server/sources/ldapuser.py
author Alexandre Fayolle <alexandre.fayolle@logilab.fr>
Tue, 22 Feb 2011 21:30:32 +0100
branchstable
changeset 7029 bae4d11a104b
parent 6887 72d7feeb071e
child 7040 9b1f9bc74f5d
child 7055 a393ebb880cd
permissions -rw-r--r--
add some tips for users who want to bind to an AD server adjust the level of the different configuration parameters so that the condfiguration becomes usable outside Logilab
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
5421
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
     1
# copyright 2003-2010 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
     2
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
     3
#
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
     4
# This file is part of CubicWeb.
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
     5
#
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
     6
# CubicWeb is free software: you can redistribute it and/or modify it under the
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
     7
# terms of the GNU Lesser General Public License as published by the Free
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
     8
# Software Foundation, either version 2.1 of the License, or (at your option)
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
     9
# any later version.
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
    10
#
5424
8ecbcbff9777 replace logilab-common by CubicWeb in disclaimer
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5421
diff changeset
    11
# CubicWeb is distributed in the hope that it will be useful, but WITHOUT
5421
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
    12
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
    13
# FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
    14
# details.
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
    15
#
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
    16
# You should have received a copy of the GNU Lesser General Public License along
8167de96c523 proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5407
diff changeset
    17
# with CubicWeb.  If not, see <http://www.gnu.org/licenses/>.
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    18
"""cubicweb ldap user source
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    19
1398
5fe84a5f7035 rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents: 1263
diff changeset
    20
this source is for now limited to a read-only CWUser source
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    21
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    22
Part of the code is coming form Zope's LDAPUserFolder
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    23
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    24
Copyright (c) 2004 Jens Vagelpohl.
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    25
All Rights Reserved.
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    26
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    27
This software is subject to the provisions of the Zope Public License,
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    28
Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    29
THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    30
WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    31
WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    32
FOR A PARTICULAR PURPOSE.
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    33
"""
5637
b72a838aa109 more robust handling of looping task configuration in ldap source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5604
diff changeset
    34
from __future__ import division
1952
8e19c813750d fix extid handling: ensure encoded string is given, and store them as base64 (see note in native.py).
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 1802
diff changeset
    35
from base64 import b64decode
8e19c813750d fix extid handling: ensure encoded string is given, and store them as base64 (see note in native.py).
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 1802
diff changeset
    36
2633
bc9386c3b2c9 get_csv is being renamed to splitstrip
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 1977
diff changeset
    37
from logilab.common.textutils import splitstrip
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    38
from rql.nodes import Relation, VariableRef, Constant, Function
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    39
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    40
import ldap
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    41
from ldap.ldapobject import ReconnectLDAPObject
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    42
from ldap.filter import filter_format, escape_filter_chars
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    43
from ldapurl import LDAPUrl
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    44
5455
3dc47a52dd19 fix bad reading of options in ldapuser.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5428
diff changeset
    45
from logilab.common.configuration import time_validator
1238
fa29b5b60107 set 30sec query cache on pyro source, important speedup for pages generating multiple time the same external query
sylvain.thenault@logilab.fr
parents: 975
diff changeset
    46
from cubicweb import AuthenticationError, UnknownEid, RepositoryError
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    47
from cubicweb.server.utils import cartesian_product
1238
fa29b5b60107 set 30sec query cache on pyro source, important speedup for pages generating multiple time the same external query
sylvain.thenault@logilab.fr
parents: 975
diff changeset
    48
from cubicweb.server.sources import (AbstractSource, TrFunc, GlobTrFunc,
fa29b5b60107 set 30sec query cache on pyro source, important speedup for pages generating multiple time the same external query
sylvain.thenault@logilab.fr
parents: 975
diff changeset
    49
                                     ConnectionWrapper, TimedCache)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    50
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    51
# search scopes
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    52
BASE = ldap.SCOPE_BASE
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    53
ONELEVEL = ldap.SCOPE_ONELEVEL
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    54
SUBTREE = ldap.SCOPE_SUBTREE
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    55
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    56
# map ldap protocol to their standard port
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    57
PROTO_PORT = {'ldap': 389,
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    58
              'ldaps': 636,
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    59
              'ldapi': None,
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    60
              }
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    61
1263
01152fffd593 backport default branch
sylvain.thenault@logilab.fr
parents: 1016 1238
diff changeset
    62
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    63
class LDAPUserSource(AbstractSource):
1398
5fe84a5f7035 rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents: 1263
diff changeset
    64
    """LDAP read-only CWUser source"""
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
    65
    support_entities = {'CWUser': False}
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    66
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    67
    options = (
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    68
        ('host',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    69
         {'type' : 'string',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    70
          'default': 'ldap',
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    71
          'help': 'ldap host. It may contains port information using \
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    72
<host>:<port> notation.',
5323
329b4f6d18b4 [config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5174
diff changeset
    73
          'group': 'ldap-source', 'level': 1,
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    74
          }),
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    75
        ('protocol',
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    76
         {'type' : 'choice',
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    77
          'default': 'ldap',
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    78
          'choices': ('ldap', 'ldaps', 'ldapi'),
5138
18388a897d2a list allowed values for ldap protocol setting in help, so that the generated file includes this in a comment
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4913
diff changeset
    79
          'help': 'ldap protocol (allowed values: ldap, ldaps, ldapi)',
5323
329b4f6d18b4 [config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5174
diff changeset
    80
          'group': 'ldap-source', 'level': 1,
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    81
          }),
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    82
        ('auth-mode',
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    83
         {'type' : 'choice',
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    84
          'default': 'simple',
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    85
          'choices': ('simple', 'cram_md5', 'digest_md5', 'gssapi'),
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    86
          'help': 'authentication mode used to authenticate user to the ldap.',
5456
d040889fac4e merged back oldstable into stable
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5426 5455
diff changeset
    87
          'group': 'ldap-source', 'level': 3,
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    88
          }),
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    89
        ('auth-realm',
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    90
         {'type' : 'string',
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    91
          'default': None,
4555
8968c50818db typo fix in help string
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 4212
diff changeset
    92
          'help': 'realm to use when using gssapi/kerberos authentication.',
5456
d040889fac4e merged back oldstable into stable
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5426 5455
diff changeset
    93
          'group': 'ldap-source', 'level': 3,
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    94
          }),
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    95
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    96
        ('data-cnx-dn',
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    97
         {'type' : 'string',
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    98
          'default': '',
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
    99
          'help': 'user dn to use to open data connection to the ldap (eg used \
7029
bae4d11a104b add some tips for users who want to bind to an AD server
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6887
diff changeset
   100
to respond to rql queries). Leave empty for anonymous bind',
5323
329b4f6d18b4 [config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5174
diff changeset
   101
          'group': 'ldap-source', 'level': 1,
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   102
          }),
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   103
        ('data-cnx-password',
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   104
         {'type' : 'string',
