| author | Sylvain Thénault <sylvain.thenault@logilab.fr> |
| Wed, 28 Apr 2010 10:06:01 +0200 | |
| branch | stable |
| changeset 5421 | 8167de96c523 |
| parent 5407 | 7730796f9506 |
| child 5423 | e15abfdcce38 |
| child 5424 | 8ecbcbff9777 |
| permissions | -rw-r--r-- |
|
5421
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
1 |
# copyright 2003-2010 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
|
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
2 |
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
|
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
3 |
# |
|
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
4 |
# This file is part of CubicWeb. |
|
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
5 |
# |
|
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
6 |
# CubicWeb is free software: you can redistribute it and/or modify it under the |
|
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
7 |
# terms of the GNU Lesser General Public License as published by the Free |
|
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
8 |
# Software Foundation, either version 2.1 of the License, or (at your option) |
|
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
9 |
# any later version. |
|
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
10 |
# |
|
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
11 |
# logilab-common is distributed in the hope that it will be useful, but WITHOUT |
|
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
12 |
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
|
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
13 |
# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more |
|
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
14 |
# details. |
|
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
15 |
# |
|
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
16 |
# You should have received a copy of the GNU Lesser General Public License along |
|
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5407
diff
changeset
|
17 |
# with CubicWeb. If not, see <http://www.gnu.org/licenses/>. |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
18 |
"""cubicweb ldap user source |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
19 |
|
|
1398
5fe84a5f7035
rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents:
1263
diff
changeset
|
20 |
this source is for now limited to a read-only CWUser source |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
21 |
|
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
22 |
|
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
23 |
|
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
24 |
Part of the code is coming form Zope's LDAPUserFolder |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
25 |
|
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
26 |
Copyright (c) 2004 Jens Vagelpohl. |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
27 |
All Rights Reserved. |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
28 |
|
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
29 |
This software is subject to the provisions of the Zope Public License, |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
30 |
Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution. |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
31 |
THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
32 |
WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
33 |
WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
34 |
FOR A PARTICULAR PURPOSE. |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
35 |
""" |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
36 |
|
|
1952
8e19c813750d
fix extid handling: ensure encoded string is given, and store them as base64 (see note in native.py).
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1802
diff
changeset
|
37 |
from base64 import b64decode |
|
8e19c813750d
fix extid handling: ensure encoded string is given, and store them as base64 (see note in native.py).
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1802
diff
changeset
|
38 |
|
|
2633
bc9386c3b2c9
get_csv is being renamed to splitstrip
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
39 |
from logilab.common.textutils import splitstrip |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
40 |
from rql.nodes import Relation, VariableRef, Constant, Function |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
41 |
|
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
42 |
import ldap |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
43 |
from ldap.ldapobject import ReconnectLDAPObject |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
44 |
from ldap.filter import filter_format, escape_filter_chars |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
45 |
from ldapurl import LDAPUrl |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
46 |
|
|
1238
fa29b5b60107
set 30sec query cache on pyro source, important speedup for pages generating multiple time the same external query
sylvain.thenault@logilab.fr
parents:
975
diff
changeset
|
47 |
from cubicweb import AuthenticationError, UnknownEid, RepositoryError |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
48 |
from cubicweb.server.utils import cartesian_product |
|
1238
fa29b5b60107
set 30sec query cache on pyro source, important speedup for pages generating multiple time the same external query
sylvain.thenault@logilab.fr
parents:
975
diff
changeset
|
49 |
from cubicweb.server.sources import (AbstractSource, TrFunc, GlobTrFunc, |
|
fa29b5b60107
set 30sec query cache on pyro source, important speedup for pages generating multiple time the same external query
sylvain.thenault@logilab.fr
parents:
975
diff
changeset
|
50 |
ConnectionWrapper, TimedCache) |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
51 |
|
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
52 |
# search scopes |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
53 |
BASE = ldap.SCOPE_BASE |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
54 |
ONELEVEL = ldap.SCOPE_ONELEVEL |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
55 |
SUBTREE = ldap.SCOPE_SUBTREE |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
56 |
|
|
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
57 |
# map ldap protocol to their standard port |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
58 |
PROTO_PORT = {'ldap': 389, |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
59 |
'ldaps': 636, |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
60 |
'ldapi': None, |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
61 |
} |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
62 |
|
| 1263 | 63 |
|
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
64 |
class LDAPUserSource(AbstractSource): |
|
1398
5fe84a5f7035
rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents:
1263
diff
changeset
|
65 |
"""LDAP read-only CWUser source""" |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
66 |
support_entities = {'CWUser': False} |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
67 |
|
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
68 |
options = ( |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
69 |
('host', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
70 |
{'type' : 'string', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
71 |
'default': 'ldap', |
|
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
72 |
'help': 'ldap host. It may contains port information using \ |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
73 |
<host>:<port> notation.', |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
74 |
'group': 'ldap-source', 'inputlevel': 1, |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
75 |
}), |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
76 |
('protocol', |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
77 |
{'type' : 'choice', |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
78 |
'default': 'ldap', |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
79 |
'choices': ('ldap', 'ldaps', 'ldapi'), |
|
5138
18388a897d2a
list allowed values for ldap protocol setting in help, so that the generated file includes this in a comment
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
4913
diff
changeset
|
80 |
'help': 'ldap protocol (allowed values: ldap, ldaps, ldapi)', |
|
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
81 |
'group': 'ldap-source', 'inputlevel': 1, |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
82 |
}), |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
83 |
('auth-mode', |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
84 |
{'type' : 'choice', |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
85 |
'default': 'simple', |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
86 |
'choices': ('simple', 'cram_md5', 'digest_md5', 'gssapi'), |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
87 |
'help': 'authentication mode used to authenticate user to the ldap.', |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
88 |
'group': 'ldap-source', 'inputlevel': 1, |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
89 |
}), |
|
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
