
69 |
'help': 'ldap host. It may contains port information using \ |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
70 |
<host>:<port> notation.', |
5323
329b4f6d18b4
[config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
71 |
'group': 'ldap-source', 'level': 1, |
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
72 |
}), |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
73 |
('protocol', |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
74 |
{'type' : 'choice', |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
75 |
'default': 'ldap', |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
76 |
'choices': ('ldap', 'ldaps', 'ldapi'), |
5138
18388a897d2a
list allowed values for ldap protocol setting in help, so that the generated file includes this in a comment
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
4913
diff
changeset
|
77 |
'help': 'ldap protocol (allowed values: ldap, ldaps, ldapi)', |
5323
329b4f6d18b4
[config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
78 |
'group': 'ldap-source', 'level': 1, |
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
79 |
}), |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
80 |
('auth-mode', |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
81 |
{'type' : 'choice', |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
82 |
'default': 'simple', |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
83 |
'choices': ('simple', 'cram_md5', 'digest_md5', 'gssapi'), |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
84 |
'help': 'authentication mode used to authenticate user to the ldap.', |
5456
d040889fac4e
merged back oldstable into stable
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
diff
changeset
|
85 |
'group': 'ldap-source', 'level': 3, |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
86 |
}), |
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
87 |
('auth-realm', |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
88 |
{'type' : 'string', |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
89 |
'default': None, |
4555
8968c50818db
typo fix in help string
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
4212
diff
changeset
|
90 |
'help': 'realm to use when using gssapi/kerberos authentication.', |
5456
d040889fac4e
merged back oldstable into stable
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
diff
changeset
|
91 |
'group': 'ldap-source', 'level': 3, |
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
92 |
}), |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
93 |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
94 |
('data-cnx-dn', |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
95 |
{'type' : 'string', |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
96 |
'default': '', |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
97 |
'help': 'user dn to use to open data connection to the ldap (eg used \ |
7029
bae4d11a104b
add some tips for users who want to bind to an AD server
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
6887
diff
changeset
|
98 |
to respond to rql queries). Leave empty for anonymous bind', |
5323
329b4f6d18b4
[config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
99 |
'group': 'ldap-source', 'level': 1, |
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
100 |
}), |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
101 |
('data-cnx-password', |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
102 |
{'type' : 'string', |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
103 |
'default': '', |
7029
bae4d11a104b
add some tips for users who want to bind to an AD server
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
6887
diff
changeset
|
104 |
'help': 'password to use to open data connection to the ldap (eg used to respond to rql queries). Leave empty for anonymous bind.', |
5323
329b4f6d18b4
[config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
105 |
'group': 'ldap-source', 'level': 1, |
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
106 |
}), |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
107 |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
108 |
('user-base-dn', |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
109 |
{'type' : 'string', |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
110 |
'default': 'ou=People,dc=logilab,dc=fr', |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
111 |
'help': 'base DN to lookup for users', |
7029
bae4d11a104b
add some tips for users who want to bind to an AD server
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
6887
diff
changeset
|
112 |
'group': 'ldap-source', 'level': 1, |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
113 |
}), |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
114 |
('user-scope', |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
115 |
{'type' : 'choice', |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
116 |
'default': 'ONELEVEL', |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
117 |
'choices': ('BASE', 'ONELEVEL', 'SUBTREE'), |
7029
bae4d11a104b
add some tips for users who want to bind to an AD server
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
6887
diff
changeset
|
118 |
'help': 'user search scope (valid values: "BASE", "ONELEVEL", "SUBTREE")', |
5323
329b4f6d18b4
[config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
119 |
'group': 'ldap-source', 'level': 1, |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
120 |
}), |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
121 |
('user-classes', |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
122 |
{'type' : 'csv', |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
123 |
'default': ('top', 'posixAccount'), |
7029
bae4d11a104b
add some tips for users who want to bind to an AD server
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
6887
diff
changeset
|
124 |
'help': 'classes of user (with Active Directory, you want to say "user" here)', |
5323
329b4f6d18b4
[config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
125 |
'group': 'ldap-source', 'level': 1, |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
126 |
}), |
6728
f68bd4c876d1
allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5972
diff
changeset
|
127 |
('user-filter', |
f68bd4c876d1
allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5972
diff
changeset
|
128 |
{'type': 'string', |
f68bd4c876d1
allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5972
diff
changeset
|
129 |
'default': '', |
f68bd4c876d1
allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5972
diff
changeset
|
130 |
'help': 'additional filters to be set in the ldap query to find valid users', |
f68bd4c876d1
allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5972
diff
changeset
|
131 |
'group': 'ldap-source', 'level': 2, |
f68bd4c876d1
allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5972
diff
changeset
|
132 |
}), |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
133 |
('user-login-attr', |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
134 |
{'type' : 'string', |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
135 |
'default': 'uid', |
7029
bae4d11a104b
add some tips for users who want to bind to an AD server
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
6887
diff
changeset
|
136 |
'help': 'attribute used as login on authentication (with Active Directory, you want to use "sAMAccountName" here)', |
5323
329b4f6d18b4
[config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
137 |
'group': 'ldap-source', 'level': 1, |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
138 |
}), |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
139 |
('user-default-group', |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
140 |
{'type' : 'csv', |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
141 |
'default': ('users',), |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
142 |
'help': 'name of a group in which ldap users will be by default. \ |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
143 |
You can set multiple groups by separating them by a comma.', |
5323
329b4f6d18b4
[config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
144 |
'group': 'ldap-source', 'level': 1, |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
145 |
}), |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
146 |
('user-attrs-map', |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
147 |
{'type' : 'named', |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
148 |
'default': {'uid': 'login', 'gecos': 'email'}, |
7029
bae4d11a104b
add some tips for users who want to bind to an AD server
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
6887
diff
changeset
|
149 |
'help': 'map from ldap user attributes to cubicweb attributes (with Active Directory, you want to use sAMAccountName:login,mail:email,givenName:firstname,sn:surname)', |
5323
329b4f6d18b4
[config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5174
diff
changeset
|
150 |
'group': 'ldap-source', 'level': 1, |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
151 |
}), |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
152 |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
153 |
('synchronization-interval', |
5326
0d9054eb3bd1