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   105
          'default': '',
7029
bae4d11a104b add some tips for users who want to bind to an AD server
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6887
diff changeset
   106
          'help': 'password to use to open data connection to the ldap (eg used to respond to rql queries). Leave empty for anonymous bind.',
5323
329b4f6d18b4 [config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5174
diff changeset
   107
          'group': 'ldap-source', 'level': 1,
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   108
          }),
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   109
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   110
        ('user-base-dn',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   111
         {'type' : 'string',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   112
          'default': 'ou=People,dc=logilab,dc=fr',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   113
          'help': 'base DN to lookup for users',
7029
bae4d11a104b add some tips for users who want to bind to an AD server
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6887
diff changeset
   114
          'group': 'ldap-source', 'level': 1,
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   115
          }),
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   116
        ('user-scope',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   117
         {'type' : 'choice',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   118
          'default': 'ONELEVEL',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   119
          'choices': ('BASE', 'ONELEVEL', 'SUBTREE'),
7029
bae4d11a104b add some tips for users who want to bind to an AD server
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6887
diff changeset
   120
          'help': 'user search scope (valid values: "BASE", "ONELEVEL", "SUBTREE")',
5323
329b4f6d18b4 [config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5174
diff changeset
   121
          'group': 'ldap-source', 'level': 1,
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   122
          }),
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   123
        ('user-classes',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   124
         {'type' : 'csv',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   125
          'default': ('top', 'posixAccount'),
7029
bae4d11a104b add some tips for users who want to bind to an AD server
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6887
diff changeset
   126
          'help': 'classes of user (with Active Directory, you want to say "user" here)',
5323
329b4f6d18b4 [config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5174
diff changeset
   127
          'group': 'ldap-source', 'level': 1,
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   128
          }),
6728
f68bd4c876d1 allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5972
diff changeset
   129
        ('user-filter',
f68bd4c876d1 allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5972
diff changeset
   130
         {'type': 'string',
f68bd4c876d1 allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5972
diff changeset
   131
          'default': '',
f68bd4c876d1 allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5972
diff changeset
   132
          'help': 'additional filters to be set in the ldap query to find valid users',
f68bd4c876d1 allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5972
diff changeset
   133
          'group': 'ldap-source', 'level': 2,
f68bd4c876d1 allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5972
diff changeset
   134
          }),
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   135
        ('user-login-attr',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   136
         {'type' : 'string',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   137
          'default': 'uid',
7029
bae4d11a104b add some tips for users who want to bind to an AD server
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6887
diff changeset
   138
          'help': 'attribute used as login on authentication (with Active Directory, you want to use "sAMAccountName" here)',
5323
329b4f6d18b4 [config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5174
diff changeset
   139
          'group': 'ldap-source', 'level': 1,
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   140
          }),
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   141
        ('user-default-group',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   142
         {'type' : 'csv',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   143
          'default': ('users',),
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   144
          'help': 'name of a group in which ldap users will be by default. \
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   145
You can set multiple groups by separating them by a comma.',
5323
329b4f6d18b4 [config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5174
diff changeset
   146
          'group': 'ldap-source', 'level': 1,
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   147
          }),
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   148
        ('user-attrs-map',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   149
         {'type' : 'named',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   150
          'default': {'uid': 'login', 'gecos': 'email'},
7029
bae4d11a104b add some tips for users who want to bind to an AD server
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6887
diff changeset
   151
          'help': 'map from ldap user attributes to cubicweb attributes (with Active Directory, you want to use sAMAccountName:login,mail:email,givenName:firstname,sn:surname)',
5323
329b4f6d18b4 [config] with lgc >= 0.50, option's dict inputlevel becomes level
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5174
diff changeset
   152
          'group': 'ldap-source', 'level': 1,
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   153
          }),
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   154
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   155
        ('synchronization-interval',
5326
0d9054eb3bd1 [config] properly use time type for options representing a time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5153
diff changeset
   156
         {'type' : 'time',
0d9054eb3bd1 [config] properly use time type for options representing a time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5153
diff changeset
   157
          'default': '1d',
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   158
          'help': 'interval between synchronization with the ldap \
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   159
directory (default to once a day).',
5456
d040889fac4e merged back oldstable into stable
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5426 5455
diff changeset
   160
          'group': 'ldap-source', 'level': 3,
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   161
          }),
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   162
        ('cache-life-time',
5326
0d9054eb3bd1 [config] properly use time type for options representing a time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5153
diff changeset
   163
         {'type' : 'time',
0d9054eb3bd1 [config] properly use time type for options representing a time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5153
diff changeset
   164
          'default': '2h',
5637
b72a838aa109 more robust handling of looping task configuration in ldap source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5604
diff changeset
   165
          'help': 'life time of query cache (default to two hours).',
5456
d040889fac4e merged back oldstable into stable
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5426 5455
diff changeset
   166
          'group': 'ldap-source', 'level': 3,
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   167
          }),
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   168
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   169
    )
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   170
6427
c8a5ac2d1eaa [schema / sources] store data sources as cubicweb entities
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6142
diff changeset
   171
    def __init__(self, repo, source_config, *args, **kwargs):
c8a5ac2d1eaa [schema / sources] store data sources as cubicweb entities
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6142
diff changeset
   172
        AbstractSource.__init__(self, repo, source_config, *args, **kwargs)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   173
        self.host = source_config['host']
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   174
        self.protocol = source_config.get('protocol', 'ldap')
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   175
        self.authmode = source_config.get('auth-mode', 'simple')
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   176
        self._authenticate = getattr(self, '_auth_%s' % self.authmode)
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   177
        self.cnx_dn = source_config.get('data-cnx-dn') or ''
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   178
        self.cnx_pwd = source_config.get('data-cnx-password') or ''
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   179
        self.user_base_scope = globals()[source_config['user-scope']]
6887
72d7feeb071e [tests] make ldap source test run its own local (Open)LDAP server
David Douard <david.douard@logilab.fr>
parents: 6886
diff changeset
   180
        self.user_base_dn = str(source_config['user-base-dn'])
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   181
        self.user_base_scope = globals()[source_config['user-scope']]
2633
bc9386c3b2c9 get_csv is being renamed to splitstrip
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 1977
diff changeset
   182
        self.user_classes = splitstrip(source_config['user-classes'])
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   183
        self.user_login_attr = source_config['user-login-attr']
2633
bc9386c3b2c9 get_csv is being renamed to splitstrip
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 1977
diff changeset
   184
        self.user_default_groups = splitstrip(source_config['user-default-group'])
bc9386c3b2c9 get_csv is being renamed to splitstrip
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 1977
diff changeset
   185
        self.user_attrs = dict(v.split(':', 1) for v in splitstrip(source_config['user-attrs-map']))
6733
627a93027605 [ldap] fix user-filter handling
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6728
diff changeset
   186
        self.user_filter = source_config.get('user-filter')
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   187
        self.user_rev_attrs = {'eid': 'dn'}
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   188
        for ldapattr, cwattr in self.user_attrs.items():
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   189
            self.user_rev_attrs[cwattr] = ldapattr
6728
f68bd4c876d1 allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5972
diff changeset
   190
        self.base_filters = self._make_base_filters()
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   191
        self._conn = None
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   192
        self._cache = {}
5637
b72a838aa109 more robust handling of looping task configuration in ldap source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5604
