author | Rémi Cardona <remi.cardona@logilab.fr> |
Wed, 11 Mar 2015 15:17:25 +0100 | |
changeset 10224 | 996cf2c0ec99 |
parent 9879 | 21278eb03bbf |
child 10089 | 6346f53c85f1 |
permissions | -rw-r--r-- |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
1 |
# copyright 2011-2012 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
2 |
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
3 |
# |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
4 |
# This file is part of CubicWeb. |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
5 |
# |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
6 |
# CubicWeb is free software: you can redistribute it and/or modify it under the |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
7 |
# terms of the GNU Lesser General Public License as published by the Free |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
8 |
# Software Foundation, either version 2.1 of the License, or (at your option) |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
9 |
# any later version. |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
10 |
# |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
11 |
# CubicWeb is distributed in the hope that it will be useful, but WITHOUT |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
12 |
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
13 |
# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
14 |
# details. |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
15 |
# |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
16 |
# You should have received a copy of the GNU Lesser General Public License along |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
17 |
# with CubicWeb. If not, see <http://www.gnu.org/licenses/>. |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
18 |
"""cubicweb ldap feed source |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
19 |
|
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
20 |
unlike ldapuser source, this source is copy based and will import ldap content |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
21 |
(beside passwords for authentication) into the system source. |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
22 |
""" |
8638
9f95c2368b8b
[ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8633
diff
changeset
|
23 |
from logilab.common.decorators import cached, cachedproperty |
8387
b59af20a868d
[ldap] we may actually get back password from ldap
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8382
diff
changeset
|
24 |
from logilab.common.shellutils import generate_password |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
25 |
|
8566
76bcfb3c483d
[ldapparser] raise specific error if the configuration is wrong (closes #2498164)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8479
diff
changeset
|
26 |
from cubicweb import Binary, ConfigurationError |
8387
b59af20a868d
[ldap] we may actually get back password from ldap
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8382
diff
changeset
|
27 |
from cubicweb.server.utils import crypt_password |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
28 |
from cubicweb.server.sources import datafeed |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
29 |
|
8387
b59af20a868d
[ldap] we may actually get back password from ldap
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8382
diff
changeset
|
30 |
|
8430
5bee87a14bb1
fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8427
diff
changeset
|
31 |
class DataFeedLDAPAdapter(datafeed.DataFeedParser): |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
32 |
__regid__ = 'ldapfeed' |
8250
171a9d6bff8f
[ldapfeed] fix synchronisation crash: ldap attributes are given while we want cw attributes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8188
diff
changeset
|
33 |
# attributes that may appears in source user_attrs dict which are not |
171a9d6bff8f
[ldapfeed] fix synchronisation crash: ldap attributes are given while we want cw attributes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8188
diff
changeset
|
34 |
# attributes of the cw user |
8919
4cba95ef4738
[ldap] handle modification date
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8918
diff
changeset
|
35 |
non_attribute_keys = set(('email', 'eid', 'member', 'modification_date')) |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
36 |
|
8638
9f95c2368b8b
[ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8633
diff
changeset
|
37 |
@cachedproperty |
9f95c2368b8b
[ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8633
diff
changeset
|
38 |
def searchfilterstr(self): |
9f95c2368b8b
[ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8633
diff
changeset
|
39 |
""" ldap search string, including user-filter """ |
9f95c2368b8b
[ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8633
diff
changeset
|
40 |
return '(&%s)' % ''.join(self.source.base_filters) |
9f95c2368b8b
[ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8633
diff
changeset
|
41 |
|
9f95c2368b8b
[ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8633
diff
changeset
|
42 |
@cachedproperty |
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
43 |
def searchgroupfilterstr(self): |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
44 |
""" ldap search string, including user-filter """ |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
45 |
