sobjects/ldapparser.py
author Julien Cristau <julien.cristau@logilab.fr>
Tue, 06 Oct 2015 11:19:37 +0200
changeset 10781 e2ab20561932
parent 10768 99689a5862ea
child 10906 e1ce0866afe9
permissions -rw-r--r--
[devtools] make httptest module importable under py3k
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
8188
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
     1
# copyright 2011-2012 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
     2
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
     3
#
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
     4
# This file is part of CubicWeb.
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
     5
#
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
     6
# CubicWeb is free software: you can redistribute it and/or modify it under the
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
     7
# terms of the GNU Lesser General Public License as published by the Free
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
     8
# Software Foundation, either version 2.1 of the License, or (at your option)
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
     9
# any later version.
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    10
#
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    11
# CubicWeb is distributed in the hope that it will be useful, but WITHOUT
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    12
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    13
# FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    14
# details.
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    15
#
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    16
# You should have received a copy of the GNU Lesser General Public License along
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    17
# with CubicWeb.  If not, see <http://www.gnu.org/licenses/>.
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    18
"""cubicweb ldap feed source
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    19
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    20
unlike ldapuser source, this source is copy based and will import ldap content
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    21
(beside passwords for authentication) into the system source.
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    22
"""
10768
99689a5862ea [py3k] make ldapfeed tests pass
Julien Cristau <julien.cristau@logilab.fr>
parents: 10663
diff changeset
    23
from six.moves import map, filter
99689a5862ea [py3k] make ldapfeed tests pass
Julien Cristau <julien.cristau@logilab.fr>
parents: 10663
diff changeset
    24
8638
9f95c2368b8b [ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8633
diff changeset
    25
from logilab.common.decorators import cached, cachedproperty
8387
b59af20a868d [ldap] we may actually get back password from ldap
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8382
diff changeset
    26
from logilab.common.shellutils import generate_password
8188
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    27
8566
76bcfb3c483d [ldapparser] raise specific error if the configuration is wrong (closes #2498164)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8479
diff changeset
    28
from cubicweb import Binary, ConfigurationError
8387
b59af20a868d [ldap] we may actually get back password from ldap
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8382
diff changeset
    29
from cubicweb.server.utils import crypt_password
8188
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    30
from cubicweb.server.sources import datafeed
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    31
8387
b59af20a868d [ldap] we may actually get back password from ldap
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8382
diff changeset
    32
8430
5bee87a14bb1 fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8427
diff changeset
    33
class DataFeedLDAPAdapter(datafeed.DataFeedParser):
8188
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    34
    __regid__ = 'ldapfeed'
8250
171a9d6bff8f [ldapfeed] fix synchronisation crash: ldap attributes are given while we want cw attributes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8188
diff changeset
    35
    # attributes that may appears in source user_attrs dict which are not
171a9d6bff8f [ldapfeed] fix synchronisation crash: ldap attributes are given while we want cw attributes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8188
diff changeset
    36
    # attributes of the cw user
8919
4cba95ef4738 [ldap] handle modification date
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 8918
diff changeset
    37
    non_attribute_keys = set(('email', 'eid', 'member', 'modification_date'))
8188
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    38
8638
9f95c2368b8b [ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8633
diff changeset
    39
    @cachedproperty
9f95c2368b8b [ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8633
diff changeset
    40
    def searchfilterstr(self):
9f95c2368b8b [ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8633
diff changeset
    41
        """ ldap search string, including user-filter """
9f95c2368b8b [ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8633
diff changeset
    42
        return '(&%s)' % ''.join(self.source.base_filters)
9f95c2368b8b [ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8633
diff changeset
    43
9f95c2368b8b [ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8633
diff changeset
    44
    @cachedproperty
8922
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
    45
    def searchgroupfilterstr(self):
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
    46
        """ ldap search string, including user-filter """
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
    47
        return '(&%s)' % ''.join(self.source.group_base_filters)
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
    48
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
    49
    @cachedproperty
8920
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
    50