diff changeset
   193
        # ttlm is in minutes!
5642
6a90357b9769 TimedCache now only accepts values expressed in seconds
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5637
diff changeset
   194
        self._cache_ttl = time_validator(None, None,
6a90357b9769 TimedCache now only accepts values expressed in seconds
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5637
diff changeset
   195
                              source_config.get('cache-life-time', 2*60*60))
6a90357b9769 TimedCache now only accepts values expressed in seconds
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5637
diff changeset
   196
        self._cache_ttl = max(71, self._cache_ttl)
5646
c9550c1239f0 various brown paper bag fixes
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5642
diff changeset
   197
        self._query_cache = TimedCache(self._cache_ttl)
5637
b72a838aa109 more robust handling of looping task configuration in ldap source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5604
diff changeset
   198
        # interval is in seconds !
5455
3dc47a52dd19 fix bad reading of options in ldapuser.py
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5428
diff changeset
   199
        self._interval = time_validator(None, None,
5642
6a90357b9769 TimedCache now only accepts values expressed in seconds
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5637
diff changeset
   200
                                    source_config.get('synchronization-interval',
6a90357b9769 TimedCache now only accepts values expressed in seconds
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5637
diff changeset
   201
                                                      24*60*60))
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   202
6728
f68bd4c876d1 allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5972
diff changeset
   203
    def _make_base_filters(self):
6733
627a93027605 [ldap] fix user-filter handling
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6728
diff changeset
   204
        filters =  [filter_format('(%s=%s)', ('objectClass', o))
627a93027605 [ldap] fix user-filter handling
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6728
diff changeset
   205
                              for o in self.user_classes] 
627a93027605 [ldap] fix user-filter handling
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6728
diff changeset
   206
        if self.user_filter:
627a93027605 [ldap] fix user-filter handling
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6728
diff changeset
   207
            filters += [self.user_filter]
627a93027605 [ldap] fix user-filter handling
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6728
diff changeset
   208
        return filters
6728
f68bd4c876d1 allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5972
diff changeset
   209
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   210
    def reset_caches(self):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   211
        """method called during test to reset potential source caches"""
2763
39b42e158249 [ms] proper reset cache on external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2707
diff changeset
   212
        self._cache = {}
5642
6a90357b9769 TimedCache now only accepts values expressed in seconds
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5637
diff changeset
   213
        self._query_cache = TimedCache(self._cache_ttl)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   214
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   215
    def init(self):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   216
        """method called by the repository once ready to handle request"""
5603
d8d9f4ec252d ldap source logging
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5456
diff changeset
   217
        self.info('ldap init')
5637
b72a838aa109 more robust handling of looping task configuration in ldap source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5604
diff changeset
   218
        # set minimum period of 5min 1s (the additional second is to minimize
b72a838aa109 more robust handling of looping task configuration in ldap source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5604
diff changeset
   219
        # resonnance effet)
b72a838aa109 more robust handling of looping task configuration in ldap source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5604
diff changeset
   220
        self.repo.looping_task(max(301, self._interval), self.synchronize)
5646
c9550c1239f0 various brown paper bag fixes
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5642
diff changeset
   221
        self.repo.looping_task(self._cache_ttl // 10,
1954
9b20f3504af8 cleanup
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 1952
diff changeset
   222
                               self._query_cache.clear_expired)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   223
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   224
    def synchronize(self):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   225
        """synchronize content known by this repository with content in the
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   226
        external repository
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   227
        """
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   228
        self.info('synchronizing ldap source %s', self.uri)
938
a69188963ccb check ldap source has email configured before synchronization
sylvain.thenault@logilab.fr
parents: 257
diff changeset
   229
        try:
a69188963ccb check ldap source has email configured before synchronization
sylvain.thenault@logilab.fr
parents: 257
diff changeset
   230
            ldap_emailattr = self.user_rev_attrs['email']
a69188963ccb check ldap source has email configured before synchronization
sylvain.thenault@logilab.fr
parents: 257
diff changeset
   231
        except KeyError:
a69188963ccb check ldap source has email configured before synchronization
sylvain.thenault@logilab.fr
parents: 257
diff changeset
   232
            return # no email in ldap, we're done
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   233
        session = self.repo.internal_session()
5153
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   234
        execute = session.execute
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   235
        try:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   236
            cursor = session.system_sql("SELECT eid, extid FROM entities WHERE "
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   237
                                        "source='%s'" % self.uri)
1952
8e19c813750d fix extid handling: ensure encoded string is given, and store them as base64 (see note in native.py).
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 1802
diff changeset
   238
            for eid, b64extid in cursor.fetchall():
8e19c813750d fix extid handling: ensure encoded string is given, and store them as base64 (see note in native.py).
