equal
deleted
inserted
replaced
1 """cubicweb ldap user source |
1 """cubicweb ldap user source |
2 |
2 |
3 this source is for now limited to a read-only EUser source |
3 this source is for now limited to a read-only CWUser source |
4 |
4 |
5 :organization: Logilab |
5 :organization: Logilab |
6 :copyright: 2003-2009 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
6 :copyright: 2003-2009 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
7 :contact: http://www.logilab.fr/ -- mailto:contact@logilab.fr |
7 :contact: http://www.logilab.fr/ -- mailto:contact@logilab.fr |
8 |
8 |
49 2: (0, 'ldapi'), |
49 2: (0, 'ldapi'), |
50 } |
50 } |
51 |
51 |
52 |
52 |
53 class LDAPUserSource(AbstractSource): |
53 class LDAPUserSource(AbstractSource): |
54 """LDAP read-only EUser source""" |
54 """LDAP read-only CWUser source""" |
55 support_entities = {'EUser': False} |
55 support_entities = {'CWUser': False} |
56 |
56 |
57 port = None |
57 port = None |
58 |
58 |
59 cnx_mode = 0 |
59 cnx_mode = 0 |
60 cnx_dn = '' |
60 cnx_dn = '' |
198 if self._conn is None: |
198 if self._conn is None: |
199 self._connect() |
199 self._connect() |
200 return ConnectionWrapper(self._conn) |
200 return ConnectionWrapper(self._conn) |
201 |
201 |
202 def authenticate(self, session, login, password): |
202 def authenticate(self, session, login, password): |
203 """return EUser eid for the given login/password if this account is |
203 """return CWUser eid for the given login/password if this account is |
204 defined in this source, else raise `AuthenticationError` |
204 defined in this source, else raise `AuthenticationError` |
205 |
205 |
206 two queries are needed since passwords are stored crypted, so we have |
206 two queries are needed since passwords are stored crypted, so we have |
207 to fetch the salt first |
207 to fetch the salt first |
208 """ |
208 """ |
222 try: |
222 try: |
223 self._connect(user['dn'], password) |
223 self._connect(user['dn'], password) |
224 except: |
224 except: |
225 # Something went wrong, most likely bad credentials |
225 # Something went wrong, most likely bad credentials |
226 raise AuthenticationError() |
226 raise AuthenticationError() |
227 return self.extid2eid(user['dn'], 'EUser', session) |
227 return self.extid2eid(user['dn'], 'CWUser', session) |
228 |
228 |
229 def ldap_name(self, var): |
229 def ldap_name(self, var): |
230 if var.stinfo['relations']: |
230 if var.stinfo['relations']: |
231 relname = iter(var.stinfo['relations']).next().r_type |
231 relname = iter(var.stinfo['relations']).next().r_type |
232 return self.user_rev_attrs.get(relname) |
232 return self.user_rev_attrs.get(relname) |
292 |
292 |
293 def rqlst_search(self, session, rqlst, args): |
293 def rqlst_search(self, session, rqlst, args): |
294 mainvars = [] |
294 mainvars = [] |
295 for varname in rqlst.defined_vars: |
295 for varname in rqlst.defined_vars: |
296 for sol in rqlst.solutions: |
296 for sol in rqlst.solutions: |
297 if sol[varname] == 'EUser': |
297 if sol[varname] == 'CWUser': |
298 mainvars.append(varname) |
298 mainvars.append(varname) |
299 break |
299 break |
300 assert mainvars |
300 assert mainvars |
301 columns, globtransforms = self.prepare_columns(mainvars, rqlst) |
301 columns, globtransforms = self.prepare_columns(mainvars, rqlst) |
302 eidfilters = [] |
302 eidfilters = [] |
324 # 1. get eid for each dn and filter according to that eid if necessary |
324 # 1. get eid for each dn and filter according to that eid if necessary |
325 for i, res in enumerate(allresults): |
325 for i, res in enumerate(allresults): |
326 filteredres = [] |
326 filteredres = [] |
327 for resdict in res: |
327 for resdict in res: |
328 # get sure the entity exists in the system table |
328 # get sure the entity exists in the system table |
329 eid = self.extid2eid(resdict['dn'], 'EUser', session) |
329 eid = self.extid2eid(resdict['dn'], 'CWUser', session) |
330 for eidfilter in eidfilters: |
330 for eidfilter in eidfilters: |
331 if not eidfilter(eid): |
331 if not eidfilter(eid): |
332 break |
332 break |
333 else: |
333 else: |
334 resdict['eid'] = eid |
334 resdict['eid'] = eid |
401 try: |
401 try: |
402 res = cnx.search_s(base, scope, searchstr, attrs) |
402 res = cnx.search_s(base, scope, searchstr, attrs) |
403 except ldap.PARTIAL_RESULTS: |
403 except ldap.PARTIAL_RESULTS: |
404 res = cnx.result(all=0)[1] |
404 res = cnx.result(all=0)[1] |
405 except ldap.NO_SUCH_OBJECT: |
405 except ldap.NO_SUCH_OBJECT: |
406 eid = self.extid2eid(base, 'EUser', session, insert=False) |
406 eid = self.extid2eid(base, 'CWUser', session, insert=False) |
407 if eid: |
407 if eid: |
408 self.warning('deleting ldap user with eid %s and dn %s', |
408 self.warning('deleting ldap user with eid %s and dn %s', |
409 eid, base) |
409 eid, base) |
410 self.repo.delete_info(session, eid) |
410 self.repo.delete_info(session, eid) |
411 self._cache.pop(base, None) |
411 self._cache.pop(base, None) |