[config] properly use time type for options representing a time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5153
diff
changeset
|
154 |
{'type' : 'time', |
0d9054eb3bd1
[config] properly use time type for options representing a time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5153
diff
changeset
|
155 |
'default': '1d', |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
156 |
'help': 'interval between synchronization with the ldap \ |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
157 |
directory (default to once a day).', |
5456
d040889fac4e
merged back oldstable into stable
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
diff
changeset
|
158 |
'group': 'ldap-source', 'level': 3, |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
159 |
}), |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
160 |
('cache-life-time', |
5326
0d9054eb3bd1
[config] properly use time type for options representing a time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5153
diff
changeset
|
161 |
{'type' : 'time', |
0d9054eb3bd1
[config] properly use time type for options representing a time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5153
diff
changeset
|
162 |
'default': '2h', |
5637
b72a838aa109
more robust handling of looping task configuration in ldap source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5604
diff
changeset
|
163 |
'help': 'life time of query cache (default to two hours).', |
5456
d040889fac4e
merged back oldstable into stable
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
diff
changeset
|
164 |
'group': 'ldap-source', 'level': 3, |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
165 |
}), |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
166 |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
167 |
) |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
168 |
|
6945
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
169 |
def __init__(self, repo, source_config, eid=None): |
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
170 |
AbstractSource.__init__(self, repo, source_config, eid) |
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
171 |
self.update_config(None, self.check_conf_dict(eid, source_config)) |
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
172 |
self._conn = None |
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
173 |
|
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
174 |
def update_config(self, source_entity, typedconfig): |
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
175 |
"""update configuration from source entity. `typedconfig` is config |
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
176 |
properly typed with defaults set |
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
177 |
""" |
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
178 |
self.host = typedconfig['host'] |
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
179 |
self.protocol = typedconfig['protocol'] |
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
180 |
self.authmode = typedconfig['auth-mode'] |
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
181 |
self._authenticate = getattr(self, '_auth_%s' % self.authmode) |
6945
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
182 |
self.cnx_dn = typedconfig['data-cnx-dn'] |
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
183 |
self.cnx_pwd = typedconfig['data-cnx-password'] |
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
184 |
self.user_base_dn = str(typedconfig['user-base-dn']) |
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
185 |
self.user_base_scope = globals()[typedconfig['user-scope']] |
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
186 |
self.user_login_attr = typedconfig['user-login-attr'] |
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
187 |
self.user_default_groups = typedconfig['user-default-group'] |
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
188 |
self.user_attrs = typedconfig['user-attrs-map'] |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
189 |
self.user_rev_attrs = {'eid': 'dn'} |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
190 |
for ldapattr, cwattr in self.user_attrs.items(): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
191 |
self.user_rev_attrs[cwattr] = ldapattr |
6945
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
192 |
self.base_filters = [filter_format('(%s=%s)', ('objectClass', o)) |
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
193 |
for o in typedconfig['user-classes']] |
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
194 |
if typedconfig['user-filter']: |
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
195 |
self.base_filters.append(typedconfig['user-filter']) |
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
196 |
self._interval = typedconfig['synchronization-interval'] |
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
197 |
self._cache_ttl = max(71, typedconfig['cache-life-time']) |
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
198 |
self.reset_caches() |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
199 |
self._conn = None |
6728
f68bd4c876d1
allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5972
diff
changeset
|
200 |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
201 |
def reset_caches(self): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
202 |
"""method called during test to reset potential source caches""" |
2763
39b42e158249
[ms] proper reset cache on external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2707
diff
changeset
|
203 |
self._cache = {} |
5642
6a90357b9769
TimedCache now only accepts values expressed in seconds
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5637
diff
changeset
|
204 |
self._query_cache = TimedCache(self._cache_ttl) |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
205 |
|
6957
ffda12be2e9f
[repository] #1460066: backport datafeed cube as cubicweb source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6945
diff
changeset
|
206 |
def init(self, activated, source_entity): |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
207 |
"""method called by the repository once ready to handle request""" |
6724
24bf6f181d0e
[pyro source] store pyro source mapping file into the database
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6693
diff
changeset
|
208 |
if activated: |
24bf6f181d0e
[pyro source] store pyro source mapping file into the database
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6693
diff
changeset
|
209 |
self.info('ldap init') |
24bf6f181d0e
[pyro source] store pyro source mapping file into the database
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6693
diff
changeset
|
210 |
# set minimum period of 5min 1s (the additional second is to |
24bf6f181d0e
[pyro source] store pyro source mapping file into the database
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6693
diff
changeset
|
211 |
# minimize resonnance effet) |
24bf6f181d0e
[pyro source] store pyro source mapping file into the database
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6693
diff
changeset
|
212 |
self.repo.looping_task(max(301, self._interval), self.synchronize) |
24bf6f181d0e
[pyro source] store pyro source mapping file into the database
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6693
diff
changeset
|
213 |
self.repo.looping_task(self._cache_ttl // 10, |
24bf6f181d0e
[pyro source] store pyro source mapping file into the database
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6693
diff
changeset
|
214 |
self._query_cache.clear_expired) |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
215 |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
216 |
def synchronize(self): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
217 |
"""synchronize content known by this repository with content in the |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
218 |
external repository |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
219 |
""" |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
220 |
self.info('synchronizing ldap source %s', self.uri) |
938
a69188963ccb
check ldap source has email configured before synchronization
sylvain.thenault@logilab.fr
parents:
257
diff
changeset
|
221 |
try: |
a69188963ccb
check ldap source has email configured before synchronization
sylvain.thenault@logilab.fr
parents:
257
diff
changeset
|
222 |
ldap_emailattr = self.user_rev_attrs['email'] |
a69188963ccb
check ldap source has email configured before synchronization
sylvain.thenault@logilab.fr
parents:
257
diff
changeset
|
223 |
except KeyError: |
a69188963ccb
check ldap source has email configured before synchronization
sylvain.thenault@logilab.fr
parents:
257
diff
changeset
|
224 |
return # no email in ldap, we're done |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
225 |
session = self.repo.internal_session() |
5153
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
226 |
execute = session.execute |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
227 |
try: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
228 |
cursor = session.system_sql("SELECT eid, extid FROM entities WHERE " |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
229 |
"source='%s'" % self.uri) |
1952
8e19c813750d
fix extid handling: ensure encoded string is given, and store them as base64 (see note in native.py).