    def user_source_entities_by_extid(self):
8638
9f95c2368b8b [ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8633
diff changeset
    51
        source = self.source
8906
ed35d984ff28 [ldap] an empty 'user-base-dn' disable the user importation process,
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 8900
diff changeset
    52
        if source.user_base_dn.strip():
10768
99689a5862ea [py3k] make ldapfeed tests pass
Julien Cristau <julien.cristau@logilab.fr>
parents: 10663
diff changeset
    53
            attrs = list(map(str, source.user_attrs.keys()))
99689a5862ea [py3k] make ldapfeed tests pass
Julien Cristau <julien.cristau@logilab.fr>
parents: 10663
diff changeset
    54
            return dict((userdict['dn'].encode('ascii'), userdict)
8906
ed35d984ff28 [ldap] an empty 'user-base-dn' disable the user importation process,
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 8900
diff changeset
    55
                        for userdict in source._search(self._cw,
ed35d984ff28 [ldap] an empty 'user-base-dn' disable the user importation process,
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 8900
diff changeset
    56
                                                       source.user_base_dn,
ed35d984ff28 [ldap] an empty 'user-base-dn' disable the user importation process,
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 8900
diff changeset
    57
                                                       source.user_base_scope,
8918
43fd866e8f8a [ldap] refactor attributes mapping handling
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 8917
diff changeset
    58
                                                       self.searchfilterstr,
43fd866e8f8a [ldap] refactor attributes mapping handling
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 8917
diff changeset
    59
                                                       attrs))
8906
ed35d984ff28 [ldap] an empty 'user-base-dn' disable the user importation process,
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 8900
diff changeset
    60
        return {}
8638
9f95c2368b8b [ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8633
diff changeset
    61
8922
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
    62
    @cachedproperty
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
    63
    def group_source_entities_by_extid(self):
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
    64
        source = self.source
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
    65
        if source.group_base_dn.strip():
10768
99689a5862ea [py3k] make ldapfeed tests pass
Julien Cristau <julien.cristau@logilab.fr>
parents: 10663
diff changeset
    66
            attrs = list(map(str, ['modifyTimestamp'] + list(source.group_attrs.keys())))
8922
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
    67
            return dict((groupdict['dn'], groupdict)
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
    68
                        for groupdict in source._search(self._cw,
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
    69
                                                        source.group_base_dn,
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
    70
                                                        source.group_base_scope,
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
    71
                                                        self.searchgroupfilterstr,
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
    72
                                                        attrs))
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
    73
        return {}
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
    74
10089
6346f53c85f1 [datafeed] Add a raise_on_error parameter to DataFeedSource.extid2entity
Denis Laxalde <denis.laxalde@logilab.fr>
parents: 9879
diff changeset
    75
    def _process(self, etype, sdict, raise_on_error=False):
9219
6afdeaabac74 [ldapparser] demote some logs from warning to debug (closes #2713671)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8922
diff changeset
    76
        self.debug('fetched %s %s', etype, sdict)
8920
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
    77
        extid = sdict['dn']
10089
6346f53c85f1 [datafeed] Add a raise_on_error parameter to DataFeedSource.extid2entity
Denis Laxalde <denis.laxalde@logilab.fr>
parents: 9879
diff changeset
    78
        entity = self.extid2entity(extid, etype,
6346f53c85f1 [datafeed] Add a raise_on_error parameter to DataFeedSource.extid2entity
Denis Laxalde <denis.laxalde@logilab.fr>
parents: 9879
diff changeset
    79
                                   raise_on_error=raise_on_error, **sdict)
8920
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
    80
        if entity is not None and not self.created_during_pull(entity):
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
    81
            self.notify_updated(entity)
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
    82
            attrs = self.ldap2cwattrs(sdict, etype)
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
    83
            self.update_if_necessary(entity, attrs)
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
    84
            if etype == 'CWUser':
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
    85
                self._process_email(entity, sdict)
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
    86
            if etype == 'CWGroup':
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
    87
                self._process_membership(entity, sdict)
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
    88
8409
79534887943e [datafeed] fix/finish cleanup started by auc in 8393:c25b96ae4f8a: parser.process prototytpe is (url, raise_on_error=False). Drop partialcommit argument which were never specified
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8400
diff changeset
    89
    def process(self, url, raise_on_error=False):
8188
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
    90
        """IDataFeedParser main entry point"""
8638
9f95c2368b8b [ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8633