return '(&%s)' % ''.join(self.source.group_base_filters) |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
46 |
|
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
47 |
@cachedproperty |
8920
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
48 |
def user_source_entities_by_extid(self): |
8638
9f95c2368b8b
[ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8633
diff
changeset
|
49 |
source = self.source |
8906
ed35d984ff28
[ldap] an empty 'user-base-dn' disable the user importation process,
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8900
diff
changeset
|
50 |
if source.user_base_dn.strip(): |
8918
43fd866e8f8a
[ldap] refactor attributes mapping handling
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8917
diff
changeset
|
51 |
attrs = map(str, source.user_attrs.keys()) |
8906
ed35d984ff28
[ldap] an empty 'user-base-dn' disable the user importation process,
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8900
diff
changeset
|
52 |
return dict((userdict['dn'], userdict) |
ed35d984ff28
[ldap] an empty 'user-base-dn' disable the user importation process,
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8900
diff
changeset
|
53 |
for userdict in source._search(self._cw, |
ed35d984ff28
[ldap] an empty 'user-base-dn' disable the user importation process,
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8900
diff
changeset
|
54 |
source.user_base_dn, |
ed35d984ff28
[ldap] an empty 'user-base-dn' disable the user importation process,
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8900
diff
changeset
|
55 |
source.user_base_scope, |
8918
43fd866e8f8a
[ldap] refactor attributes mapping handling
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8917
diff
changeset
|
56 |
self.searchfilterstr, |
43fd866e8f8a
[ldap] refactor attributes mapping handling
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8917
diff
changeset
|
57 |
attrs)) |
8906
ed35d984ff28
[ldap] an empty 'user-base-dn' disable the user importation process,
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8900
diff
changeset
|
58 |
return {} |
8638
9f95c2368b8b
[ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8633
diff
changeset
|
59 |
|
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
60 |
@cachedproperty |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
61 |
def group_source_entities_by_extid(self): |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
62 |
source = self.source |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
63 |
if source.group_base_dn.strip(): |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
64 |
attrs = map(str, ['modifyTimestamp'] + source.group_attrs.keys()) |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
65 |
return dict((groupdict['dn'], groupdict) |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
66 |
for groupdict in source._search(self._cw, |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
67 |
source.group_base_dn, |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
68 |
source.group_base_scope, |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
69 |
self.searchgroupfilterstr, |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
70 |
attrs)) |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
71 |
return {} |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
72 |
|
8920
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
73 |
def _process(self, etype, sdict): |
9219
6afdeaabac74
[ldapparser] demote some logs from warning to debug (closes #2713671)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8922
diff
changeset
|
74 |
self.debug('fetched %s %s', etype, sdict) |
8920
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
75 |
extid = sdict['dn'] |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
76 |
entity = self.extid2entity(extid, etype, **sdict) |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
77 |
if entity is not None and not self.created_during_pull(entity): |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
78 |
self.notify_updated(entity) |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
79 |
attrs = self.ldap2cwattrs(sdict, etype) |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
80 |
self.update_if_necessary(entity, attrs) |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
81 |
if etype == 'CWUser': |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
82 |
self._process_email(entity, sdict) |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
83 |
if etype == 'CWGroup': |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
84 |
self._process_membership(entity, sdict) |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
85 |
|
8409
79534887943e
[datafeed] fix/finish cleanup started by auc in 8393:c25b96ae4f8a: parser.process prototytpe is (url, raise_on_error=False). Drop partialcommit argument which were never specified
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8400
diff
changeset
|
86 |
def process(self, url, raise_on_error=False): |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
87 |
"""IDataFeedParser main entry point""" |
8638
9f95c2368b8b
[ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8633
diff
changeset
|
88 |
self.debug('processing ldapfeed source %s %s', self.source, self.searchfilterstr) |
8920
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
89 |
for userdict in self.user_source_entities_by_extid.itervalues(): |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
90 |
self._process('CWUser', userdict) |