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 1802
diff changeset
   239
                extid = b64decode(b64extid)
5603
d8d9f4ec252d ldap source logging
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5456
diff changeset
   240
                self.debug('ldap eid %s', eid)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   241
                # if no result found, _search automatically delete entity information
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   242
                res = self._search(session, extid, BASE)
5603
d8d9f4ec252d ldap source logging
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5456
diff changeset
   243
                self.debug('ldap search %s', res)
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   244
                if res:
938
a69188963ccb check ldap source has email configured before synchronization
sylvain.thenault@logilab.fr
parents: 257
diff changeset
   245
                    ldapemailaddr = res[0].get(ldap_emailattr)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   246
                    if ldapemailaddr:
5972
220856aff85e [ldap] take care, email address may be a list. In such case, only consider the first one (XXX). Also, fix call to reset_caches.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5856
diff changeset
   247
                        if isinstance(ldapemailaddr, list):
220856aff85e [ldap] take care, email address may be a list. In such case, only consider the first one (XXX). Also, fix call to reset_caches.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5856
diff changeset
   248
                            ldapemailaddr = ldapemailaddr[0] # XXX consider only the first email in the list
5153
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   249
                        rset = execute('Any X,A WHERE '
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   250
                                       'X address A, U use_email X, U eid %(u)s',
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   251
                                       {'u': eid})
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   252
                        ldapemailaddr = unicode(ldapemailaddr)
5153
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   253
                        for emaileid, emailaddr, in rset:
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   254
                            if emailaddr == ldapemailaddr:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   255
                                break
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   256
                        else:
5800
2bc88fb424bc reduced logging verbosity in ldapuser source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5789
diff changeset
   257
                            self.debug('updating email address of user %s to %s',
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   258
                                      extid, ldapemailaddr)
5153
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   259
                            emailrset = execute('EmailAddress A WHERE A address %(addr)s',
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   260
                                                {'addr': ldapemailaddr})
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   261
                            if emailrset:
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   262
                                execute('SET U use_email X WHERE '
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   263
                                        'X eid %(x)s, U eid %(u)s',
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   264
                                        {'x': emailrset[0][0], 'u': eid})
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   265
                            elif rset:
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   266
                                if not execute('SET X address %(addr)s WHERE '
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   267
                                               'U primary_email X, U eid %(u)s',
5174
78438ad513ca #759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5153
diff changeset
   268
                                               {'addr': ldapemailaddr, 'u': eid}):
5153
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   269
                                    execute('SET X address %(addr)s WHERE '
3684ccae5cdc [ldap] fix email synchronization code: bad rql query + avoid integrity error on creating the address + nicer use_email / primary_email handling
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5138
diff changeset
   270
                                            'X eid %(x)s',
5174
78438ad513ca #759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5153
diff changeset
   271
                                            {'addr': ldapemailaddr, 'x': rset[0][0]})
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   272
                            else:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   273
                                # no email found, create it
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   274
                                _insert_email(session, ldapemailaddr, eid)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   275
        finally:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   276
            session.commit()
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   277
            session.close()
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   278
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   279
    def get_connection(self):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   280
        """open and return a connection to the source"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   281
        if self._conn is None:
6653
52d1568af412 [ldap] don't refuse to start if ldap is unreachable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6427
diff changeset
   282
            try:
52d1568af412 [ldap] don't refuse to start if ldap is unreachable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6427
diff changeset
   283
                self._connect()
52d1568af412 [ldap] don't refuse to start if ldap is unreachable
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6427
diff changeset
   284
            except:
7029
bae4d11a104b add some tips for users who want to bind to an AD server
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 6887
diff changeset
   285
                self.exception('unable to connect to ldap:')
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   286
        return ConnectionWrapper(self._conn)
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   287
3647
2941f4a0aab9 refactor repo authentication to allow pluggable authentifier to login with something else than a password
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3245
diff changeset
   288
    def authenticate(self, session, login, password=None, **kwargs):
1398
5fe84a5f7035 rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents: 1263
diff changeset
   289
        """return CWUser eid for the given login/password if this account is
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   290
        defined in this source, else raise `AuthenticationError`
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   291
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   292
        two queries are needed since passwords are stored crypted, so we have
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   293
        to fetch the salt first
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   294
        """
5603
d8d9f4ec252d ldap source logging
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5456
diff changeset
   295
        self.info('ldap authenticate %s', login)
5855
db59080f1c8d [ldap] cleanup password checking
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5836
diff changeset
   296
        if not password:
db59080f1c8d [ldap] cleanup password checking
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5836
diff changeset
   297
            # On Windows + ADAM this would have succeeded (!!!)
db59080f1c8d [ldap] cleanup password checking
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5836
diff changeset
   298
            # You get Authenticated as: 'NT AUTHORITY\ANONYMOUS LOGON'.
db59080f1c8d [ldap] cleanup password checking
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5836
diff changeset
   299
            # we really really don't want that
3647
2941f4a0aab9 refactor repo authentication to allow pluggable authentifier to login with something else than a password
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3245
diff changeset
   300
            raise AuthenticationError()
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   301
        searchfilter = [filter_format('(%s=%s)', (self.user_login_attr, login))]
6728
f68bd4c876d1 allow additional filtering to be performed on the LDAP source (#1382380)
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5972
diff changeset
   302
        searchfilter.extend(self._make_base_filters())
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   303
        searchstr = '(&%s)' % ''.join(searchfilter)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   304
        # first search the user
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   305
        try:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   306
            user = self._search(session, self.user_base_dn,
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   307
                                self.user_base_scope, searchstr)[0]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   308
        except IndexError:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   309
            # no such user
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   310
            raise AuthenticationError()
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   311
        # check password by establishing a (unused) connection
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   312
        try:
5855
db59080f1c8d [ldap] cleanup password checking
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5836
diff changeset
   313
            self._connect(user, password)
5856
a02129508378 [ldap] fix exception handling on authentication error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5855
diff changeset
   314
        except ldap.LDAPError, ex:
a02129508378 [ldap] fix exception handling on authentication error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5855
diff changeset
   315
            # Something went wrong, most likely bad credentials
a02129508378 [ldap] fix exception handling on authentication error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5855
diff changeset
   316
            self.info('while trying to authenticate %s: %s', user, ex)
a02129508378 [ldap] fix exception handling on authentication error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5855
diff changeset
   317
            raise AuthenticationError()
5855
db59080f1c8d [ldap] cleanup password checking
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5836
diff changeset
   318
        except Exception:
5856
a02129508378 [ldap] fix exception handling on authentication error
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5855
diff changeset
   319
            self.error('while trying to authenticate %s', user, exc_info=True)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   320
            raise AuthenticationError()
1398
5fe84a5f7035 rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents: 1263
diff changeset
   321
        return self.extid2eid(user['dn'], 'CWUser', session)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   322
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   323
    def ldap_name(self, var):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   324
        if var.stinfo['relations']:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   325
            relname = iter(var.stinfo['relations']).next().r_type
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   326
            return self.user_rev_attrs.get(relname)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   327
        return None
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   328
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   329
    def prepare_columns(self, mainvars, rqlst):
6886
b571d2d32971 [ldap] small code cleanups
David Douard <david.douard@logilab.fr>
parents: 6750
diff changeset
   330
        """return two list describing how to build the final results
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   331
        from the result of an ldap search (ie a list of dictionnary)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   332
        """
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   333
        columns = []
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   334
        global_transforms = []
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   335
        for i, term in enumerate(rqlst.selection):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   336
            if isinstance(term, Constant):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   337
                columns.append(term)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   338
                continue
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   339
            if isinstance(term, Function): # LOWER, UPPER, COUNT...