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1802
diff
changeset
|
230 |
for eid, b64extid in cursor.fetchall(): |
8e19c813750d
fix extid handling: ensure encoded string is given, and store them as base64 (see note in native.py).
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1802
diff
changeset
|
231 |
extid = b64decode(b64extid) |
5603
d8d9f4ec252d
ldap source logging
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5456
diff
changeset
|
232 |
self.debug('ldap eid %s', eid) |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
233 |
# if no result found, _search automatically delete entity information |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
234 |
res = self._search(session, extid, BASE) |
5603
d8d9f4ec252d
ldap source logging
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5456
diff
changeset
|
235 |
self.debug('ldap search %s', res) |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
236 |
if res: |
938
a69188963ccb
check ldap source has email configured before synchronization
sylvain.thenault@logilab.fr
parents:
257
diff
changeset
|
237 |
ldapemailaddr = res[0].get(ldap_emailattr) |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
238 |
if ldapemailaddr: |
5972
220856aff85e
[ldap] take care, email address may be a list. In such case, only consider the first one (XXX). Also, fix call to reset_caches.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5856
diff
changeset
|
239 |
if isinstance(ldapemailaddr, list): |
220856aff85e
[ldap] take care, email address may be a list. In such case, only consider the first one (XXX). Also, fix call to reset_caches.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5856
diff
changeset
|
240 |
ldapemailaddr = ldapemailaddr[0] # XXX consider only the first email in the list |
5153
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
241 |
rset = execute('Any X,A WHERE ' |
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
242 |
'X address A, U use_email X, U eid %(u)s', |
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
243 |
{'u': eid}) |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
244 |
ldapemailaddr = unicode(ldapemailaddr) |
5153
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
245 |
for emaileid, emailaddr, in rset: |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
246 |
if emailaddr == ldapemailaddr: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
247 |
break |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
248 |
else: |
5800
2bc88fb424bc
reduced logging verbosity in ldapuser source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5789
diff
changeset
|
249 |
self.debug('updating email address of user %s to %s', |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
250 |
extid, ldapemailaddr) |
5153
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
251 |
emailrset = execute('EmailAddress A WHERE A address %(addr)s', |
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
252 |
{'addr': ldapemailaddr}) |
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
253 |
if emailrset: |
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
254 |
execute('SET U use_email X WHERE ' |
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
255 |
'X eid %(x)s, U eid %(u)s', |
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
256 |
{'x': emailrset[0][0], 'u': eid}) |
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
257 |
elif rset: |
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
258 |
if not execute('SET X address %(addr)s WHERE ' |
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
259 |
'U primary_email X, U eid %(u)s', |
5174
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5153
diff
changeset
|
260 |
{'addr': ldapemailaddr, 'u': eid}): |
5153
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
261 |
execute('SET X address %(addr)s WHERE ' |
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
262 |
'X eid %(x)s', |
5174
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5153
diff
changeset
|
263 |
{'addr': ldapemailaddr, 'x': rset[0][0]}) |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
264 |
else: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
265 |
# no email found, create it |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
266 |
_insert_email(session, ldapemailaddr, eid) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
267 |
finally: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
268 |
session.commit() |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
269 |
session.close() |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
270 |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
271 |
def get_connection(self): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
272 |
"""open and return a connection to the source""" |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
273 |
if self._conn is None: |
6653
52d1568af412
[ldap] don't refuse to start if ldap is unreachable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6427
diff
changeset
|
274 |
try: |
52d1568af412
[ldap] don't refuse to start if ldap is unreachable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6427
diff
changeset
|
275 |
self._connect() |
52d1568af412
[ldap] don't refuse to start if ldap is unreachable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6427
diff
changeset
|
276 |
except: |
7029
bae4d11a104b
add some tips for users who want to bind to an AD server
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
6887
diff
changeset
|
277 |
self.exception('unable to connect to ldap:') |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
278 |
return ConnectionWrapper(self._conn) |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
279 |
|
3647
2941f4a0aab9
refactor repo authentication to allow pluggable authentifier to login with something else than a password
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3245
diff
changeset
|
280 |
def authenticate(self, session, login, password=None, **kwargs): |
1398
5fe84a5f7035
rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents:
1263
diff
changeset
|
281 |
"""return CWUser eid for the given login/password if this account is |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
282 |
defined in this source, else raise `AuthenticationError` |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
283 |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
284 |
two queries are needed since passwords are stored crypted, so we have |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
285 |
to fetch the salt first |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
286 |
""" |
5603
d8d9f4ec252d
ldap source logging
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5456
diff
changeset
|
287 |
self.info('ldap authenticate %s', login) |
5855
db59080f1c8d
[ldap] cleanup password checking
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5836
diff
changeset
|
288 |
if not password: |
db59080f1c8d
[ldap] cleanup password checking
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5836
diff
changeset
|
289 |
# On Windows + ADAM this would have succeeded (!!!) |
db59080f1c8d
[ldap] cleanup password checking
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5836
diff
changeset
|
290 |
# You get Authenticated as: 'NT AUTHORITY\ANONYMOUS LOGON'. |
db59080f1c8d
[ldap] cleanup password checking
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5836
diff
changeset
|
291 |
# we really really don't want that |
3647
2941f4a0aab9
refactor repo authentication to allow pluggable authentifier to login with something else than a password
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3245
diff
changeset
|
292 |
raise AuthenticationError() |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
293 |
searchfilter = [filter_format('(%s=%s)', (self.user_login_attr, login))] |
6945
28bf94d062a9
[sources] refactor source creation and options handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6943
diff
changeset
|
294 |
searchfilter.extend(self.base_filters) |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
295 |
searchstr = '(&%s)' % ''.join(searchfilter) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
296 |
# first search the user |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
297 |
try: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
298 |
user = self._search(session, self.user_base_dn, |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
299 |
self.user_base_scope, searchstr)[0] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
300 |
except IndexError: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
301 |
# no such user |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
302 |
raise AuthenticationError() |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
303 |
# check password by establishing a (unused) connection |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
304 |
try: |
5855
db59080f1c8d
[ldap] cleanup password checking
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5836
diff
changeset
|
305 |
self._connect(user, password) |
5856
a02129508378
[ldap] fix exception handling on authentication error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5855
diff
changeset
|
306 |
except ldap.LDAPError, ex: |
a02129508378
[ldap] fix exception handling on authentication error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5855
diff
changeset
|
307 |
# Something went wrong, most likely bad credentials |
a02129508378
[ldap] fix exception handling on authentication error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5855
diff
changeset
|
308 |
self.info('while trying to authenticate %s: %s', user, ex) |
a02129508378
[ldap] fix exception handling on authentication error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5855
diff
changeset
|
309 |
raise AuthenticationError() |
5855
db59080f1c8d
[ldap] cleanup password checking
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5836
diff
changeset