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
91 |
self.debug('processing ldapfeed source %s %s', self.source, self.searchgroupfilterstr) |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
92 |
for groupdict in self.group_source_entities_by_extid.itervalues(): |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
93 |
self._process('CWGroup', groupdict) |
8430
5bee87a14bb1
fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8427
diff
changeset
|
94 |
|
9879
21278eb03bbf
[datafeed sources] finish the session -> cnx switch
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
9551
diff
changeset
|
95 |
def handle_deletion(self, config, cnx, myuris): |
8430
5bee87a14bb1
fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8427
diff
changeset
|
96 |
if config['delete-entities']: |
9879
21278eb03bbf
[datafeed sources] finish the session -> cnx switch
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
9551
diff
changeset
|
97 |
super(DataFeedLDAPAdapter, self).handle_deletion(config, cnx, myuris) |
8432
96b4f7a35e6c
[ldapparser] missing return
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8431
diff
changeset
|
98 |
return |
8430
5bee87a14bb1
fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8427
diff
changeset
|
99 |
if myuris: |
5bee87a14bb1
fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8427
diff
changeset
|
100 |
byetype = {} |
5bee87a14bb1
fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8427
diff
changeset
|
101 |
for extid, (eid, etype) in myuris.iteritems(): |
5bee87a14bb1
fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8427
diff
changeset
|
102 |
if self.is_deleted(extid, etype, eid): |
5bee87a14bb1
fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8427
diff
changeset
|
103 |
byetype.setdefault(etype, []).append(str(eid)) |
5bee87a14bb1
fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8427
diff
changeset
|
104 |
|
5bee87a14bb1
fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8427
diff
changeset
|
105 |
for etype, eids in byetype.iteritems(): |
5bee87a14bb1
fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8427
diff
changeset
|
106 |
if etype != 'CWUser': |
5bee87a14bb1
fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8427
diff
changeset
|
107 |
continue |
9219
6afdeaabac74
[ldapparser] demote some logs from warning to debug (closes #2713671)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8922
diff
changeset
|
108 |
self.info('deactivate %s %s entities', len(eids), etype) |
8430
5bee87a14bb1
fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8427
diff
changeset
|
109 |
for eid in eids: |
9879
21278eb03bbf
[datafeed sources] finish the session -> cnx switch
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
9551
diff
changeset
|
110 |
wf = cnx.entity_from_eid(eid).cw_adapt_to('IWorkflowable') |
8434
39c5bb4dcc59
[ldapfeed] do not crash on ldap user deletion + pull + already deactivated users, cleanups (closes #2392933)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8432
diff
changeset
|
111 |
wf.fire_transition_if_possible('deactivate') |
9879
21278eb03bbf
[datafeed sources] finish the session -> cnx switch
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
9551
diff
changeset
|
112 |
cnx.commit() |
8430
5bee87a14bb1
fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8427
diff
changeset
|
113 |
|
8434
39c5bb4dcc59
[ldapfeed] do not crash on ldap user deletion + pull + already deactivated users, cleanups (closes #2392933)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8432
diff
changeset
|
114 |
def update_if_necessary(self, entity, attrs): |
8478
e099ebc65e61
[ldap feed] fix error since with read security activated, password value is not selecteable (closes #2406597). Also add a note in the book about packages required to connect to an ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8434
diff
changeset
|
115 |
# disable read security to allow password selection |
e099ebc65e61
[ldap feed] fix error since with read security activated, password value is not selecteable (closes #2406597). Also add a note in the book about packages required to connect to an ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8434
diff
changeset
|
116 |
with entity._cw.security_enabled(read=False): |
e099ebc65e61
[ldap feed] fix error since with read security activated, password value is not selecteable (closes #2406597). Also add a note in the book about packages required to connect to an ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8434
diff
changeset
|
117 |
entity.complete(tuple(attrs)) |
8900
010a59e12d89
use cw_etype instead of __regid__
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8888
diff
changeset
|
118 |
if entity.cw_etype == 'CWUser': |
8434
39c5bb4dcc59
[ldapfeed] do not crash on ldap user deletion + pull + already deactivated users, cleanups (closes #2392933)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8432
diff
changeset
|
119 |
wf = entity.cw_adapt_to('IWorkflowable') |
39c5bb4dcc59
[ldapfeed] do not crash on ldap user deletion + pull + already deactivated users, cleanups (closes #2392933)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8432
diff
changeset
|
120 |
if wf.state == 'deactivated': |
8639
2fddbe32ae8b
[ldapfeed] if a deactivated user becomes available again in its source, reactivate it (closes #2542776)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8638
diff
changeset
|
121 |