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   340
                var = term.get_nodes(VariableRef)[0]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   341
                var = var.variable
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   342
                try:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   343
                    mainvar = var.stinfo['attrvar'].name
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   344
                except AttributeError: # no attrvar set
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   345
                    mainvar = var.name
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   346
                assert mainvar in mainvars
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   347
                trname = term.name
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   348
                ldapname = self.ldap_name(var)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   349
                if trname in ('COUNT', 'MIN', 'MAX', 'SUM'):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   350
                    global_transforms.append(GlobTrFunc(trname, i, ldapname))
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   351
                    columns.append((mainvar, ldapname))
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   352
                    continue
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   353
                if trname in ('LOWER', 'UPPER'):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   354
                    columns.append((mainvar, TrFunc(trname, i, ldapname)))
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   355
                    continue
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   356
                raise NotImplementedError('no support for %s function' % trname)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   357
            if term.name in mainvars:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   358
                columns.append((term.name, 'dn'))
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   359
                continue
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   360
            var = term.variable
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   361
            mainvar = var.stinfo['attrvar'].name
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   362
            columns.append((mainvar, self.ldap_name(var)))
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   363
            #else:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   364
            #    # probably a bug in rql splitting if we arrive here
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   365
            #    raise NotImplementedError
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   366
        return columns, global_transforms
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   367
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   368
    def syntax_tree_search(self, session, union,
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   369
                           args=None, cachekey=None, varmap=None, debug=0):
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   370
        """return result from this source for a rql query (actually from a rql
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   371
        syntax tree and a solution dictionary mapping each used variable to a
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   372
        possible type). If cachekey is given, the query necessary to fetch the
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   373
        results (but not the results themselves) may be cached using this key.
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   374
        """
5603
d8d9f4ec252d ldap source logging
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5456
diff changeset
   375
        self.debug('ldap syntax tree search')
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   376
        # XXX not handled : transform/aggregat function, join on multiple users...
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   377
        assert len(union.children) == 1, 'union not supported'
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   378
        rqlst = union.children[0]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   379
        assert not rqlst.with_, 'subquery not supported'
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   380
        rqlkey = rqlst.as_string(kwargs=args)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   381
        try:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   382
            results = self._query_cache[rqlkey]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   383
        except KeyError:
6693
65bd93b72f1e [ldap] make instance still usable if we can't contact ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6653
diff changeset
   384
            try:
65bd93b72f1e [ldap] make instance still usable if we can't contact ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6653
diff changeset
   385
                results = self.rqlst_search(session, rqlst, args)
65bd93b72f1e [ldap] make instance still usable if we can't contact ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6653
diff changeset
   386
                self._query_cache[rqlkey] = results
65bd93b72f1e [ldap] make instance still usable if we can't contact ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6653
diff changeset
   387
            except ldap.SERVER_DOWN:
65bd93b72f1e [ldap] make instance still usable if we can't contact ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6653
diff changeset
   388
                # cant connect to server
65bd93b72f1e [ldap] make instance still usable if we can't contact ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6653
diff changeset
   389
                msg = session._("can't connect to source %s, some data may be missing")
65bd93b72f1e [ldap] make instance still usable if we can't contact ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6653
diff changeset
   390
                session.set_shared_data('sources_error', msg % self.uri)
65bd93b72f1e [ldap] make instance still usable if we can't contact ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 6653
diff changeset
   391
                return []
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   392
        return results
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   393
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   394
    def rqlst_search(self, session, rqlst, args):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   395
        mainvars = []
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   396
        for varname in rqlst.defined_vars:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   397
            for sol in rqlst.solutions:
1398
5fe84a5f7035 rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents: 1263
diff changeset
   398
                if sol[varname] == 'CWUser':
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   399
                    mainvars.append(varname)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   400
                    break
3245
7ef021ac8dec cleanup
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2763
diff changeset
   401
        assert mainvars, rqlst
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   402
        columns, globtransforms = self.prepare_columns(mainvars, rqlst)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   403
        eidfilters = []
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   404
        allresults = []
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   405
        generator = RQL2LDAPFilter(self, session, args, mainvars)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   406
        for mainvar in mainvars:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   407
            # handle restriction
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   408
            try:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   409
                eidfilters_, ldapfilter = generator.generate(rqlst, mainvar)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   410
            except GotDN, ex:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   411
                assert ex.dn, 'no dn!'
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   412
                try:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   413
                    res = [self._cache[ex.dn]]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   414
                except KeyError:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   415
                    res = self._search(session, ex.dn, BASE)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   416
            except UnknownEid, ex:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   417
                # raised when we are looking for the dn of an eid which is not
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   418
                # coming from this source
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   419
                res = []
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   420
            else:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   421
                eidfilters += eidfilters_
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   422
                res = self._search(session, self.user_base_dn,
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   423
                                   self.user_base_scope, ldapfilter)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   424
            allresults.append(res)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   425
        # 1. get eid for each dn and filter according to that eid if necessary
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   426
        for i, res in enumerate(allresults):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   427
            filteredres = []
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   428
            for resdict in res:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   429
                # get sure the entity exists in the system table
1398
5fe84a5f7035 rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents: 1263
diff changeset
   430
                eid = self.extid2eid(resdict['dn'], 'CWUser', session)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   431
                for eidfilter in eidfilters:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   432
                    if not eidfilter(eid):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   433
                        break
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   434
                else:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   435
                    resdict['eid'] = eid
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   436
                    filteredres.append(resdict)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   437
            allresults[i] = filteredres
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   438
        # 2. merge result for each "mainvar": cartesian product
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   439
        allresults = cartesian_product(allresults)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   440
        # 3. build final result according to column definition
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   441
        result = []
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   442
        for rawline in allresults:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   443
            rawline = dict(zip(mainvars, rawline))
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   444
            line = []
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   445
            for varname, ldapname in columns:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   446
                if ldapname is None:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   447
                    value = None # no mapping available
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   448
                elif ldapname == 'dn':
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   449
                    value = rawline[varname]['eid']
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   450
                elif isinstance(ldapname, Constant):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   451
                    if ldapname.type == 'Substitute':
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   452
                        value = args[ldapname.value]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   453
                    else:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   454
                        value = ldapname.value
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   455
                elif isinstance(ldapname, TrFunc):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   456
                    value = ldapname.apply(rawline[varname])
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   457
                else:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   458
                    value = rawline[varname].get(ldapname)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   459
                line.append(value)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   460
            result.append(line)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   461
        for trfunc in globtransforms:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   462
            result = trfunc.apply(result)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   463
        #print '--> ldap result', result
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   464
        return result
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   465
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   466
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   467
    def _connect(self, user=None, userpwd=None):
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   468
        if self.protocol == 'ldapi':
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   469
            hostport = self.host
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   470
        elif not ':' in self.host:
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   471
            hostport = '%s:%s' % (self.host, PROTO_PORT[self.protocol])
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   472
        else:
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   473
            hostport = self.host
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   474
        self.info('connecting %s://%s as %s', self.protocol, hostport,
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   475
                  user and user['dn'] or 'anonymous')
5407
7730796f9506 disable CERT check
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5326
diff changeset
   476
        # don't require server certificate when using ldaps (will
7730796f9506 disable CERT check
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5326
diff changeset
   477
        # enable self signed certs)
7730796f9506 disable CERT check
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5326
diff changeset
   478
        ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   479
        url = LDAPUrl(urlscheme=self.protocol, hostport=hostport)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   480
        conn = ReconnectLDAPObject(url.initializeUrl())
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   481
        # Set the protocol version - version 3 is preferred
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   482
        try:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   483
            conn.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   484
        except ldap.LDAPError: # Invalid protocol version, fall back safely
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   485
            conn.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION2)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   486
        # Deny auto-chasing of referrals to be safe, we handle them instead
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   487
        #try:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   488
        #    connection.set_option(ldap.OPT_REFERRALS, 0)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   489
        #except ldap.LDAPError: # Cannot set referrals, so do nothing
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   490
        #    pass
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   491
        #conn.set_option(ldap.OPT_NETWORK_TIMEOUT, conn_timeout)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   492