90 |
('auth-realm', |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
91 |
{'type' : 'string', |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
92 |
'default': None, |
|
4555
8968c50818db
typo fix in help string
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
4212
diff
changeset
|
93 |
'help': 'realm to use when using gssapi/kerberos authentication.', |
|
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
94 |
'group': 'ldap-source', 'inputlevel': 1, |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
95 |
}), |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
96 |
|
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
97 |
('data-cnx-dn', |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
98 |
{'type' : 'string', |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
99 |
'default': '', |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
100 |
'help': 'user dn to use to open data connection to the ldap (eg used \ |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
101 |
to respond to rql queries).', |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
102 |
'group': 'ldap-source', 'inputlevel': 1, |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
103 |
}), |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
104 |
('data-cnx-password', |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
105 |
{'type' : 'string', |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
106 |
'default': '', |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
107 |
'help': 'password to use to open data connection to the ldap (eg used to respond to rql queries).', |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
108 |
'group': 'ldap-source', 'inputlevel': 1, |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
109 |
}), |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
110 |
|
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
111 |
('user-base-dn', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
112 |
{'type' : 'string', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
113 |
'default': 'ou=People,dc=logilab,dc=fr', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
114 |
'help': 'base DN to lookup for users', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
115 |
'group': 'ldap-source', 'inputlevel': 0, |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
116 |
}), |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
117 |
('user-scope', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
118 |
{'type' : 'choice', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
119 |
'default': 'ONELEVEL', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
120 |
'choices': ('BASE', 'ONELEVEL', 'SUBTREE'), |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
121 |
'help': 'user search scope', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
122 |
'group': 'ldap-source', 'inputlevel': 1, |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
123 |
}), |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
124 |
('user-classes', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
125 |
{'type' : 'csv', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
126 |
'default': ('top', 'posixAccount'), |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
127 |
'help': 'classes of user', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
128 |
'group': 'ldap-source', 'inputlevel': 1, |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
129 |
}), |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
130 |
('user-login-attr', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
131 |
{'type' : 'string', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
132 |
'default': 'uid', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
133 |
'help': 'attribute used as login on authentication', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
134 |
'group': 'ldap-source', 'inputlevel': 1, |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
135 |
}), |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
136 |
('user-default-group', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
137 |
{'type' : 'csv', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
138 |
'default': ('users',), |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
139 |
'help': 'name of a group in which ldap users will be by default. \ |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
140 |
You can set multiple groups by separating them by a comma.', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
141 |
'group': 'ldap-source', 'inputlevel': 1, |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
142 |
}), |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
143 |
('user-attrs-map', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
144 |
{'type' : 'named', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
145 |
'default': {'uid': 'login', 'gecos': 'email'}, |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
146 |
'help': 'map from ldap user attributes to cubicweb attributes', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
147 |
'group': 'ldap-source', 'inputlevel': 1, |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
148 |
}), |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
149 |
|
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
150 |
('synchronization-interval', |
|
5326
0d9054eb3bd1
[config] properly use time type for options representing a time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5153
diff
changeset
|
151 |
{'type' : 'time', |
|
0d9054eb3bd1
[config] properly use time type for options representing a time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5153
diff
changeset
|
152 |
'default': '1d', |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
153 |
'help': 'interval between synchronization with the ldap \ |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
154 |
directory (default to once a day).', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
155 |
'group': 'ldap-source', 'inputlevel': 2, |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
156 |
}), |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
157 |
('cache-life-time', |
|
5326
0d9054eb3bd1
[config] properly use time type for options representing a time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5153
diff
changeset
|
158 |
{'type' : 'time', |
|
0d9054eb3bd1
[config] properly use time type for options representing a time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5153
diff
changeset
|
159 |
'default': '2h', |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
160 |
'help': 'life time of query cache in minutes (default to two hours).', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
161 |
'group': 'ldap-source', 'inputlevel': 2, |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
162 |
}), |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
163 |
|
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
164 |
) |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
165 |
|
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
166 |
def __init__(self, repo, appschema, source_config, *args, **kwargs): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
167 |
AbstractSource.__init__(self, repo, appschema, source_config, |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
168 |
*args, **kwargs) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
169 |
self.host = source_config['host'] |
|
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
170 |
self.protocol = source_config.get('protocol', 'ldap') |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
171 |
self.authmode = source_config.get('auth-mode', 'simple') |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
172 |
self._authenticate = getattr(self, '_auth_%s' % self.authmode) |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
173 |
self.cnx_dn = source_config.get('data-cnx-dn') or '' |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
174 |
self.cnx_pwd = source_config.get('data-cnx-password') or '' |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
175 |
self.user_base_scope = globals()[source_config['user-scope']] |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
176 |
self.user_base_dn = source_config['user-base-dn'] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
177 |
self.user_base_scope = globals()[source_config['user-scope']] |
|
2633
bc9386c3b2c9
get_csv is being renamed to splitstrip
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
178 |
self.user_classes = splitstrip(source_config['user-classes']) |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
179 |
self.user_login_attr = source_config['user-login-attr'] |
|
2633
bc9386c3b2c9
get_csv is being renamed to splitstrip
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
180 |
self.user_default_groups = splitstrip(source_config['user-default-group']) |
|
bc9386c3b2c9
get_csv is being renamed to splitstrip
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1977
diff
changeset
|
181 |
self.user_attrs = dict(v.split(':', 1) for v in splitstrip(source_config['user-attrs-map'])) |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
182 |
self.user_rev_attrs = {'eid': 'dn'} |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
183 |