|
310 |
except Exception: |
5856
a02129508378
[ldap] fix exception handling on authentication error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5855
diff
changeset
|
311 |
self.error('while trying to authenticate %s', user, exc_info=True) |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
312 |
raise AuthenticationError() |
1398
5fe84a5f7035
rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents:
1263
diff
changeset
|
313 |
return self.extid2eid(user['dn'], 'CWUser', session) |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
314 |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
315 |
def ldap_name(self, var): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
316 |
if var.stinfo['relations']: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
317 |
relname = iter(var.stinfo['relations']).next().r_type |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
318 |
return self.user_rev_attrs.get(relname) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
319 |
return None |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
320 |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
321 |
def prepare_columns(self, mainvars, rqlst): |
6886
b571d2d32971
[ldap] small code cleanups
David Douard <david.douard@logilab.fr>
parents:
6750
diff
changeset
|
322 |
"""return two list describing how to build the final results |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
323 |
from the result of an ldap search (ie a list of dictionnary) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
324 |
""" |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
325 |
columns = [] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
326 |
global_transforms = [] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
327 |
for i, term in enumerate(rqlst.selection): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
328 |
if isinstance(term, Constant): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
329 |
columns.append(term) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
330 |
continue |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
331 |
if isinstance(term, Function): # LOWER, UPPER, COUNT... |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
332 |
var = term.get_nodes(VariableRef)[0] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
333 |
var = var.variable |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
334 |
try: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
335 |
mainvar = var.stinfo['attrvar'].name |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
336 |
except AttributeError: # no attrvar set |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
337 |
mainvar = var.name |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
338 |
assert mainvar in mainvars |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
339 |
trname = term.name |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
340 |
ldapname = self.ldap_name(var) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
341 |
if trname in ('COUNT', 'MIN', 'MAX', 'SUM'): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
342 |
global_transforms.append(GlobTrFunc(trname, i, ldapname)) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
343 |
columns.append((mainvar, ldapname)) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
344 |
continue |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
345 |
if trname in ('LOWER', 'UPPER'): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
346 |
columns.append((mainvar, TrFunc(trname, i, ldapname))) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
347 |
continue |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
348 |
raise NotImplementedError('no support for %s function' % trname) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
349 |
if term.name in mainvars: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
350 |
columns.append((term.name, 'dn')) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
351 |
continue |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
352 |
var = term.variable |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
353 |
mainvar = var.stinfo['attrvar'].name |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
354 |
columns.append((mainvar, self.ldap_name(var))) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
355 |
#else: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
356 |
# # probably a bug in rql splitting if we arrive here |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
357 |
# raise NotImplementedError |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
358 |
return columns, global_transforms |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
359 |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
360 |
def syntax_tree_search(self, session, union, |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
361 |
args=None, cachekey=None, varmap=None, debug=0): |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
362 |
"""return result from this source for a rql query (actually from a rql |
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
363 |
syntax tree and a solution dictionary mapping each used variable to a |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
364 |
possible type). If cachekey is given, the query necessary to fetch the |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
365 |
results (but not the results themselves) may be cached using this key. |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
366 |
""" |
5603
d8d9f4ec252d
ldap source logging
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5456
diff
changeset
|
367 |
self.debug('ldap syntax tree search') |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
368 |
# XXX not handled : transform/aggregat function, join on multiple users... |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
369 |
assert len(union.children) == 1, 'union not supported' |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
370 |
rqlst = union.children[0] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
371 |
assert not rqlst.with_, 'subquery not supported' |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
372 |
rqlkey = rqlst.as_string(kwargs=args) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
373 |
try: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
374 |
results = self._query_cache[rqlkey] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
375 |
except KeyError: |
6693
65bd93b72f1e
[ldap] make instance still usable if we can't contact ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6653
diff
changeset
|
376 |
try: |
65bd93b72f1e
[ldap] make instance still usable if we can't contact ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6653
diff
changeset
|
377 |
results = self.rqlst_search(session, rqlst, args) |
65bd93b72f1e
[ldap] make instance still usable if we can't contact ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6653
diff
changeset
|
378 |
self._query_cache[rqlkey] = results |
65bd93b72f1e
[ldap] make instance still usable if we can't contact ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6653
diff
changeset
|
379 |
except ldap.SERVER_DOWN: |
65bd93b72f1e
[ldap] make instance still usable if we can't contact ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6653
diff
changeset
|
380 |
# cant connect to server |
65bd93b72f1e
[ldap] make instance still usable if we can't contact ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6653
diff
changeset
|
381 |
msg = session._("can't connect to source %s, some data may be missing") |
65bd93b72f1e
[ldap] make instance still usable if we can't contact ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6653
diff
changeset
|
382 |
session.set_shared_data('sources_error', msg % self.uri) |
65bd93b72f1e
[ldap] make instance still usable if we can't contact ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6653
diff
changeset
|
383 |
return [] |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
384 |
return results |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
385 |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
386 |
def rqlst_search(self, session, rqlst, args): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
387 |
mainvars = [] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
388 |
for varname in rqlst.defined_vars: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
389 |
for sol in rqlst.solutions: |
1398
5fe84a5f7035
rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents:
1263
diff
changeset
|
390 |
if sol[varname] == 'CWUser': |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
391 |
mainvars.append(varname) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
392 |
break |
3245 | 393 |
assert mainvars, rqlst |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
394 |
columns, globtransforms = self.prepare_columns(mainvars, rqlst) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
395 |
eidfilters = [] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
396 |
allresults = [] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
397 |
generator = RQL2LDAPFilter(self, session, args, mainvars) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
398 |
for mainvar in mainvars: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
399 |
# handle restriction |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
400 |
try: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
401 |
eidfilters_, ldapfilter = generator.generate(rqlst, mainvar) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
402 |
except GotDN, ex: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
403 |
assert ex.dn, 'no dn!' |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
404 |
try: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
405 |
res = [self._cache[ex.dn]] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
406 |
except KeyError: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
407 |
res = self._search(session, ex.dn, BASE) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