        #conn.timeout = op_timeout
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   493
        # Now bind with the credentials given. Let exceptions propagate out.
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   494
        if user is None:
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   495
            # no user specified, we want to initialize the 'data' connection,
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   496
            assert self._conn is None
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   497
            self._conn = conn
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   498
            # XXX always use simple bind for data connection
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   499
            if not self.cnx_dn:
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   500
                conn.simple_bind_s(self.cnx_dn, self.cnx_pwd)
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   501
            else:
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   502
                self._authenticate(conn, {'dn': self.cnx_dn}, self.cnx_pwd)
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   503
        else:
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   504
            # user specified, we want to check user/password, no need to return
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   505
            # the connection which will be thrown out
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   506
            self._authenticate(conn, user, userpwd)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   507
        return conn
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   508
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   509
    def _auth_simple(self, conn, user, userpwd):
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   510
        conn.simple_bind_s(user['dn'], userpwd)
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   511
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   512
    def _auth_cram_md5(self, conn, user, userpwd):
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   513
        from ldap import sasl
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   514
        auth_token = sasl.cram_md5(user['dn'], userpwd)
4716
55b6a3262071 fix some pylint detected errors
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4556
diff changeset
   515
        conn.sasl_interactive_bind_s('', auth_token)
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   516
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   517
    def _auth_digest_md5(self, conn, user, userpwd):
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   518
        from ldap import sasl
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   519
        auth_token = sasl.digest_md5(user['dn'], userpwd)
4716
55b6a3262071 fix some pylint detected errors
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 4556
diff changeset
   520
        conn.sasl_interactive_bind_s('', auth_token)
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   521
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   522
    def _auth_gssapi(self, conn, user, userpwd):
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   523
        # print XXX not proper sasl/gssapi
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   524
        import kerberos
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   525
        if not kerberos.checkPassword(user[self.user_login_attr], userpwd):
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   526
            raise Exception('BAD login / mdp')
2707
15ffc3c8923c cleanup
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2699
diff changeset
   527
        #from ldap import sasl
15ffc3c8923c cleanup
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2699
diff changeset
   528
        #conn.sasl_interactive_bind_s('', sasl.gssapi())
2699
1025300249d2 [ldap] more configuration possible on ldap source: protocal/authentication mode, dumb support for kerberos authentication
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 2633
diff changeset
   529
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   530
    def _search(self, session, base, scope,
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   531
                searchstr='(objectClass=*)', attrs=()):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   532
        """make an ldap query"""
5800
2bc88fb424bc reduced logging verbosity in ldapuser source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5789
diff changeset
   533
        self.debug('ldap search %s %s %s %s %s', self.uri, base, scope, searchstr, list(attrs))
6886
b571d2d32971 [ldap] small code cleanups
David Douard <david.douard@logilab.fr>
parents: 6750
diff changeset
   534
        # XXX for now, we do not have connection pool support for LDAP, so
b571d2d32971 [ldap] small code cleanups
David Douard <david.douard@logilab.fr>
parents: 6750
diff changeset
   535
        # this is always self._conn
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   536
        cnx = session.pool.connection(self.uri).cnx
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   537
        try:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   538
            res = cnx.search_s(base, scope, searchstr, attrs)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   539
        except ldap.PARTIAL_RESULTS:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   540
            res = cnx.result(all=0)[1]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   541
        except ldap.NO_SUCH_OBJECT:
5603
d8d9f4ec252d ldap source logging
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5456
diff changeset
   542
            self.info('ldap NO SUCH OBJECT')
1398
5fe84a5f7035 rename internal entity types to have CW prefix instead of E
sylvain.thenault@logilab.fr
parents: 1263
diff changeset
   543
            eid = self.extid2eid(base, 'CWUser', session, insert=False)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   544
            if eid:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   545
                self.warning('deleting ldap user with eid %s and dn %s',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   546
                             eid, base)
4913
083b4d454192 server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents: 4719
diff changeset
   547
                entity = session.entity_from_eid(eid, 'CWUser')
083b4d454192 server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents: 4719
diff changeset
   548
                self.repo.delete_info(session, entity, self.uri, base)
5972
220856aff85e [ldap] take care, email address may be a list. In such case, only consider the first one (XXX). Also, fix call to reset_caches.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5856
diff changeset
   549
                self.reset_caches()
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   550
            return []
5789
0f969e5c579a [ldapuser] quieter ldap result info, fix commented block style
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5646
diff changeset
   551
        # except ldap.REFERRAL, e:
0f969e5c579a [ldapuser] quieter ldap result info, fix commented block style
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5646
diff changeset
   552
        #     cnx = self.handle_referral(e)
0f969e5c579a [ldapuser] quieter ldap result info, fix commented block style
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5646
diff changeset
   553
        #     try:
0f969e5c579a [ldapuser] quieter ldap result info, fix commented block style
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5646
diff changeset
   554
        #         res = cnx.search_s(base, scope, searchstr, attrs)
0f969e5c579a [ldapuser] quieter ldap result info, fix commented block style
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5646
diff changeset
   555
        #     except ldap.PARTIAL_RESULTS:
0f969e5c579a [ldapuser] quieter ldap result info, fix commented block style
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 5646
diff changeset
   556
        #         res_type, res = cnx.result(all=0)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   557
        result = []
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   558
        for rec_dn, rec_dict in res:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   559
            # When used against Active Directory, "rec_dict" may not be
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   560
            # be a dictionary in some cases (instead, it can be a list)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   561
            # An example of a useless "res" entry that can be ignored
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   562
            # from AD is
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   563
            # (None, ['ldap://ForestDnsZones.PORTAL.LOCAL/DC=ForestDnsZones,DC=PORTAL,DC=LOCAL'])
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   564
            # This appears to be some sort of internal referral, but
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   565
            # we can't handle it, so we need to skip over it.
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   566
            try:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   567
                items =  rec_dict.items()
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   568
            except AttributeError:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   569
                # 'items' not found on rec_dict, skip
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   570
                continue
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   571
            for key, value in items: # XXX syt: huuum ?