for ldapattr, cwattr in self.user_attrs.items(): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
184 |
self.user_rev_attrs[cwattr] = ldapattr |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
185 |
self.base_filters = [filter_format('(%s=%s)', ('objectClass', o)) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
186 |
for o in self.user_classes] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
187 |
self._conn = None |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
188 |
self._cache = {} |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
189 |
ttlm = int(source_config.get('cache-life-type', 2*60)) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
190 |
self._query_cache = TimedCache(ttlm) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
191 |
self._interval = int(source_config.get('synchronization-interval', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
192 |
24*60*60)) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
193 |
|
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
194 |
def reset_caches(self): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
195 |
"""method called during test to reset potential source caches""" |
|
2763
39b42e158249
[ms] proper reset cache on external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2707
diff
changeset
|
196 |
self._cache = {} |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
197 |
self._query_cache = TimedCache(2*60) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
198 |
|
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
199 |
def init(self): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
200 |
"""method called by the repository once ready to handle request""" |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
201 |
self.repo.looping_task(self._interval, self.synchronize) |
| 1954 | 202 |
self.repo.looping_task(self._query_cache.ttl.seconds/10, |
203 |
self._query_cache.clear_expired) |
|
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
204 |
|
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
205 |
def synchronize(self): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
206 |
"""synchronize content known by this repository with content in the |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
207 |
external repository |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
208 |
""" |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
209 |
self.info('synchronizing ldap source %s', self.uri) |
|
938
a69188963ccb
check ldap source has email configured before synchronization
sylvain.thenault@logilab.fr
parents:
257
diff
changeset
|
210 |
try: |
|
a69188963ccb
check ldap source has email configured before synchronization
sylvain.thenault@logilab.fr
parents:
257
diff
changeset
|
211 |
ldap_emailattr = self.user_rev_attrs['email'] |
|
a69188963ccb
check ldap source has email configured before synchronization
sylvain.thenault@logilab.fr
parents:
257
diff
changeset
|
212 |
except KeyError: |
|
a69188963ccb
check ldap source has email configured before synchronization
sylvain.thenault@logilab.fr
parents:
257
diff
changeset
|
213 |
return # no email in ldap, we're done |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
214 |
session = self.repo.internal_session() |
|
5153
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
215 |
execute = session.execute |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
216 |
try: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
217 |
cursor = session.system_sql("SELECT eid, extid FROM entities WHERE " |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
218 |
"source='%s'" % self.uri) |
|
1952
8e19c813750d
fix extid handling: ensure encoded string is given, and store them as base64 (see note in native.py).
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1802
diff
changeset
|
219 |
for eid, b64extid in cursor.fetchall(): |
|
8e19c813750d
fix extid handling: ensure encoded string is given, and store them as base64 (see note in native.py).
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
1802
diff
changeset
|
220 |
extid = b64decode(b64extid) |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
221 |
# if no result found, _search automatically delete entity information |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
222 |
res = self._search(session, extid, BASE) |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
223 |
if res: |
|
938
a69188963ccb
check ldap source has email configured before synchronization
sylvain.thenault@logilab.fr
parents:
257
diff
changeset
|
224 |
ldapemailaddr = res[0].get(ldap_emailattr) |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
225 |
if ldapemailaddr: |
|
5153
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
226 |
rset = execute('Any X,A WHERE ' |
|
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
227 |
'X address A, U use_email X, U eid %(u)s', |
|
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
228 |
{'u': eid}) |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
229 |
ldapemailaddr = unicode(ldapemailaddr) |
|
5153
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
230 |
for emaileid, emailaddr, in rset: |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
231 |
if emailaddr == ldapemailaddr: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
232 |
break |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
233 |
else: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
234 |
self.info('updating email address of user %s to %s', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
235 |
extid, ldapemailaddr) |
|
5153
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
236 |
emailrset = execute('EmailAddress A WHERE A address %(addr)s', |
|
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
237 |
{'addr': ldapemailaddr}) |
|
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
238 |
if emailrset: |
|
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
239 |
execute('SET U use_email X WHERE ' |
|
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
240 |
'X eid %(x)s, U eid %(u)s', |
|
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
241 |
{'x': emailrset[0][0], 'u': eid}) |
|
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
242 |
elif rset: |
|
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
243 |
if not execute('SET X address %(addr)s WHERE ' |
|
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
244 |
'U primary_email X, U eid %(u)s', |
|
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
245 |
{'addr': ldapemailaddr, 'u': eid}, 'u'): |
|
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
246 |
execute('SET X address %(addr)s WHERE ' |
|
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
247 |
'X eid %(x)s', |
|
3684ccae5cdc
[ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5138
diff
changeset
|
248 |
{'addr': ldapemailaddr, 'x': rset[0][0]}, 'x') |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
249 |
else: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
250 |
# no email found, create it |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
251 |
_insert_email(session, ldapemailaddr, eid) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
252 |
finally: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
253 |
session.commit() |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
254 |
session.close() |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
255 |
|
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
256 |
def get_connection(self): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
257 |
"""open and return a connection to the source""" |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
258 |
if self._conn is None: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
259 |
self._connect() |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
260 |
return ConnectionWrapper(self._conn) |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
261 |
|
|
3647
2941f4a0aab9
refactor repo authentication to allow pluggable authentifier to login with something else than a password
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3245
diff
changeset
|
262 |
def authenticate(self, session, login, password=None, **kwargs): |
|
1398
5fe84a5f7035
rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents:
1263
diff
changeset
|
263 |
"""return CWUser eid for the given login/password if this account is |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
264 |
defined in this source, else raise `AuthenticationError` |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
265 |
|
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
266 |
two queries are needed since passwords are stored crypted, so we have |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
267 |
to fetch the salt first |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
268 |
""" |
|
3647
2941f4a0aab9
refactor repo authentication to allow pluggable authentifier to login with something else than a password
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3245
diff
changeset
|
269 |
if password is None: |
|
2941f4a0aab9
refactor repo authentication to allow pluggable authentifier to login with something else than a password
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3245
diff
changeset
|
270 |