wf.fire_transition('activate') |
9219
6afdeaabac74
[ldapparser] demote some logs from warning to debug (closes #2713671)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8922
diff
changeset
|
122 |
self.info('user %s reactivated', entity.login) |
8434
39c5bb4dcc59
[ldapfeed] do not crash on ldap user deletion + pull + already deactivated users, cleanups (closes #2392933)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8432
diff
changeset
|
123 |
mdate = attrs.get('modification_date') |
39c5bb4dcc59
[ldapfeed] do not crash on ldap user deletion + pull + already deactivated users, cleanups (closes #2392933)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8432
diff
changeset
|
124 |
if not mdate or mdate > entity.modification_date: |
39c5bb4dcc59
[ldapfeed] do not crash on ldap user deletion + pull + already deactivated users, cleanups (closes #2392933)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8432
diff
changeset
|
125 |
attrs = dict( (k, v) for k, v in attrs.iteritems() |
39c5bb4dcc59
[ldapfeed] do not crash on ldap user deletion + pull + already deactivated users, cleanups (closes #2392933)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8432
diff
changeset
|
126 |
if v != getattr(entity, k)) |
39c5bb4dcc59
[ldapfeed] do not crash on ldap user deletion + pull + already deactivated users, cleanups (closes #2392933)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8432
diff
changeset
|
127 |
if attrs: |
8483
4ba11607d84a
[entity api] unify set_attributes / set_relations into a cw_set method. Closes #2423719
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8434
diff
changeset
|
128 |
entity.cw_set(**attrs) |
8434
39c5bb4dcc59
[ldapfeed] do not crash on ldap user deletion + pull + already deactivated users, cleanups (closes #2392933)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8432
diff
changeset
|
129 |
self.notify_updated(entity) |
39c5bb4dcc59
[ldapfeed] do not crash on ldap user deletion + pull + already deactivated users, cleanups (closes #2392933)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8432
diff
changeset
|
130 |
|
8920
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
131 |
def ldap2cwattrs(self, sdict, etype, tdict=None): |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
132 |
""" Transform dictionary of LDAP attributes to CW |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
133 |
etype must be CWUser or CWGroup """ |
8250
171a9d6bff8f
[ldapfeed] fix synchronisation crash: ldap attributes are given while we want cw attributes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8188
diff
changeset
|
134 |
if tdict is None: |
171a9d6bff8f
[ldapfeed] fix synchronisation crash: ldap attributes are given while we want cw attributes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8188
diff
changeset
|
135 |
tdict = {} |
8920
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
136 |
if etype == 'CWUser': |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
137 |
items = self.source.user_attrs.iteritems() |
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
138 |
elif etype == 'CWGroup': |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
139 |
items = self.source.group_attrs.iteritems() |
8920
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
140 |
for sattr, tattr in items: |
8250
171a9d6bff8f
[ldapfeed] fix synchronisation crash: ldap attributes are given while we want cw attributes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8188
diff
changeset
|
141 |
if tattr not in self.non_attribute_keys: |
8566
76bcfb3c483d
[ldapparser] raise specific error if the configuration is wrong (closes #2498164)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8479
diff
changeset
|
142 |
try: |
76bcfb3c483d
[ldapparser] raise specific error if the configuration is wrong (closes #2498164)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8479
diff
changeset
|
143 |
tdict[tattr] = sdict[sattr] |
76bcfb3c483d
[ldapparser] raise specific error if the configuration is wrong (closes #2498164)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8479
diff
changeset
|
144 |
except KeyError: |
9551
cbc46f94081d
[ldapparser, book] document additional error causes
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9535
diff
changeset
|
145 |
raise ConfigurationError('source attribute %s has not ' |
cbc46f94081d
[ldapparser, book] document additional error causes
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9535
diff
changeset
|
146 |
'been found in the source, ' |
cbc46f94081d
[ldapparser, book] document additional error causes
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9535
diff
changeset
|
147 |
'please check the %s-attrs-map ' |
cbc46f94081d
[ldapparser, book] document additional error causes
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9535
diff
changeset
|
148 |
'field and the permissions of ' |
cbc46f94081d
[ldapparser, book] document additional error causes
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9535
diff
changeset
|
149 |
'the LDAP binding user' % |
8920
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
150 |
(sattr, etype[2:].lower())) |
8250
171a9d6bff8f
[ldapfeed] fix synchronisation crash: ldap attributes are given while we want cw attributes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8188
diff
changeset
|
151 |
return tdict |
171a9d6bff8f
[ldapfeed] fix synchronisation crash: ldap attributes are given while we want cw attributes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8188