diff changeset
    91
        self.debug('processing ldapfeed source %s %s', self.source, self.searchfilterstr)
10663
54b8a1f249fb [py3k] dict.itervalues → dict.values
Rémi Cardona <remi.cardona@logilab.fr>
parents: 10662
diff changeset
    92
        for userdict in self.user_source_entities_by_extid.values():
8920
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
    93
            self._process('CWUser', userdict)
8922
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
    94
        self.debug('processing ldapfeed source %s %s', self.source, self.searchgroupfilterstr)
10663
54b8a1f249fb [py3k] dict.itervalues → dict.values
Rémi Cardona <remi.cardona@logilab.fr>
parents: 10662
diff changeset
    95
        for groupdict in self.group_source_entities_by_extid.values():
10089
6346f53c85f1 [datafeed] Add a raise_on_error parameter to DataFeedSource.extid2entity
Denis Laxalde <denis.laxalde@logilab.fr>
parents: 9879
diff changeset
    96
            self._process('CWGroup', groupdict, raise_on_error=raise_on_error)
8430
5bee87a14bb1 fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8427
diff changeset
    97
9879
21278eb03bbf [datafeed sources] finish the session -> cnx switch
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 9551
diff changeset
    98
    def handle_deletion(self, config, cnx, myuris):
8430
5bee87a14bb1 fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8427
diff changeset
    99
        if config['delete-entities']:
9879
21278eb03bbf [datafeed sources] finish the session -> cnx switch
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 9551
diff changeset
   100
            super(DataFeedLDAPAdapter, self).handle_deletion(config, cnx, myuris)
8432
96b4f7a35e6c [ldapparser] missing return
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8431
diff changeset
   101
            return
8430
5bee87a14bb1 fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8427
diff changeset
   102
        if myuris:
5bee87a14bb1 fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8427
diff changeset
   103
            byetype = {}
10662
10942ed172de [py3k] dict.iteritems → dict.items
Rémi Cardona <remi.cardona@logilab.fr>
parents: 10089
diff changeset
   104
            for extid, (eid, etype) in myuris.items():
8430
5bee87a14bb1 fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8427
diff changeset
   105
                if self.is_deleted(extid, etype, eid):
5bee87a14bb1 fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8427
diff changeset
   106
                    byetype.setdefault(etype, []).append(str(eid))
5bee87a14bb1 fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8427
diff changeset
   107
10662
10942ed172de [py3k] dict.iteritems → dict.items
Rémi Cardona <remi.cardona@logilab.fr>
parents: 10089
diff changeset
   108
            for etype, eids in byetype.items():
8430
5bee87a14bb1 fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8427
diff changeset
   109
                if etype != 'CWUser':
5bee87a14bb1 fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8427
diff changeset
   110
                    continue
9219
6afdeaabac74 [ldapparser] demote some logs from warning to debug (closes #2713671)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8922
diff changeset
   111
                self.info('deactivate %s %s entities', len(eids), etype)
8430
5bee87a14bb1 fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8427
diff changeset
   112
                for eid in eids:
9879
21278eb03bbf [datafeed sources] finish the session -> cnx switch
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 9551
diff changeset
   113
                    wf = cnx.entity_from_eid(eid).cw_adapt_to('IWorkflowable')
8434
39c5bb4dcc59 [ldapfeed] do not crash on ldap user deletion + pull + already deactivated users, cleanups (closes #2392933)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8432
diff changeset
   114
                    wf.fire_transition_if_possible('deactivate')
9879
21278eb03bbf [datafeed sources] finish the session -> cnx switch
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 9551
diff changeset
   115
        cnx.commit()
8430
5bee87a14bb1 fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8427
diff changeset
   116
8434
39c5bb4dcc59 [ldapfeed] do not crash on ldap user deletion + pull + already deactivated users, cleanups (closes #2392933)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8432
diff changeset
   117
    def update_if_necessary(self, entity, attrs):
8478
e099ebc65e61 [ldap feed] fix error since with read security activated, password value is not selecteable (closes #2406597). Also add a note in the book about packages required to connect to an ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8434
diff changeset
   118
        # disable read security to allow password selection
e099ebc65e61 [ldap feed] fix error since with read security activated, password value is not selecteable (closes #2406597). Also add a note in the book about packages required to connect to an ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8434
diff changeset
   119
        with entity._cw.security_enabled(read=False):
e099ebc65e61 [ldap feed] fix error since with read security activated, password value is not selecteable (closes #2406597). Also add a note in the book about packages required to connect to an ldap server
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8434
diff changeset
   120
            entity.complete(tuple(attrs))
8900
010a59e12d89 use cw_etype instead of __regid__
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 8888
diff changeset
   121
        if entity.cw_etype == 'CWUser':
8434
39c5bb4dcc59 [ldapfeed] do not crash on ldap user deletion + pull + already deactivated users, cleanups (closes #2392933)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8432
diff changeset
   122
            wf = entity.cw_adapt_to('IWorkflowable')
39c5bb4dcc59 [ldapfeed] do not crash on ldap user deletion + pull + already deactivated users, cleanups (closes #2392933)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8432