raise AuthenticationError() |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
271 |
searchfilter = [filter_format('(%s=%s)', (self.user_login_attr, login))] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
272 |
searchfilter.extend([filter_format('(%s=%s)', ('objectClass', o)) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
273 |
for o in self.user_classes]) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
274 |
searchstr = '(&%s)' % ''.join(searchfilter) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
275 |
# first search the user |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
276 |
try: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
277 |
user = self._search(session, self.user_base_dn, |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
278 |
self.user_base_scope, searchstr)[0] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
279 |
except IndexError: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
280 |
# no such user |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
281 |
raise AuthenticationError() |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
282 |
# check password by establishing a (unused) connection |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
283 |
try: |
|
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
284 |
self._connect(user, password) |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
285 |
except Exception, ex: |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
286 |
self.info('while trying to authenticate %s: %s', user, ex) |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
287 |
# Something went wrong, most likely bad credentials |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
288 |
raise AuthenticationError() |
|
1398
5fe84a5f7035
rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents:
1263
diff
changeset
|
289 |
return self.extid2eid(user['dn'], 'CWUser', session) |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
290 |
|
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
291 |
def ldap_name(self, var): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
292 |
if var.stinfo['relations']: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
293 |
relname = iter(var.stinfo['relations']).next().r_type |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
294 |
return self.user_rev_attrs.get(relname) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
295 |
return None |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
296 |
|
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
297 |
def prepare_columns(self, mainvars, rqlst): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
298 |
"""return two list describin how to build the final results |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
299 |
from the result of an ldap search (ie a list of dictionnary) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
300 |
""" |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
301 |
columns = [] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
302 |
global_transforms = [] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
303 |
for i, term in enumerate(rqlst.selection): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
304 |
if isinstance(term, Constant): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
305 |
columns.append(term) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
306 |
continue |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
307 |
if isinstance(term, Function): # LOWER, UPPER, COUNT... |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
308 |
var = term.get_nodes(VariableRef)[0] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
309 |
var = var.variable |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
310 |
try: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
311 |
mainvar = var.stinfo['attrvar'].name |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
312 |
except AttributeError: # no attrvar set |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
313 |
mainvar = var.name |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
314 |
assert mainvar in mainvars |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
315 |
trname = term.name |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
316 |
ldapname = self.ldap_name(var) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
317 |
if trname in ('COUNT', 'MIN', 'MAX', 'SUM'): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
318 |
global_transforms.append(GlobTrFunc(trname, i, ldapname)) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
319 |
columns.append((mainvar, ldapname)) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
320 |
continue |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
321 |
if trname in ('LOWER', 'UPPER'): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
322 |
columns.append((mainvar, TrFunc(trname, i, ldapname))) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
323 |
continue |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
324 |
raise NotImplementedError('no support for %s function' % trname) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
325 |
if term.name in mainvars: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
326 |
columns.append((term.name, 'dn')) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
327 |
continue |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
328 |
var = term.variable |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
329 |
mainvar = var.stinfo['attrvar'].name |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
330 |
columns.append((mainvar, self.ldap_name(var))) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
331 |
#else: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
332 |
# # probably a bug in rql splitting if we arrive here |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
333 |
# raise NotImplementedError |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
334 |
return columns, global_transforms |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
335 |
|
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
336 |
def syntax_tree_search(self, session, union, |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
337 |
args=None, cachekey=None, varmap=None, debug=0): |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
338 |
"""return result from this source for a rql query (actually from a rql |
|
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
339 |
syntax tree and a solution dictionary mapping each used variable to a |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
340 |
possible type). If cachekey is given, the query necessary to fetch the |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
341 |
results (but not the results themselves) may be cached using this key. |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
342 |
""" |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
343 |
# XXX not handled : transform/aggregat function, join on multiple users... |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
344 |
assert len(union.children) == 1, 'union not supported' |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
345 |
rqlst = union.children[0] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
346 |
assert not rqlst.with_, 'subquery not supported' |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
347 |
rqlkey = rqlst.as_string(kwargs=args) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
348 |
try: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
349 |
results = self._query_cache[rqlkey] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
350 |
except KeyError: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
351 |
results = self.rqlst_search(session, rqlst, args) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
352 |
self._query_cache[rqlkey] = results |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
353 |
return results |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
354 |
|
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
355 |
def rqlst_search(self, session, rqlst, args): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
356 |
mainvars = [] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
357 |
for varname in rqlst.defined_vars: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
358 |
for sol in rqlst.solutions: |
|
1398
5fe84a5f7035
rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents:
1263
diff
changeset
|
359 |
if sol[varname] == 'CWUser': |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
360 |
mainvars.append(varname) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
361 |
break |
| 3245 | 362 |
assert mainvars, rqlst |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
363 |
columns, globtransforms = self.prepare_columns(mainvars, rqlst) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
364 |
eidfilters = [] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
365 |
allresults = [] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
366 |
generator = RQL2LDAPFilter(self, session, args, mainvars) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
367 |
for mainvar in mainvars: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
368 |
# handle restriction |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
369 |