diff
changeset
|
152 |
|
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
153 |
def before_entity_copy(self, entity, sourceparams): |
8920
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
154 |
etype = entity.cw_etype |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
155 |
if etype == 'EmailAddress': |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
156 |
entity.cw_edited['address'] = sourceparams['address'] |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
157 |
else: |
8920
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
158 |
self.ldap2cwattrs(sourceparams, etype, tdict=entity.cw_edited) |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
159 |
if etype == 'CWUser': |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
160 |
pwd = entity.cw_edited.get('upassword') |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
161 |
if not pwd: |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
162 |
# generate a dumb password if not fetched from ldap (see |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
163 |
# userPassword) |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
164 |
pwd = crypt_password(generate_password()) |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
165 |
entity.cw_edited['upassword'] = Binary(pwd) |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
166 |
return entity |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
167 |
|
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
168 |
def after_entity_copy(self, entity, sourceparams): |
8430
5bee87a14bb1
fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8427
diff
changeset
|
169 |
super(DataFeedLDAPAdapter, self).after_entity_copy(entity, sourceparams) |
8920
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
170 |
etype = entity.cw_etype |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
171 |
if etype == 'EmailAddress': |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
172 |
return |
9551
cbc46f94081d
[ldapparser, book] document additional error causes
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9535
diff
changeset
|
173 |
# all CWUsers must be treated before CWGroups to have the in_group relation |
8920
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
174 |
# set correctly in _associate_ldapusers |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
175 |
elif etype == 'CWUser': |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
176 |
groups = filter(None, [self._get_group(name) |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
177 |
for name in self.source.user_default_groups]) |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
178 |
if groups: |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
179 |
entity.cw_set(in_group=groups) |
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
180 |
self._process_email(entity, sourceparams) |
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
181 |
elif etype == 'CWGroup': |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
182 |
self._process_membership(entity, sourceparams) |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
183 |
|
8638
9f95c2368b8b
[ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8633
diff
changeset
|
184 |
def is_deleted(self, extidplus, etype, eid): |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
185 |
try: |
8638
9f95c2368b8b
[ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8633
diff
changeset
|
186 |
extid, _ = extidplus.rsplit('@@', 1) |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
187 |
except ValueError: |
8638
9f95c2368b8b
[ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8633
diff
changeset
|
188 |
# for some reason extids here tend to come in both forms, e.g: |
9f95c2368b8b
[ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8633
diff
changeset
|
189 |
# dn, dn@@Babar |
9f95c2368b8b
[ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8633
diff
changeset
|
190 |
extid = extidplus |
8920
386049566ceb
[ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents:
8919
diff
changeset
|
191 |
return extid not in self.user_source_entities_by_extid |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
192 |
|
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
193 |
def _process_email(self, entity, userdict): |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
194 |
try: |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
195 |
emailaddrs = userdict[self.source.user_rev_attrs['email']] |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
196 |
except KeyError: |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
197 |
return # no email for that user, nothing to do |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
198 |
if not isinstance(emailaddrs, list): |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
199 |
emailaddrs = [emailaddrs] |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
200 |
for emailaddr in emailaddrs: |
9551
cbc46f94081d
[ldapparser, book] document additional error causes
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9535
diff
changeset
|
201 |
# search for existing email first, may be coming from another source |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
202 |
rset = self._cw.execute('EmailAddress X WHERE X address %(addr)s', |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
203 |