diff changeset
   123
            if wf.state == 'deactivated':
8639
2fddbe32ae8b [ldapfeed] if a deactivated user becomes available again in its source, reactivate it (closes #2542776)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8638
diff changeset
   124
                wf.fire_transition('activate')
9219
6afdeaabac74 [ldapparser] demote some logs from warning to debug (closes #2713671)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8922
diff changeset
   125
                self.info('user %s reactivated', entity.login)
8434
39c5bb4dcc59 [ldapfeed] do not crash on ldap user deletion + pull + already deactivated users, cleanups (closes #2392933)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8432
diff changeset
   126
        mdate = attrs.get('modification_date')
39c5bb4dcc59 [ldapfeed] do not crash on ldap user deletion + pull + already deactivated users, cleanups (closes #2392933)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8432
diff changeset
   127
        if not mdate or mdate > entity.modification_date:
10662
10942ed172de [py3k] dict.iteritems → dict.items
Rémi Cardona <remi.cardona@logilab.fr>
parents: 10089
diff changeset
   128
            attrs = dict( (k, v) for k, v in attrs.items()
8434
39c5bb4dcc59 [ldapfeed] do not crash on ldap user deletion + pull + already deactivated users, cleanups (closes #2392933)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8432
diff changeset
   129
                          if v != getattr(entity, k))
39c5bb4dcc59 [ldapfeed] do not crash on ldap user deletion + pull + already deactivated users, cleanups (closes #2392933)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8432
diff changeset
   130
            if attrs:
8483
4ba11607d84a [entity api] unify set_attributes / set_relations into a cw_set method. Closes #2423719
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8434
diff changeset
   131
                entity.cw_set(**attrs)
8434
39c5bb4dcc59 [ldapfeed] do not crash on ldap user deletion + pull + already deactivated users, cleanups (closes #2392933)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8432
diff changeset
   132
                self.notify_updated(entity)
39c5bb4dcc59 [ldapfeed] do not crash on ldap user deletion + pull + already deactivated users, cleanups (closes #2392933)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8432
diff changeset
   133
8920
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
   134
    def ldap2cwattrs(self, sdict, etype, tdict=None):
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
   135
        """ Transform dictionary of LDAP attributes to CW
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
   136
        etype must be CWUser or CWGroup """
8250
171a9d6bff8f [ldapfeed] fix synchronisation crash: ldap attributes are given while we want cw attributes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8188
diff changeset
   137
        if tdict is None:
171a9d6bff8f [ldapfeed] fix synchronisation crash: ldap attributes are given while we want cw attributes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8188
diff changeset
   138
            tdict = {}
8920
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
   139
        if etype == 'CWUser':
10662
10942ed172de [py3k] dict.iteritems → dict.items
Rémi Cardona <remi.cardona@logilab.fr>
parents: 10089
diff changeset
   140
            items = self.source.user_attrs.items()
8922
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
   141
        elif etype == 'CWGroup':
10662
10942ed172de [py3k] dict.iteritems → dict.items
Rémi Cardona <remi.cardona@logilab.fr>
parents: 10089
diff changeset
   142
            items = self.source.group_attrs.items()
8920
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
   143
        for sattr, tattr in items:
8250
171a9d6bff8f [ldapfeed] fix synchronisation crash: ldap attributes are given while we want cw attributes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8188
diff changeset
   144
            if tattr not in self.non_attribute_keys:
8566
76bcfb3c483d [ldapparser] raise specific error if the configuration is wrong (closes #2498164)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8479
diff changeset
   145
                try:
76bcfb3c483d [ldapparser] raise specific error if the configuration is wrong (closes #2498164)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8479
diff changeset
   146
                    tdict[tattr] = sdict[sattr]
76bcfb3c483d [ldapparser] raise specific error if the configuration is wrong (closes #2498164)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8479
diff changeset
   147
                except KeyError:
9551
cbc46f94081d [ldapparser, book] document additional error causes
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents: 9535
diff changeset
   148
                    raise ConfigurationError('source attribute %s has not '
cbc46f94081d [ldapparser, book] document additional error causes
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents: 9535
diff changeset
   149
                                             'been found in the source, '
cbc46f94081d [ldapparser, book] document additional error causes
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents: 9535
diff changeset
   150
                                             'please check the %s-attrs-map '
cbc46f94081d [ldapparser, book] document additional error causes
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents: 9535
diff changeset
   151
                                             'field and the permissions of '
cbc46f94081d [ldapparser, book] document additional error causes
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents: 9535
diff changeset
   152
                                             'the LDAP binding user' %
8920
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
   153
                                             (sattr, etype[2:].lower()))
8250
171a9d6bff8f [ldapfeed] fix synchronisation crash: ldap attributes are given while we want cw attributes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8188