408 |
except UnknownEid, ex: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
409 |
# raised when we are looking for the dn of an eid which is not |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
410 |
# coming from this source |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
411 |
res = [] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
412 |
else: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
413 |
eidfilters += eidfilters_ |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
414 |
res = self._search(session, self.user_base_dn, |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
415 |
self.user_base_scope, ldapfilter) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
416 |
allresults.append(res) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
417 |
# 1. get eid for each dn and filter according to that eid if necessary |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
418 |
for i, res in enumerate(allresults): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
419 |
filteredres = [] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
420 |
for resdict in res: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
421 |
# get sure the entity exists in the system table |
1398
5fe84a5f7035
rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents:
1263
diff
changeset
|
422 |
eid = self.extid2eid(resdict['dn'], 'CWUser', session) |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
423 |
for eidfilter in eidfilters: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
424 |
if not eidfilter(eid): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
425 |
break |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
426 |
else: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
427 |
resdict['eid'] = eid |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
428 |
filteredres.append(resdict) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
429 |
allresults[i] = filteredres |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
430 |
# 2. merge result for each "mainvar": cartesian product |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
431 |
allresults = cartesian_product(allresults) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
432 |
# 3. build final result according to column definition |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
433 |
result = [] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
434 |
for rawline in allresults: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
435 |
rawline = dict(zip(mainvars, rawline)) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
436 |
line = [] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
437 |
for varname, ldapname in columns: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
438 |
if ldapname is None: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
439 |
value = None # no mapping available |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
440 |
elif ldapname == 'dn': |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
441 |
value = rawline[varname]['eid'] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
442 |
elif isinstance(ldapname, Constant): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
443 |
if ldapname.type == 'Substitute': |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
444 |
value = args[ldapname.value] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
445 |
else: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
446 |
value = ldapname.value |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
447 |
elif isinstance(ldapname, TrFunc): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
448 |
value = ldapname.apply(rawline[varname]) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
449 |
else: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
450 |
value = rawline[varname].get(ldapname) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
451 |
line.append(value) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
452 |
result.append(line) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
453 |
for trfunc in globtransforms: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
454 |
result = trfunc.apply(result) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
455 |
#print '--> ldap result', result |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
456 |
return result |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
457 |
|
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
458 |
|
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
459 |
def _connect(self, user=None, userpwd=None): |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
460 |
if self.protocol == 'ldapi': |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
461 |
hostport = self.host |
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
462 |
elif not ':' in self.host: |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
463 |
hostport = '%s:%s' % (self.host, PROTO_PORT[self.protocol]) |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
464 |
else: |
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
465 |
hostport = self.host |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
466 |
self.info('connecting %s://%s as %s', self.protocol, hostport, |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
467 |
user and user['dn'] or 'anonymous') |
5407
7730796f9506
disable CERT check
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5326
diff
changeset
|
468 |
# don't require server certificate when using ldaps (will |
7730796f9506
disable CERT check
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5326
diff
changeset
|
469 |
# enable self signed certs) |
7730796f9506
disable CERT check
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5326
diff
changeset
|
470 |
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) |
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
471 |
url = LDAPUrl(urlscheme=self.protocol, hostport=hostport) |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
472 |
conn = ReconnectLDAPObject(url.initializeUrl()) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
473 |
# Set the protocol version - version 3 is preferred |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
474 |
try: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
475 |
conn.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
476 |
except ldap.LDAPError: # Invalid protocol version, fall back safely |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
477 |
conn.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION2) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
478 |
# Deny auto-chasing of referrals to be safe, we handle them instead |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
479 |
#try: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
480 |
# connection.set_option(ldap.OPT_REFERRALS, 0) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
481 |
#except ldap.LDAPError: # Cannot set referrals, so do nothing |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
482 |
# pass |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
483 |
#conn.set_option(ldap.OPT_NETWORK_TIMEOUT, conn_timeout) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
484 |
#conn.timeout = op_timeout |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
485 |
# Now bind with the credentials given. Let exceptions propagate out. |
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
486 |
if user is None: |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
487 |
# no user specified, we want to initialize the 'data' connection, |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
488 |
assert self._conn is None |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
489 |
self._conn = conn |
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
490 |
# XXX always use simple bind for data connection |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
491 |
if not self.cnx_dn: |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
492 |
conn.simple_bind_s(self.cnx_dn, self.cnx_pwd) |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
493 |
else: |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
494 |
self._authenticate(conn, {'dn': self.cnx_dn}, self.cnx_pwd) |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
495 |
else: |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
496 |
# user specified, we want to check user/password, no need to return |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
497 |
# the connection which will be thrown out |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
498 |
self._authenticate(conn, user, userpwd) |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
499 |
return conn |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
500 |
|
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
501 |
def _auth_simple(self, conn, user, userpwd): |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
502 |
conn.simple_bind_s(user['dn'], userpwd) |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
503 |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
504 |
def _auth_cram_md5(self, conn, user, userpwd): |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
505 |
from ldap import sasl |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
506 |
auth_token = sasl.cram_md5(user['dn'], userpwd) |
4716
55b6a3262071
fix some pylint detected errors
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4556
diff
changeset
|
507 |
conn.sasl_interactive_bind_s('', auth_token) |
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
508 |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
509 |
def _auth_digest_md5(self, conn, user, userpwd): |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
510 |
from ldap import sasl |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
511 |
auth_token = sasl.digest_md5(user['dn'], userpwd) |
4716
55b6a3262071
fix some pylint detected errors