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   572
                if not isinstance(value, str):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   573
                    try:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   574
                        for i in range(len(value)):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   575
                            value[i] = unicode(value[i], 'utf8')
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   576
                    except:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   577
                        pass
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   578
                if isinstance(value, list) and len(value) == 1:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   579
                    rec_dict[key] = value = value[0]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   580
            rec_dict['dn'] = rec_dn
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   581
            self._cache[rec_dn] = rec_dict
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   582
            result.append(rec_dict)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   583
        #print '--->', result
5827
aad4496a279a reduce log verbosity in ldapuser source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5800
diff changeset
   584
        self.debug('ldap built results %s', len(result))
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   585
        return result
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   586
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   587
    def before_entity_insertion(self, session, lid, etype, eid):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   588
        """called by the repository when an eid has been attributed for an
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   589
        entity stored here but the entity has not been inserted in the system
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   590
        table yet.
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   591
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   592
        This method must return the an Entity instance representation of this
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   593
        entity.
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   594
        """
5800
2bc88fb424bc reduced logging verbosity in ldapuser source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5789
diff changeset
   595
        self.debug('ldap before entity insertion')
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   596
        entity = super(LDAPUserSource, self).before_entity_insertion(session, lid, etype, eid)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   597
        res = self._search(session, lid, BASE)[0]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   598
        for attr in entity.e_schema.indexable_attributes():
6142
8bc6eac1fac1 [session] cleanup hook / operation / entity edition api
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5972
diff changeset
   599
            entity.cw_edited[attr] = res[self.user_rev_attrs[attr]]
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   600
        return entity
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   601
6886
b571d2d32971 [ldap] small code cleanups
David Douard <david.douard@logilab.fr>
parents: 6750
diff changeset
   602
    def after_entity_insertion(self, session, lid, entity):
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   603
        """called by the repository after an entity stored here has been
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   604
        inserted in the system table.
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   605
        """
5800
2bc88fb424bc reduced logging verbosity in ldapuser source
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents: 5789
diff changeset
   606
        self.debug('ldap after entity insertion')
6886
b571d2d32971 [ldap] small code cleanups
David Douard <david.douard@logilab.fr>
parents: 6750
diff changeset
   607
        super(LDAPUserSource, self).after_entity_insertion(session, lid, entity)
b571d2d32971 [ldap] small code cleanups
David Douard <david.douard@logilab.fr>
parents: 6750
diff changeset
   608
        dn = lid
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   609
        for group in self.user_default_groups:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   610
            session.execute('SET X in_group G WHERE X eid %(x)s, G name %(group)s',
5174
78438ad513ca #759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5153
diff changeset
   611
                            {'x': entity.eid, 'group': group})
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   612
        # search for existant email first
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   613
        try:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   614
            emailaddr = self._cache[dn][self.user_rev_attrs['email']]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   615
        except KeyError:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   616
            return
5972
220856aff85e [ldap] take care, email address may be a list. In such case, only consider the first one (XXX). Also, fix call to reset_caches.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5856
diff changeset
   617
        if isinstance(emailaddr, list):
220856aff85e [ldap] take care, email address may be a list. In such case, only consider the first one (XXX). Also, fix call to reset_caches.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5856
diff changeset
   618
            emailaddr = emailaddr[0] # XXX consider only the first email in the list
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   619
        rset = session.execute('EmailAddress X WHERE X address %(addr)s',
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   620
                               {'addr': emailaddr})
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   621
        if rset:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   622
            session.execute('SET U primary_email X WHERE U eid %(u)s, X eid %(x)s',
5174
78438ad513ca #759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5153
diff changeset
   623
                            {'x': rset[0][0], 'u': entity.eid})
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   624
        else:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   625
            # not found, create it
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   626
            _insert_email(session, emailaddr, entity.eid)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   627
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   628
    def update_entity(self, session, entity):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   629
        """replace an entity in the source"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   630
        raise RepositoryError('this source is read only')
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   631
4913
083b4d454192 server/web api for accessing to deleted_entites
Katia Saurfelt <katia.saurfelt@logilab.fr>
parents: 4719
diff changeset
   632
    def delete_entity(self, session, entity):
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   633
        """delete an entity from the source"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   634
        raise RepositoryError('this source is read only')
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   635
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   636
def _insert_email(session, emailaddr, ueid):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   637
    session.execute('INSERT EmailAddress X: X address %(addr)s, U primary_email X '
5174
78438ad513ca #759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 5153
diff changeset
   638
                    'WHERE U eid %(x)s', {'addr': emailaddr, 'x': ueid})
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   639
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   640
class GotDN(Exception):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   641
    """exception used when a dn localizing the searched user has been found"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   642
    def __init__(self, dn):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   643
        self.dn = dn
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   644
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   645
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   646
class RQL2LDAPFilter(object):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   647
    """generate an LDAP filter for a rql query"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   648
    def __init__(self, source, session, args=None, mainvars=()):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   649
        self.source = source
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   650
        self._ldap_attrs = source.user_rev_attrs
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   651
        self._base_filters = source.base_filters
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   652
        self._session = session
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   653
        if args is None:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   654
            args = {}
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   655
        self._args = args
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   656
        self.mainvars = mainvars
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   657
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   658
    def generate(self, selection, mainvarname):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   659
        self._filters = res = self._base_filters[:]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   660
        self._mainvarname = mainvarname
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   661
        self._eidfilters = []
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   662
        self._done_not = set()
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   663
        restriction = selection.where
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   664
        if isinstance(restriction, Relation):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   665
            # only a single relation, need to append result here (no AND/OR)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   666
            filter = restriction.accept(self)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   667
            if filter is not None:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   668
                res.append(filter)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   669
        elif restriction:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   670
            restriction.accept(self)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   671
        if len(res) > 1:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   672
            return self._eidfilters, '(&%s)' % ''.join(res)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   673
        return self._eidfilters, res[0]
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   674
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   675
    def visit_and(self, et):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   676
        """generate filter for a AND subtree"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   677
        for c in et.children:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   678
            part = c.accept(self)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   679
            if part:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   680
                self._filters.append(part)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   681
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   682
    def visit_or(self, ou):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   683
        """generate filter for a OR subtree"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   684
        res = []
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   685
        for c in ou.children:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   686
            part = c.accept(self)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   687
            if part:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   688
                res.append(part)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   689
        if res:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   690
            if len(res) > 1:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   691