diff changeset
   154
        return tdict
171a9d6bff8f [ldapfeed] fix synchronisation crash: ldap attributes are given while we want cw attributes
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8188
diff changeset
   155
8188
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   156
    def before_entity_copy(self, entity, sourceparams):
8920
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
   157
        etype = entity.cw_etype
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
   158
        if etype == 'EmailAddress':
8188
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   159
            entity.cw_edited['address'] = sourceparams['address']
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   160
        else:
8920
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
   161
            self.ldap2cwattrs(sourceparams, etype, tdict=entity.cw_edited)
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
   162
            if etype == 'CWUser':
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
   163
                pwd = entity.cw_edited.get('upassword')
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
   164
                if not pwd:
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
   165
                    # generate a dumb password if not fetched from ldap (see
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
   166
                    # userPassword)
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
   167
                    pwd = crypt_password(generate_password())
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
   168
                    entity.cw_edited['upassword'] = Binary(pwd)
8188
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   169
        return entity
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   170
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   171
    def after_entity_copy(self, entity, sourceparams):
8430
5bee87a14bb1 fix ldap removal handling in ldapfeed (closes #2376625 and #2385133)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8427
diff changeset
   172
        super(DataFeedLDAPAdapter, self).after_entity_copy(entity, sourceparams)
8920
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
   173
        etype = entity.cw_etype
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
   174
        if etype == 'EmailAddress':
8188
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   175
            return
9551
cbc46f94081d [ldapparser, book] document additional error causes
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents: 9535
diff changeset
   176
        # all CWUsers must be treated before CWGroups to have the in_group relation
8920
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
   177
        # set correctly in _associate_ldapusers
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
   178
        elif etype == 'CWUser':
10768
99689a5862ea [py3k] make ldapfeed tests pass
Julien Cristau <julien.cristau@logilab.fr>
parents: 10663
diff changeset
   179
            groups = list(filter(None, [self._get_group(name)
99689a5862ea [py3k] make ldapfeed tests pass
Julien Cristau <julien.cristau@logilab.fr>
parents: 10663
diff changeset
   180
                                        for name in self.source.user_default_groups]))
8920
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
   181
            if groups:
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
   182
                entity.cw_set(in_group=groups)
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
   183
            self._process_email(entity, sourceparams)
8922
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
   184
        elif etype == 'CWGroup':
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
   185
            self._process_membership(entity, sourceparams)
8188
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   186
8638
9f95c2368b8b [ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8633
diff changeset
   187
    def is_deleted(self, extidplus, etype, eid):
8188
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   188
        try:
10768
99689a5862ea [py3k] make ldapfeed tests pass
Julien Cristau <julien.cristau@logilab.fr>
parents: 10663
diff changeset
   189
            extid, _ = extidplus.rsplit(b'@@', 1)
8188
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   190
        except ValueError:
8638
9f95c2368b8b [ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8633
diff changeset
   191
            # for some reason extids here tend to come in both forms, e.g:
9f95c2368b8b [ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8633
diff changeset
   192
            # dn, dn@@Babar
9f95c2368b8b [ldaputils,ldapparser] correctly compute "deleted" users (closes #2542083)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8633
diff changeset
   193
            extid = extidplus
8920
386049566ceb [ldap] prepare import of CWGroup
David Douard <david.douard@logilab.fr>
parents: 8919
diff changeset
   194
        return extid not in self.user_source_entities_by_extid
8188
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   195
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   196
    def _process_email(self, entity, userdict):
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   197
        try:
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   198
            emailaddrs = userdict[self.source.user_rev_attrs['email']]
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   199
        except KeyError:
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   200
            return # no email for that user, nothing to do
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   201
        if not isinstance(emailaddrs, list):
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   202
            emailaddrs = [emailaddrs]
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   203
        for emailaddr in emailaddrs:
9551
cbc46f94081d [ldapparser, book] document additional error causes
Dimitri Papadopoulos <dimitri.papadopoulos@cea.fr>
parents: 9535
diff changeset
   204