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4556
diff
changeset
|
512 |
conn.sasl_interactive_bind_s('', auth_token) |
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
513 |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
514 |
def _auth_gssapi(self, conn, user, userpwd): |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
515 |
# print XXX not proper sasl/gssapi |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
516 |
import kerberos |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
517 |
if not kerberos.checkPassword(user[self.user_login_attr], userpwd): |
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
518 |
raise Exception('BAD login / mdp') |
2707 | 519 |
#from ldap import sasl |
520 |
#conn.sasl_interactive_bind_s('', sasl.gssapi()) |
|
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
521 |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
522 |
def _search(self, session, base, scope, |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
523 |
searchstr='(objectClass=*)', attrs=()): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
524 |
"""make an ldap query""" |
7121 | 525 |
self.debug('ldap search %s %s %s %s %s', self.uri, base, scope, |
526 |
searchstr, list(attrs)) |
|
6886
b571d2d32971
[ldap] small code cleanups
David Douard <david.douard@logilab.fr>
parents:
6750
diff
changeset
|
527 |
# XXX for now, we do not have connection pool support for LDAP, so |
b571d2d32971
[ldap] small code cleanups
David Douard <david.douard@logilab.fr>
parents:
6750
diff
changeset
|
528 |
# this is always self._conn |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
529 |
cnx = session.pool.connection(self.uri).cnx |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
530 |
try: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
531 |
res = cnx.search_s(base, scope, searchstr, attrs) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
532 |
except ldap.PARTIAL_RESULTS: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
533 |
res = cnx.result(all=0)[1] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
534 |
except ldap.NO_SUCH_OBJECT: |
5603
d8d9f4ec252d
ldap source logging
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5456
diff
changeset
|
535 |
self.info('ldap NO SUCH OBJECT') |
1398
5fe84a5f7035
rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents:
1263
diff
changeset
|
536 |
eid = self.extid2eid(base, 'CWUser', session, insert=False) |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
537 |
if eid: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
538 |
self.warning('deleting ldap user with eid %s and dn %s', |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
539 |
eid, base) |
4913
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4719
diff
changeset
|
540 |
entity = session.entity_from_eid(eid, 'CWUser') |
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4719
diff
changeset
|
541 |
self.repo.delete_info(session, entity, self.uri, base) |
5972
220856aff85e
[ldap] take care, email address may be a list. In such case, only consider the first one (XXX). Also, fix call to reset_caches.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5856
diff
changeset
|
542 |
self.reset_caches() |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
543 |
return [] |
5789
0f969e5c579a
[ldapuser] quieter ldap result info, fix commented block style
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
5646
diff
changeset
|
544 |
# except ldap.REFERRAL, e: |
0f969e5c579a
[ldapuser] quieter ldap result info, fix commented block style
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
5646
diff
changeset
|
545 |
# cnx = self.handle_referral(e) |
0f969e5c579a
[ldapuser] quieter ldap result info, fix commented block style
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
5646
diff
changeset
|
546 |
# try: |
0f969e5c579a
[ldapuser] quieter ldap result info, fix commented block style
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
5646
diff
changeset
|
547 |
# res = cnx.search_s(base, scope, searchstr, attrs) |
0f969e5c579a
[ldapuser] quieter ldap result info, fix commented block style
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
5646
diff
changeset
|
548 |
# except ldap.PARTIAL_RESULTS: |
0f969e5c579a
[ldapuser] quieter ldap result info, fix commented block style
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
5646
diff
changeset
|
549 |
# res_type, res = cnx.result(all=0) |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
550 |
result = [] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
551 |
for rec_dn, rec_dict in res: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
552 |
# When used against Active Directory, "rec_dict" may not be |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
553 |
# be a dictionary in some cases (instead, it can be a list) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
554 |
# An example of a useless "res" entry that can be ignored |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
555 |
# from AD is |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
556 |
# (None, ['ldap://ForestDnsZones.PORTAL.LOCAL/DC=ForestDnsZones,DC=PORTAL,DC=LOCAL']) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
557 |
# This appears to be some sort of internal referral, but |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
558 |
# we can't handle it, so we need to skip over it. |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
559 |
try: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
560 |
items = rec_dict.items() |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
561 |
except AttributeError: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
562 |
# 'items' not found on rec_dict, skip |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
563 |
continue |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
564 |
for key, value in items: # XXX syt: huuum ? |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
565 |
if not isinstance(value, str): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
566 |
try: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
567 |
for i in range(len(value)): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
568 |
value[i] = unicode(value[i], 'utf8') |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
569 |
except: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
570 |
pass |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
571 |
if isinstance(value, list) and len(value) == 1: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
572 |
rec_dict[key] = value = value[0] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
573 |
rec_dict['dn'] = rec_dn |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
574 |
self._cache[rec_dn] = rec_dict |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
575 |
result.append(rec_dict) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
576 |
#print '--->', result |
5827
aad4496a279a
reduce log verbosity in ldapuser source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5800
diff
changeset
|
577 |
self.debug('ldap built results %s', len(result)) |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
578 |
return result |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
579 |
|
6957
ffda12be2e9f
[repository] #1460066: backport datafeed cube as cubicweb source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6945
diff
changeset
|
580 |
def before_entity_insertion(self, session, lid, etype, eid, sourceparams): |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
581 |
"""called by the repository when an eid has been attributed for an |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
582 |
entity stored here but the entity has not been inserted in the system |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
583 |
table yet. |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
584 |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
585 |
This method must return the an Entity instance representation of this |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
586 |
entity. |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
587 |
""" |
5800
2bc88fb424bc
reduced logging verbosity in ldapuser source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5789
diff
changeset
|
588 |
self.debug('ldap before entity insertion') |
6957
ffda12be2e9f
[repository] #1460066: backport datafeed cube as cubicweb source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6945
diff
changeset
|
589 |
entity = super(LDAPUserSource, self).before_entity_insertion( |
ffda12be2e9f
[repository] #1460066: backport datafeed cube as cubicweb source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6945
diff
changeset
|
590 |
session, lid, etype, eid, sourceparams) |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
591 |
res = self._search(session, lid, BASE)[0] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
592 |
for attr in entity.e_schema.indexable_attributes(): |
6142
8bc6eac1fac1
[session] cleanup hook / operation / entity edition api
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5972
diff
changeset
|
593 |
entity.cw_edited[attr] = res[self.user_rev_attrs[attr]] |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
594 |
return entity |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
595 |
|
6957
ffda12be2e9f
[repository] #1460066: backport datafeed cube as cubicweb source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6945
diff
changeset
|
596 |
def after_entity_insertion(self, session, lid, entity, sourceparams): |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
597 |
"""called by the repository after an entity stored here has been |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
598 |
inserted in the system table. |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
599 |
""" |
5800
2bc88fb424bc
reduced logging verbosity in ldapuser source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5789
diff