try: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
370 |
eidfilters_, ldapfilter = generator.generate(rqlst, mainvar) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
371 |
except GotDN, ex: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
372 |
assert ex.dn, 'no dn!' |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
373 |
try: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
374 |
res = [self._cache[ex.dn]] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
375 |
except KeyError: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
376 |
res = self._search(session, ex.dn, BASE) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
377 |
except UnknownEid, ex: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
378 |
# raised when we are looking for the dn of an eid which is not |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
379 |
# coming from this source |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
380 |
res = [] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
381 |
else: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
382 |
eidfilters += eidfilters_ |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
383 |
res = self._search(session, self.user_base_dn, |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
384 |
self.user_base_scope, ldapfilter) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
385 |
allresults.append(res) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
386 |
# 1. get eid for each dn and filter according to that eid if necessary |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
387 |
for i, res in enumerate(allresults): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
388 |
filteredres = [] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
389 |
for resdict in res: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
390 |
# get sure the entity exists in the system table |
|
1398
5fe84a5f7035
rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents:
1263
diff
changeset
|
391 |
eid = self.extid2eid(resdict['dn'], 'CWUser', session) |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
392 |
for eidfilter in eidfilters: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
393 |
if not eidfilter(eid): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
394 |
break |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
395 |
else: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
396 |
resdict['eid'] = eid |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
397 |
filteredres.append(resdict) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
398 |
allresults[i] = filteredres |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
399 |
# 2. merge result for each "mainvar": cartesian product |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
400 |
allresults = cartesian_product(allresults) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
401 |
# 3. build final result according to column definition |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
402 |
result = [] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
403 |
for rawline in allresults: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
404 |
rawline = dict(zip(mainvars, rawline)) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
405 |
line = [] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
406 |
for varname, ldapname in columns: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
407 |
if ldapname is None: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
408 |
value = None # no mapping available |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
409 |
elif ldapname == 'dn': |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
410 |
value = rawline[varname]['eid'] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
411 |
elif isinstance(ldapname, Constant): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
412 |
if ldapname.type == 'Substitute': |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
413 |
value = args[ldapname.value] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
414 |
else: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
415 |
value = ldapname.value |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
416 |
elif isinstance(ldapname, TrFunc): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
417 |
value = ldapname.apply(rawline[varname]) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
418 |
else: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
419 |
value = rawline[varname].get(ldapname) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
420 |
line.append(value) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
421 |
result.append(line) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
422 |
for trfunc in globtransforms: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
423 |
result = trfunc.apply(result) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
424 |
#print '--> ldap result', result |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
425 |
return result |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
426 |
|
|
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
427 |
|
|
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
428 |
def _connect(self, user=None, userpwd=None): |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
429 |
if self.protocol == 'ldapi': |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
430 |
hostport = self.host |
|
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
431 |
elif not ':' in self.host: |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
432 |
hostport = '%s:%s' % (self.host, PROTO_PORT[self.protocol]) |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
433 |
else: |
|
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
434 |
hostport = self.host |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
435 |
self.info('connecting %s://%s as %s', self.protocol, hostport, |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
436 |
user and user['dn'] or 'anonymous') |
|
5407
7730796f9506
disable CERT check
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5326
diff
changeset
|
437 |
# don't require server certificate when using ldaps (will |
|
7730796f9506
disable CERT check
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5326
diff
changeset
|
438 |
# enable self signed certs) |
|
7730796f9506
disable CERT check
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5326
diff
changeset
|
439 |
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) |
|
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
440 |
url = LDAPUrl(urlscheme=self.protocol, hostport=hostport) |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
441 |
conn = ReconnectLDAPObject(url.initializeUrl()) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
442 |
# Set the protocol version - version 3 is preferred |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
443 |
try: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
444 |
conn.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
445 |
except ldap.LDAPError: # Invalid protocol version, fall back safely |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
446 |
conn.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION2) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
447 |
# Deny auto-chasing of referrals to be safe, we handle them instead |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
448 |
#try: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
449 |
# connection.set_option(ldap.OPT_REFERRALS, 0) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
450 |
#except ldap.LDAPError: # Cannot set referrals, so do nothing |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
451 |
# pass |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
452 |
#conn.set_option(ldap.OPT_NETWORK_TIMEOUT, conn_timeout) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
453 |
#conn.timeout = op_timeout |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
454 |
# Now bind with the credentials given. Let exceptions propagate out. |
|
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
455 |
if user is None: |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
456 |
# no user specified, we want to initialize the 'data' connection, |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
457 |
assert self._conn is None |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
458 |
self._conn = conn |
|
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
459 |
# XXX always use simple bind for data connection |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
460 |
if not self.cnx_dn: |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
461 |
conn.simple_bind_s(self.cnx_dn, self.cnx_pwd) |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
462 |
else: |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
463 |
self._authenticate(conn, {'dn': self.cnx_dn}, self.cnx_pwd) |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
464 |
else: |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
465 |
# user specified, we want to check user/password, no need to return |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
466 |
# the connection which will be thrown out |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
467 |