            # search for existing email first, may be coming from another source
8188
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   205
            rset = self._cw.execute('EmailAddress X WHERE X address %(addr)s',
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   206
                                   {'addr': emailaddr})
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   207
            if not rset:
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   208
                # not found, create it. first forge an external id
10768
99689a5862ea [py3k] make ldapfeed tests pass
Julien Cristau <julien.cristau@logilab.fr>
parents: 10663
diff changeset
   209
                emailextid = userdict['dn'] + '@@' + emailaddr
8188
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   210
                email = self.extid2entity(emailextid, 'EmailAddress',
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   211
                                          address=emailaddr)
8917
685b93559e33 [ldapfeed] add support for multiple email addresses from ldap
Pierre-Yves David <pierre-yves.david@logilab.fr>
parents: 8906
diff changeset
   212
                entity.cw_set(use_email=email)
8400
0ae27909e45b [ldapfeed] properly mark email address as encountered during import to avoid deleting them
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8392
diff changeset
   213
            elif self.sourceuris:
0ae27909e45b [ldapfeed] properly mark email address as encountered during import to avoid deleting them
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8392
diff changeset
   214
                # pop from sourceuris anyway, else email may be removed by the
0ae27909e45b [ldapfeed] properly mark email address as encountered during import to avoid deleting them
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8392
diff changeset
   215
                # source once import is finished
10768
99689a5862ea [py3k] make ldapfeed tests pass
Julien Cristau <julien.cristau@logilab.fr>
parents: 10663
diff changeset
   216
                uri = userdict['dn'] + '@@' + emailaddr
8575
688d108af306 [ldapparser] utf-8 uri + unicode emailaddr will crash if the later is not properly encoded (closes #2508515)
Aurelien Campeas <aurelien.campeas@logilab.fr>
parents: 8566
diff changeset
   217
                self.sourceuris.pop(uri, None)
8188
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   218
            # XXX else check use_email relation?
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   219
8922
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
   220
    def _process_membership(self, entity, sourceparams):
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
   221
        """ Find existing CWUsers with the same login as the memberUids in the
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
   222
        CWGroup entity and create the in_group relationship """
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
   223
        mdate = sourceparams.get('modification_date')
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
   224
        if (not mdate or mdate > entity.modification_date):
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
   225
            self._cw.execute('DELETE U in_group G WHERE G eid %(g)s',
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
   226
                             {'g':entity.eid})
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
   227
            members = sourceparams.get(self.source.group_rev_attrs['member'])
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
   228
            if members:
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
   229
                members = ["'%s'" % e for e in members]
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
   230
                rql = 'SET U in_group G WHERE G eid %%(g)s, U login IN (%s)' % ','.join(members)
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
   231
                self._cw.execute(rql, {'g':entity.eid,  })
715b9eec6da9 [ldapfeed] Add support for LDAP groups (closes #2528116)
David Douard <david.douard@logilab.fr>
parents: 8920
diff changeset
   232
8188
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   233
    @cached
1867e252e487 [repository] ldap-feed source. Closes #2086984
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
diff changeset
   234
    def _get_group(self, name):
8679
cf4dacc80976 [ldapfeed] don't crash if one specify an unexisting group in the configuration. Closes #2538399
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8639
diff changeset
   235
        try:
cf4dacc80976 [ldapfeed] don't crash if one specify an unexisting group in the configuration. Closes #2538399
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8639
diff changeset
   236
            return self._cw.execute('Any X WHERE X is CWGroup, X name %(name)s',
cf4dacc80976 [ldapfeed] don't crash if one specify an unexisting group in the configuration. Closes #2538399
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8639
diff changeset
   237
                                    {'name': name}).get_entity(0, 0)
cf4dacc80976 [ldapfeed] don't crash if one specify an unexisting group in the configuration. Closes #2538399
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8639
diff changeset
   238
        except IndexError:
8888
738f97bc3e19 [ldap] Use correct API for logging message
Jérôme Roy <jerome.roy@logilab.fr>
parents: 8694
diff changeset
   239
            self.error('group %r referenced by source configuration %r does not exist',
738f97bc3e19 [ldap] Use correct API for logging message
Jérôme Roy <jerome.roy@logilab.fr>
parents: 8694
diff changeset
   240
                       name, self.source.uri)
8679
cf4dacc80976 [ldapfeed] don't crash if one specify an unexisting group in the configuration. Closes #2538399
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8639
diff changeset
   241
            return None
cf4dacc80976 [ldapfeed] don't crash if one specify an unexisting group in the configuration. Closes #2538399
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents: 8639
diff changeset
   242