{'addr': emailaddr}) |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
204 |
if not rset: |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
205 |
# not found, create it. first forge an external id |
9535
09b4ebb9b0f1
[ldapfeed] fix encode error during initial user import
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents:
9219
diff
changeset
|
206 |
emailextid = userdict['dn'] + '@@' + emailaddr.encode('utf-8') |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
207 |
email = self.extid2entity(emailextid, 'EmailAddress', |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
208 |
address=emailaddr) |
8917
685b93559e33
[ldapfeed] add support for multiple email addresses from ldap
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents:
8906
diff
changeset
|
209 |
entity.cw_set(use_email=email) |
8400
0ae27909e45b
[ldapfeed] properly mark email address as encountered during import to avoid deleting them
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8392
diff
changeset
|
210 |
elif self.sourceuris: |
0ae27909e45b
[ldapfeed] properly mark email address as encountered during import to avoid deleting them
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8392
diff
changeset
|
211 |
# pop from sourceuris anyway, else email may be removed by the |
0ae27909e45b
[ldapfeed] properly mark email address as encountered during import to avoid deleting them
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8392
diff
changeset
|
212 |
# source once import is finished |
8575
688d108af306
[ldapparser] utf-8 uri + unicode emailaddr will crash if the later is not properly encoded (closes #2508515)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8566
diff
changeset
|
213 |
uri = userdict['dn'] + '@@' + emailaddr.encode('utf-8') |
688d108af306
[ldapparser] utf-8 uri + unicode emailaddr will crash if the later is not properly encoded (closes #2508515)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents:
8566
diff
changeset
|
214 |
self.sourceuris.pop(uri, None) |
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
215 |
# XXX else check use_email relation? |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
216 |
|
8922
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
217 |
def _process_membership(self, entity, sourceparams): |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
218 |
""" Find existing CWUsers with the same login as the memberUids in the |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
219 |
CWGroup entity and create the in_group relationship """ |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
220 |
mdate = sourceparams.get('modification_date') |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
221 |
if (not mdate or mdate > entity.modification_date): |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
222 |
self._cw.execute('DELETE U in_group G WHERE G eid %(g)s', |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
223 |
{'g':entity.eid}) |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
224 |
members = sourceparams.get(self.source.group_rev_attrs['member']) |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
225 |
if members: |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
226 |
members = ["'%s'" % e for e in members] |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
227 |
rql = 'SET U in_group G WHERE G eid %%(g)s, U login IN (%s)' % ','.join(members) |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
228 |
self._cw.execute(rql, {'g':entity.eid, }) |
715b9eec6da9
[ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents:
8920
diff
changeset
|
229 |
|
8188
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
230 |
@cached |
1867e252e487
[repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff
changeset
|
231 |
def _get_group(self, name): |
8679
cf4dacc80976
[ldapfeed] don't crash if one specify an unexisting group in the configuration. Closes #2538399
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8639
diff
changeset
|
232 |
try: |
cf4dacc80976
[ldapfeed] don't crash if one specify an unexisting group in the configuration. Closes #2538399
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8639
diff
changeset
|
233 |
return self._cw.execute('Any X WHERE X is CWGroup, X name %(name)s', |
cf4dacc80976
[ldapfeed] don't crash if one specify an unexisting group in the configuration. Closes #2538399
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8639
diff
changeset
|
234 |
{'name': name}).get_entity(0, 0) |
cf4dacc80976
[ldapfeed] don't crash if one specify an unexisting group in the configuration. Closes #2538399
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8639
diff
changeset
|
235 |
except IndexError: |
8888
738f97bc3e19
[ldap] Use correct API for logging message
Jérôme Roy <jerome.roy@logilab.fr>
parents:
8694
diff
changeset
|
236 |
self.error('group %r referenced by source configuration %r does not exist', |
738f97bc3e19
[ldap] Use correct API for logging message
Jérôme Roy <jerome.roy@logilab.fr>
parents:
8694
diff
changeset
|
237 |
name, self.source.uri) |
8679
cf4dacc80976
[ldapfeed] don't crash if one specify an unexisting group in the configuration. Closes #2538399
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8639
diff
changeset
|
238 |
return None |
cf4dacc80976
[ldapfeed] don't crash if one specify an unexisting group in the configuration. Closes #2538399
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
8639
diff
changeset
|
239 |