self._authenticate(conn, user, userpwd) |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
468 |
return conn |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
469 |
|
|
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
470 |
def _auth_simple(self, conn, user, userpwd): |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
471 |
conn.simple_bind_s(user['dn'], userpwd) |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
472 |
|
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
473 |
def _auth_cram_md5(self, conn, user, userpwd): |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
474 |
from ldap import sasl |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
475 |
auth_token = sasl.cram_md5(user['dn'], userpwd) |
|
4716
55b6a3262071
fix some pylint detected errors
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4556
diff
changeset
|
476 |
conn.sasl_interactive_bind_s('', auth_token) |
|
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
477 |
|
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
478 |
def _auth_digest_md5(self, conn, user, userpwd): |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
479 |
from ldap import sasl |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
480 |
auth_token = sasl.digest_md5(user['dn'], userpwd) |
|
4716
55b6a3262071
fix some pylint detected errors
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4556
diff
changeset
|
481 |
conn.sasl_interactive_bind_s('', auth_token) |
|
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
482 |
|
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
483 |
def _auth_gssapi(self, conn, user, userpwd): |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
484 |
# print XXX not proper sasl/gssapi |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
485 |
import kerberos |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
486 |
if not kerberos.checkPassword(user[self.user_login_attr], userpwd): |
|
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
487 |
raise Exception('BAD login / mdp') |
| 2707 | 488 |
#from ldap import sasl |
489 |
#conn.sasl_interactive_bind_s('', sasl.gssapi()) |
|
|
2699
1025300249d2
[ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2633
diff
changeset
|
490 |
|
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
491 |
def _search(self, session, base, scope, |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
492 |
searchstr='(objectClass=*)', attrs=()): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
493 |
"""make an ldap query""" |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
494 |
cnx = session.pool.connection(self.uri).cnx |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
495 |
try: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
496 |
res = cnx.search_s(base, scope, searchstr, attrs) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
497 |
except ldap.PARTIAL_RESULTS: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
498 |
res = cnx.result(all=0)[1] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
499 |
except ldap.NO_SUCH_OBJECT: |
|
1398
5fe84a5f7035
rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents:
1263
diff
changeset
|
500 |
eid = self.extid2eid(base, 'CWUser', session, insert=False) |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
501 |
if eid: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
502 |
self.warning('deleting ldap user with eid %s and dn %s', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
503 |
eid, base) |
|
4913
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4719
diff
changeset
|
504 |
entity = session.entity_from_eid(eid, 'CWUser') |
|
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4719
diff
changeset
|
505 |
self.repo.delete_info(session, entity, self.uri, base) |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
506 |
self._cache.pop(base, None) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
507 |
return [] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
508 |
## except ldap.REFERRAL, e: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
509 |
## cnx = self.handle_referral(e) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
510 |
## try: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
511 |
## res = cnx.search_s(base, scope, searchstr, attrs) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
512 |
## except ldap.PARTIAL_RESULTS: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
513 |
## res_type, res = cnx.result(all=0) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
514 |
result = [] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
515 |
for rec_dn, rec_dict in res: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
516 |
# When used against Active Directory, "rec_dict" may not be |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
517 |
# be a dictionary in some cases (instead, it can be a list) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
518 |
# An example of a useless "res" entry that can be ignored |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
519 |
# from AD is |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
520 |
# (None, ['ldap://ForestDnsZones.PORTAL.LOCAL/DC=ForestDnsZones,DC=PORTAL,DC=LOCAL']) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
521 |
# This appears to be some sort of internal referral, but |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
522 |
# we can't handle it, so we need to skip over it. |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
523 |
try: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
524 |
items = rec_dict.items() |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
525 |
except AttributeError: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
526 |
# 'items' not found on rec_dict, skip |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
527 |
continue |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
528 |
for key, value in items: # XXX syt: huuum ? |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
529 |
if not isinstance(value, str): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
530 |
try: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
531 |
for i in range(len(value)): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
532 |
value[i] = unicode(value[i], 'utf8') |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
533 |
except: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
534 |
pass |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
535 |
if isinstance(value, list) and len(value) == 1: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
536 |
rec_dict[key] = value = value[0] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
537 |
rec_dict['dn'] = rec_dn |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
538 |
self._cache[rec_dn] = rec_dict |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
539 |
result.append(rec_dict) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
540 |
#print '--->', result |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
541 |
return result |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
542 |
|
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
543 |
def before_entity_insertion(self, session, lid, etype, eid): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
544 |
"""called by the repository when an eid has been attributed for an |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
545 |
entity stored here but the entity has not been inserted in the system |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
546 |
table yet. |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
547 |
|
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
548 |
This method must return the an Entity instance representation of this |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
549 |
entity. |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
550 |
""" |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
551 |
entity = super(LDAPUserSource, self).before_entity_insertion(session, lid, etype, eid) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
552 |
res = self._search(session, lid, BASE)[0] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
553 |
for attr in entity.e_schema.indexable_attributes(): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
554 |
entity[attr] = res[self.user_rev_attrs[attr]] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
555 |
return entity |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
556 |
|
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
557 |
def after_entity_insertion(self, session, dn, entity): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
558 |
"""called by the repository after an entity stored here has been |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
559 |
inserted in the system table. |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
560 |
""" |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
561 |
super(LDAPUserSource, self).after_entity_insertion(session, dn, entity) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
562 |
for group in self.user_default_groups: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
563 |
session.execute('SET X in_group G WHERE X eid %(x)s, G name %(group)s', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