changeset
|
600 |
self.debug('ldap after entity insertion') |
6957
ffda12be2e9f
[repository] #1460066: backport datafeed cube as cubicweb source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6945
diff
changeset
|
601 |
super(LDAPUserSource, self).after_entity_insertion( |
ffda12be2e9f
[repository] #1460066: backport datafeed cube as cubicweb source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6945
diff
changeset
|
602 |
session, lid, entity, sourceparams) |
6886
b571d2d32971
[ldap] small code cleanups
David Douard <david.douard@logilab.fr>
parents:
6750
diff
changeset
|
603 |
dn = lid |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
604 |
for group in self.user_default_groups: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
605 |
session.execute('SET X in_group G WHERE X eid %(x)s, G name %(group)s', |
5174
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5153
diff
changeset
|
606 |
{'x': entity.eid, 'group': group}) |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
607 |
# search for existant email first |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
608 |
try: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
609 |
emailaddr = self._cache[dn][self.user_rev_attrs['email']] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
610 |
except KeyError: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
611 |
return |
5972
220856aff85e
[ldap] take care, email address may be a list. In such case, only consider the first one (XXX). Also, fix call to reset_caches.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5856
diff
changeset
|
612 |
if isinstance(emailaddr, list): |
220856aff85e
[ldap] take care, email address may be a list. In such case, only consider the first one (XXX). Also, fix call to reset_caches.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5856
diff
changeset
|
613 |
emailaddr = emailaddr[0] # XXX consider only the first email in the list |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
614 |
rset = session.execute('EmailAddress X WHERE X address %(addr)s', |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
615 |
{'addr': emailaddr}) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
616 |
if rset: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
617 |
session.execute('SET U primary_email X WHERE U eid %(u)s, X eid %(x)s', |
5174
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5153
diff
changeset
|
618 |
{'x': rset[0][0], 'u': entity.eid}) |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
619 |
else: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
620 |
# not found, create it |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
621 |
_insert_email(session, emailaddr, entity.eid) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
622 |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
623 |
def update_entity(self, session, entity): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
624 |
"""replace an entity in the source""" |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
625 |
raise RepositoryError('this source is read only') |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
626 |
|
4913
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4719
diff
changeset
|
627 |
def delete_entity(self, session, entity): |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
628 |
"""delete an entity from the source""" |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
629 |
raise RepositoryError('this source is read only') |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
630 |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
631 |
def _insert_email(session, emailaddr, ueid): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
632 |
session.execute('INSERT EmailAddress X: X address %(addr)s, U primary_email X ' |
5174
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5153
diff
changeset
|
633 |
'WHERE U eid %(x)s', {'addr': emailaddr, 'x': ueid}) |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
634 |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
635 |
class GotDN(Exception): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
636 |
"""exception used when a dn localizing the searched user has been found""" |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
637 |
def __init__(self, dn): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
638 |
self.dn = dn |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
639 |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
640 |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
641 |
class RQL2LDAPFilter(object): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
642 |
"""generate an LDAP filter for a rql query""" |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
643 |
def __init__(self, source, session, args=None, mainvars=()): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
644 |
self.source = source |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
645 |
self._ldap_attrs = source.user_rev_attrs |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
646 |
self._base_filters = source.base_filters |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
647 |
self._session = session |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
648 |
if args is None: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
649 |
args = {} |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
650 |
self._args = args |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
651 |
self.mainvars = mainvars |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
652 |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
653 |
def generate(self, selection, mainvarname): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
654 |
self._filters = res = self._base_filters[:] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
655 |
self._mainvarname = mainvarname |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
656 |
self._eidfilters = [] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
657 |
self._done_not = set() |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
658 |
restriction = selection.where |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
659 |
if isinstance(restriction, Relation): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
660 |
# only a single relation, need to append result here (no AND/OR) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
661 |
filter = restriction.accept(self) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
662 |
if filter is not None: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
663 |
res.append(filter) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
664 |
elif restriction: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
665 |
restriction.accept(self) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
666 |
if len(res) > 1: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
667 |
return self._eidfilters, '(&%s)' % ''.join(res) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
668 |
return self._eidfilters, res[0] |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
669 |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
670 |
def visit_and(self, et): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
671 |
"""generate filter for a AND subtree""" |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
672 |
for c in et.children: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
673 |
part = c.accept(self) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
674 |
if part: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
675 |
self._filters.append(part) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
676 |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
677 |
def visit_or(self, ou): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
678 |
"""generate filter for a OR subtree""" |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
679 |
res = [] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
680 |
for c in ou.children: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
681 |
part = c.accept(self) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
682 |
if part: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
683 |
res.append(part) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
684 |
if res: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
685 |
if len(res) > 1: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
686 |
part = '(|%s)' % ''.join(res) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
687 |
else: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
688 |
part = res[0] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
689 |
self._filters.append(part) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
690 |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
691 |
def visit_not(self, node): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
692 |
"""generate filter for a OR subtree""" |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
693 |
part = node.children[0].accept(self) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
694 |
if part: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
695 |
self._filters.append('(!(%s))'% part) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
696 |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
697 |
def visit_relation(self, relation): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
698 |
"""generate filter for a relation""" |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
699 |
rtype = relation.r_type |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
700 |
# don't care of type constraint statement (i.e. relation_type = 'is') |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
701 |
if rtype == 'is': |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
702 |
return '' |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
703 |
lhs, rhs = relation.get_parts() |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
704 |
# attribute relation |
3689
deb13e88e037