                part = '(|%s)' % ''.join(res)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   692
            else:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   693
                part = res[0]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   694
            self._filters.append(part)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   695
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   696
    def visit_not(self, node):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   697
        """generate filter for a OR subtree"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   698
        part = node.children[0].accept(self)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   699
        if part:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   700
            self._filters.append('(!(%s))'% part)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   701
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   702
    def visit_relation(self, relation):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   703
        """generate filter for a relation"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   704
        rtype = relation.r_type
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   705
        # don't care of type constraint statement (i.e. relation_type = 'is')
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   706
        if rtype == 'is':
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   707
            return ''
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   708
        lhs, rhs = relation.get_parts()
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   709
        # attribute relation
3689
deb13e88e037 follow yams 0.25 api changes to improve performance
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 3245
diff changeset
   710
        if self.source.schema.rschema(rtype).final:
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   711
            # dunno what to do here, don't pretend anything else
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   712
            if lhs.name != self._mainvarname:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   713
                if lhs.name in self.mainvars:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   714
                    # XXX check we don't have variable as rhs
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   715
                    return
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   716
                raise NotImplementedError
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   717
            rhs_vars = rhs.get_nodes(VariableRef)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   718
            if rhs_vars:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   719
                if len(rhs_vars) > 1:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   720
                    raise NotImplementedError
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   721
                # selected variable, nothing to do here
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   722
                return
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   723
            # no variables in the RHS
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   724
            if isinstance(rhs.children[0], Function):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   725
                res = rhs.children[0].accept(self)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   726
            elif rtype != 'has_text':
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   727
                res = self._visit_attribute_relation(relation)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   728
            else:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   729
                raise NotImplementedError(relation)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   730
        # regular relation XXX todo: in_group
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   731
        else:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   732
            raise NotImplementedError(relation)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   733
        return res
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   734
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   735
    def _visit_attribute_relation(self, relation):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   736
        """generate filter for an attribute relation"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   737
        lhs, rhs = relation.get_parts()
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   738
        lhsvar = lhs.variable
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   739
        if relation.r_type == 'eid':
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   740
            # XXX hack
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   741
            # skip comparison sign
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   742
            eid = int(rhs.children[0].accept(self))
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   743
            if relation.neged(strict=True):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   744
                self._done_not.add(relation.parent)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   745
                self._eidfilters.append(lambda x: not x == eid)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   746
                return
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   747
            if rhs.operator != '=':
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   748
                filter = {'>': lambda x: x > eid,
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   749
                          '>=': lambda x: x >= eid,
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   750
                          '<': lambda x: x < eid,
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   751
                          '<=': lambda x: x <= eid,
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   752
                          }[rhs.operator]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   753
                self._eidfilters.append(filter)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   754
                return
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   755
            dn = self.source.eid2extid(eid, self._session)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   756
            raise GotDN(dn)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   757
        try:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   758
            filter = '(%s%s)' % (self._ldap_attrs[relation.r_type],
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   759
                                 rhs.accept(self))
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   760
        except KeyError:
975
0928daea04e9 fix ldapsource w/ restriction on unsupported relation (return no results in that case)
sylvain.thenault@logilab.fr
parents: 938
diff changeset
   761
            # unsupported attribute
0928daea04e9 fix ldapsource w/ restriction on unsupported relation (return no results in that case)
sylvain.thenault@logilab.fr
parents: 938
diff changeset
   762
            self.source.warning('%s source can\'t handle relation %s, no '
0928daea04e9 fix ldapsource w/ restriction on unsupported relation (return no results in that case)
sylvain.thenault@logilab.fr
parents: 938
diff changeset
   763
                                'results will be returned from this source',
0928daea04e9 fix ldapsource w/ restriction on unsupported relation (return no results in that case)
sylvain.thenault@logilab.fr
parents: 938
diff changeset
   764
                                self.source.uri, relation)
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   765
            raise UnknownEid # trick to return no result
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   766
        return filter
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   767
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   768
    def visit_comparison(self, cmp):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   769
        """generate filter for a comparaison"""
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   770
        return '%s%s'% (cmp.operator, cmp.children[0].accept(self))
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   771
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   772
    def visit_mathexpression(self, mexpr):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   773
        """generate filter for a mathematic expression"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   774
        raise NotImplementedError
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   775
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   776
    def visit_function(self, function):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   777
        """generate filter name for a function"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   778
        if function.name == 'IN':
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   779
            return self.visit_in(function)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   780
        raise NotImplementedError
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   781
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   782
    def visit_in(self, function):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   783
        grandpapa = function.parent.parent
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   784
        ldapattr = self._ldap_attrs[grandpapa.r_type]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   785
        res = []
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   786
        for c in function.children:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   787
            part = c.accept(self)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   788
            if part:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   789
                res.append(part)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   790
        if res:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   791
            if len(res) > 1:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   792
                part = '(|%s)' % ''.join('(%s=%s)' % (ldapattr, v) for v in res)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   793
            else:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   794
                part = '(%s=%s)' % (ldapattr, res[0])
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   795
        return part
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   796
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   797
    def visit_constant(self, constant):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   798
        """generate filter name for a constant"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   799
        value = constant.value
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   800
        if constant.type is None:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   801
            raise NotImplementedError
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   802
        if constant.type == 'Date':
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   803
            raise NotImplementedError
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   804
            #value = self.keyword_map[value]()
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   805
        elif constant.type == 'Substitute':
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   806
            value = self._args[constant.value]
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   807
        else:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   808
            value = constant.value
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   809
        if isinstance(value, unicode):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   810
            value = value.encode('utf8')
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   811
        else:
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   812
            value = str(value)
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   813
        return escape_filter_chars(value)
1802
d628defebc17 delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents: 1398
diff changeset
   814
257
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   815
    def visit_variableref(self, variableref):
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   816
        """get the sql name for a variable reference"""
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   817
        pass
4c7d3af7e94d restore multi-sources capabilities
Sylvain Thenault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   818