564 |
{'x': entity.eid, 'group': group}, 'x') |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
565 |
# search for existant email first |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
566 |
try: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
567 |
emailaddr = self._cache[dn][self.user_rev_attrs['email']] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
568 |
except KeyError: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
569 |
return |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
570 |
rset = session.execute('EmailAddress X WHERE X address %(addr)s', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
571 |
{'addr': emailaddr}) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
572 |
if rset: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
573 |
session.execute('SET U primary_email X WHERE U eid %(u)s, X eid %(x)s', |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
574 |
{'x': rset[0][0], 'u': entity.eid}, 'u') |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
575 |
else: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
576 |
# not found, create it |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
577 |
_insert_email(session, emailaddr, entity.eid) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
578 |
|
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
579 |
def update_entity(self, session, entity): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
580 |
"""replace an entity in the source""" |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
581 |
raise RepositoryError('this source is read only') |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
582 |
|
|
4913
083b4d454192
server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents:
4719
diff
changeset
|
583 |
def delete_entity(self, session, entity): |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
584 |
"""delete an entity from the source""" |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
585 |
raise RepositoryError('this source is read only') |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
586 |
|
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
587 |
def _insert_email(session, emailaddr, ueid): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
588 |
session.execute('INSERT EmailAddress X: X address %(addr)s, U primary_email X ' |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
589 |
'WHERE U eid %(x)s', {'addr': emailaddr, 'x': ueid}, 'x') |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
590 |
|
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
591 |
class GotDN(Exception): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
592 |
"""exception used when a dn localizing the searched user has been found""" |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
593 |
def __init__(self, dn): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
594 |
self.dn = dn |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
595 |
|
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
596 |
|
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
597 |
class RQL2LDAPFilter(object): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
598 |
"""generate an LDAP filter for a rql query""" |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
599 |
def __init__(self, source, session, args=None, mainvars=()): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
600 |
self.source = source |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
601 |
self._ldap_attrs = source.user_rev_attrs |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
602 |
self._base_filters = source.base_filters |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
603 |
self._session = session |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
604 |
if args is None: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
605 |
args = {} |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
606 |
self._args = args |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
607 |
self.mainvars = mainvars |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
608 |
|
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
609 |
def generate(self, selection, mainvarname): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
610 |
self._filters = res = self._base_filters[:] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
611 |
self._mainvarname = mainvarname |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
612 |
self._eidfilters = [] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
613 |
self._done_not = set() |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
614 |
restriction = selection.where |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
615 |
if isinstance(restriction, Relation): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
616 |
# only a single relation, need to append result here (no AND/OR) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
617 |
filter = restriction.accept(self) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
618 |
if filter is not None: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
619 |
res.append(filter) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
620 |
elif restriction: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
621 |
restriction.accept(self) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
622 |
if len(res) > 1: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
623 |
return self._eidfilters, '(&%s)' % ''.join(res) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
624 |
return self._eidfilters, res[0] |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
625 |
|
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
626 |
def visit_and(self, et): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
627 |
"""generate filter for a AND subtree""" |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
628 |
for c in et.children: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
629 |
part = c.accept(self) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
630 |
if part: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
631 |
self._filters.append(part) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
632 |
|
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
633 |
def visit_or(self, ou): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
634 |
"""generate filter for a OR subtree""" |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
635 |
res = [] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
636 |
for c in ou.children: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
637 |
part = c.accept(self) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
638 |
if part: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
639 |
res.append(part) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
640 |
if res: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
641 |
if len(res) > 1: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
642 |
part = '(|%s)' % ''.join(res) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
643 |
else: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
644 |
part = res[0] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
645 |
self._filters.append(part) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
646 |
|
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
647 |
def visit_not(self, node): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
648 |
"""generate filter for a OR subtree""" |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
649 |
part = node.children[0].accept(self) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
650 |
if part: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
651 |
self._filters.append('(!(%s))'% part) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
652 |
|
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
653 |
def visit_relation(self, relation): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
654 |
"""generate filter for a relation""" |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
655 |
rtype = relation.r_type |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
656 |
# don't care of type constraint statement (i.e. relation_type = 'is') |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
657 |
if rtype == 'is': |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
658 |
return '' |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
659 |
lhs, rhs = relation.get_parts() |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
660 |
# attribute relation |
|
3689
deb13e88e037
follow yams 0.25 api changes to improve performance
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3245
diff
changeset
|
661 |
if self.source.schema.rschema(rtype).final: |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
662 |
# dunno what to do here, don't pretend anything else |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
663 |
if lhs.name != self._mainvarname: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
664 |
if lhs.name in self.mainvars: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
665 |
# XXX check we don't have variable as rhs |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
666 |
return |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
667 |
raise NotImplementedError |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