follow yams 0.25 api changes to improve performance
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3245
diff
changeset
|
705 |
if self.source.schema.rschema(rtype).final: |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
706 |
# dunno what to do here, don't pretend anything else |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
707 |
if lhs.name != self._mainvarname: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
708 |
if lhs.name in self.mainvars: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
709 |
# XXX check we don't have variable as rhs |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
710 |
return |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
711 |
raise NotImplementedError |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
712 |
rhs_vars = rhs.get_nodes(VariableRef) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
713 |
if rhs_vars: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
714 |
if len(rhs_vars) > 1: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
715 |
raise NotImplementedError |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
716 |
# selected variable, nothing to do here |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
717 |
return |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
718 |
# no variables in the RHS |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
719 |
if isinstance(rhs.children[0], Function): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
720 |
res = rhs.children[0].accept(self) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
721 |
elif rtype != 'has_text': |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
722 |
res = self._visit_attribute_relation(relation) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
723 |
else: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
724 |
raise NotImplementedError(relation) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
725 |
# regular relation XXX todo: in_group |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
726 |
else: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
727 |
raise NotImplementedError(relation) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
728 |
return res |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
729 |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
730 |
def _visit_attribute_relation(self, relation): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
731 |
"""generate filter for an attribute relation""" |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
732 |
lhs, rhs = relation.get_parts() |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
733 |
lhsvar = lhs.variable |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
734 |
if relation.r_type == 'eid': |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
735 |
# XXX hack |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
736 |
# skip comparison sign |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
737 |
eid = int(rhs.children[0].accept(self)) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
738 |
if relation.neged(strict=True): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
739 |
self._done_not.add(relation.parent) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
740 |
self._eidfilters.append(lambda x: not x == eid) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
741 |
return |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
742 |
if rhs.operator != '=': |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
743 |
filter = {'>': lambda x: x > eid, |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
744 |
'>=': lambda x: x >= eid, |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
745 |
'<': lambda x: x < eid, |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
746 |
'<=': lambda x: x <= eid, |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
747 |
}[rhs.operator] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
748 |
self._eidfilters.append(filter) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
749 |
return |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
750 |
dn = self.source.eid2extid(eid, self._session) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
751 |
raise GotDN(dn) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
752 |
try: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
753 |
filter = '(%s%s)' % (self._ldap_attrs[relation.r_type], |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
754 |
rhs.accept(self)) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
755 |
except KeyError: |
975
0928daea04e9
fix ldapsource w/ restriction on unsupported relation (return no results in that case)
sylvain.thenault@logilab.fr
parents:
938
diff
changeset
|
756 |
# unsupported attribute |
0928daea04e9
fix ldapsource w/ restriction on unsupported relation (return no results in that case)
sylvain.thenault@logilab.fr
parents:
938
diff
changeset
|
757 |
self.source.warning('%s source can\'t handle relation %s, no ' |
0928daea04e9
fix ldapsource w/ restriction on unsupported relation (return no results in that case)
sylvain.thenault@logilab.fr
parents:
938
diff
changeset
|
758 |
'results will be returned from this source', |
0928daea04e9
fix ldapsource w/ restriction on unsupported relation (return no results in that case)
sylvain.thenault@logilab.fr
parents:
938
diff
changeset
|
759 |
self.source.uri, relation) |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
760 |
raise UnknownEid # trick to return no result |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
761 |
return filter |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
762 |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
763 |
def visit_comparison(self, cmp): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
764 |
"""generate filter for a comparaison""" |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
765 |
return '%s%s'% (cmp.operator, cmp.children[0].accept(self)) |
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
766 |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
767 |
def visit_mathexpression(self, mexpr): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
768 |
"""generate filter for a mathematic expression""" |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
769 |
raise NotImplementedError |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
770 |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
771 |
def visit_function(self, function): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
772 |
"""generate filter name for a function""" |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
773 |
if function.name == 'IN': |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
774 |
return self.visit_in(function) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
775 |
raise NotImplementedError |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
776 |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
777 |
def visit_in(self, function): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
778 |
grandpapa = function.parent.parent |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
779 |
ldapattr = self._ldap_attrs[grandpapa.r_type] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
780 |
res = [] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
781 |
for c in function.children: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
782 |
part = c.accept(self) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
783 |
if part: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
784 |
res.append(part) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
785 |
if res: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
786 |
if len(res) > 1: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
787 |
part = '(|%s)' % ''.join('(%s=%s)' % (ldapattr, v) for v in res) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
788 |
else: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
789 |
part = '(%s=%s)' % (ldapattr, res[0]) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
790 |
return part |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
791 |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
792 |
def visit_constant(self, constant): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
793 |
"""generate filter name for a constant""" |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
794 |
value = constant.value |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
795 |
if constant.type is None: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
796 |
raise NotImplementedError |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
797 |
if constant.type == 'Date': |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
798 |
raise NotImplementedError |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
799 |
#value = self.keyword_map[value]() |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
800 |
elif constant.type == 'Substitute': |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
801 |
value = self._args[constant.value] |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
802 |
else: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
803 |
value = constant.value |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
804 |
if isinstance(value, unicode): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
805 |
value = value.encode('utf8') |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
806 |
else: |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
807 |
value = str(value) |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
808 |
return escape_filter_chars(value) |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
809 |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
810 |
def visit_variableref(self, variableref): |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
811 |
"""get the sql name for a variable reference""" |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
812 |
pass |
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
813 |