668 |
rhs_vars = rhs.get_nodes(VariableRef) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
669 |
if rhs_vars: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
670 |
if len(rhs_vars) > 1: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
671 |
raise NotImplementedError |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
672 |
# selected variable, nothing to do here |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
673 |
return |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
674 |
# no variables in the RHS |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
675 |
if isinstance(rhs.children[0], Function): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
676 |
res = rhs.children[0].accept(self) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
677 |
elif rtype != 'has_text': |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
678 |
res = self._visit_attribute_relation(relation) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
679 |
else: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
680 |
raise NotImplementedError(relation) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
681 |
# regular relation XXX todo: in_group |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
682 |
else: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
683 |
raise NotImplementedError(relation) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
684 |
return res |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
685 |
|
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
686 |
def _visit_attribute_relation(self, relation): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
687 |
"""generate filter for an attribute relation""" |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
688 |
lhs, rhs = relation.get_parts() |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
689 |
lhsvar = lhs.variable |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
690 |
if relation.r_type == 'eid': |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
691 |
# XXX hack |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
692 |
# skip comparison sign |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
693 |
eid = int(rhs.children[0].accept(self)) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
694 |
if relation.neged(strict=True): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
695 |
self._done_not.add(relation.parent) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
696 |
self._eidfilters.append(lambda x: not x == eid) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
697 |
return |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
698 |
if rhs.operator != '=': |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
699 |
filter = {'>': lambda x: x > eid, |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
700 |
'>=': lambda x: x >= eid, |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
701 |
'<': lambda x: x < eid, |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
702 |
'<=': lambda x: x <= eid, |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
703 |
}[rhs.operator] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
704 |
self._eidfilters.append(filter) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
705 |
return |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
706 |
dn = self.source.eid2extid(eid, self._session) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
707 |
raise GotDN(dn) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
708 |
try: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
709 |
filter = '(%s%s)' % (self._ldap_attrs[relation.r_type], |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
710 |
rhs.accept(self)) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
711 |
except KeyError: |
|
975
0928daea04e9
fix ldapsource w/ restriction on unsupported relation (return no results in that case)
sylvain.thenault@logilab.fr
parents:
938
diff
changeset
|
712 |
# unsupported attribute |
|
0928daea04e9
fix ldapsource w/ restriction on unsupported relation (return no results in that case)
sylvain.thenault@logilab.fr
parents:
938
diff
changeset
|
713 |
self.source.warning('%s source can\'t handle relation %s, no ' |
|
0928daea04e9
fix ldapsource w/ restriction on unsupported relation (return no results in that case)
sylvain.thenault@logilab.fr
parents:
938
diff
changeset
|
714 |
'results will be returned from this source', |
|
0928daea04e9
fix ldapsource w/ restriction on unsupported relation (return no results in that case)
sylvain.thenault@logilab.fr
parents:
938
diff
changeset
|
715 |
self.source.uri, relation) |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
716 |
raise UnknownEid # trick to return no result |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
717 |
return filter |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
718 |
|
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
719 |
def visit_comparison(self, cmp): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
720 |
"""generate filter for a comparaison""" |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
721 |
return '%s%s'% (cmp.operator, cmp.children[0].accept(self)) |
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
722 |
|
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
723 |
def visit_mathexpression(self, mexpr): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
724 |
"""generate filter for a mathematic expression""" |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
725 |
raise NotImplementedError |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
726 |
|
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
727 |
def visit_function(self, function): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
728 |
"""generate filter name for a function""" |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
729 |
if function.name == 'IN': |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
730 |
return self.visit_in(function) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
731 |
raise NotImplementedError |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
732 |
|
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
733 |
def visit_in(self, function): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
734 |
grandpapa = function.parent.parent |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
735 |
ldapattr = self._ldap_attrs[grandpapa.r_type] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
736 |
res = [] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
737 |
for c in function.children: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
738 |
part = c.accept(self) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
739 |
if part: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
740 |
res.append(part) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
741 |
if res: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
742 |
if len(res) > 1: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
743 |
part = '(|%s)' % ''.join('(%s=%s)' % (ldapattr, v) for v in res) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
744 |
else: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
745 |
part = '(%s=%s)' % (ldapattr, res[0]) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
746 |
return part |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
747 |
|
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
748 |
def visit_constant(self, constant): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
749 |
"""generate filter name for a constant""" |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
750 |
value = constant.value |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
751 |
if constant.type is None: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
752 |
raise NotImplementedError |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
753 |
if constant.type == 'Date': |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
754 |
raise NotImplementedError |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
755 |
#value = self.keyword_map[value]() |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
756 |
elif constant.type == 'Substitute': |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
757 |
value = self._args[constant.value] |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
758 |
else: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
759 |
value = constant.value |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
760 |
if isinstance(value, unicode): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
761 |
value = value.encode('utf8') |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
762 |
else: |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
763 |
value = str(value) |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
764 |
return escape_filter_chars(value) |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1398
diff
changeset
|
765 |
|
|
257
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
766 |
def visit_variableref(self, variableref): |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
767 |
"""get the sql name for a variable reference""" |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
768 |
pass |
|
4c7d3af7e94d
restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
769 |