# HG changeset patch # User Sandrine Ribeau # Date 1231356931 28800 # Node ID e7347a1e36597effbff99c9d4450b3a12e83aa99 # Parent 376f9a4979e71e2562319e2467669a8f3eff696b [doc] Added a cook book as advised and moved ldap import scripts in the cook book. Started a howto about configuring LDAP but it will have to be reviewed by experts. diff -r 376f9a4979e7 -r e7347a1e3659 doc/book/en/D000-annex.en.txt --- a/doc/book/en/D000-annex.en.txt Wed Jan 07 17:17:16 2009 +0100 +++ b/doc/book/en/D000-annex.en.txt Wed Jan 07 11:35:31 2009 -0800 @@ -16,3 +16,4 @@ D040-modules-stdlib.en.txt D050-modules-cbw-api.en.txt D060-mercurial.en.txt + D070-cookbook.en.txt diff -r 376f9a4979e7 -r e7347a1e3659 doc/book/en/D010-faq.en.txt --- a/doc/book/en/D010-faq.en.txt Wed Jan 07 17:17:16 2009 +0100 +++ b/doc/book/en/D010-faq.en.txt Wed Jan 07 11:35:31 2009 -0800 @@ -186,59 +186,28 @@ where DATADIR is ``mycubes/data``. -* How to import LDAP users in `CubicWeb`? - - Here is a very usefull script which enables you to import LDAP users - into your `CubicWeb` application by runing the following: :: - - - import os - import pwd - import sys - - from logilab.common.db import get_connection +* How to configure LDAP source? - def getlogin(): - """avoid usinng os.getlogin() because of strange tty / stdin problems - (man 3 getlogin) - Another solution would be to use $LOGNAME, $USER or $USERNAME - """ - return pwd.getpwuid(os.getuid())[0] - - - try: - database = sys.argv[1] - except IndexError: - print 'USAGE: python ldap2system.py ' - sys.exit(1) + Your instance's sources are defined in ``/etc/cubicweb.d/myapp/sources``. + Configuring an LDAP source is about declaring that source in your + instance configuration file such as: :: - if raw_input('update %s db ? [y/n]: ' % database).strip().lower().startswith('y'): - cnx = get_connection(user=getlogin(), database=database) - cursor = cnx.cursor() + [ldapuser] + adapter=ldapuser + # ldap host + host=myhost + # base DN to lookup for usres + user-base-dn=ou=People,dc=mydomain,dc=fr + # user search scope + user-scope=ONELEVEL + # classes of user + user-classes=top,posixAccount + # attribute used as login on authentication + user-login-attr=uid + # name of a group in which ldap users will be by default + user-default-group=users + # map from ldap user attributes to erudi attributes + user-attrs-map=gecos:email,uid:login - insert = ('INSERT INTO euser (creation_date, eid, modification_date, login, firstname, surname, last_login_time, upassword) ' - "VALUES (%(mtime)s, %(eid)s, %(mtime)s, %(login)s, %(firstname)s, %(surname)s, %(mtime)s, './fqEz5LeZnT6');") - update = "UPDATE entities SET source='system' WHERE eid=%(eid)s;" - cursor.execute("SELECT eid,type,source,extid,mtime FROM entities WHERE source!='system'") - for eid, type, source, extid, mtime in cursor.fetchall(): - if type != 'EUser': - print "don't know what to do with entity type", type - continue - if source != 'ldapuser': - print "don't know what to do with source type", source - continue - ldapinfos = dict(x.strip().split('=') for x in extid.split(',')) - login = ldapinfos['uid'] - firstname = ldapinfos['uid'][0].upper() - surname = ldapinfos['uid'][1:].capitalize() - if login != 'jcuissinat': - args = dict(eid=eid, type=type, source=source, login=login, - firstname=firstname, surname=surname, mtime=mtime) - print args - cursor.execute(insert, args) - cursor.execute(update, args) - - cnx.commit() - cnx.close() - - + Any change applied to configuration file requires to restart your + application. diff -r 376f9a4979e7 -r e7347a1e3659 doc/book/en/D070-cookbook.en.txt --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/doc/book/en/D070-cookbook.en.txt Wed Jan 07 11:35:31 2009 -0800 @@ -0,0 +1,64 @@ +.. -*- coding: utf-8 -*- + +Cook book +========= + +We gathered together some of our tricks and scripts that could make +life easier. + + +* How to import LDAP users in `CubicWeb`? + + Here is a very usefull script which enables you to import LDAP users + into your `CubicWeb` application by runing the following: :: + + + import os + import pwd + import sys + + from logilab.common.db import get_connection + + def getlogin(): + """avoid usinng os.getlogin() because of strange tty / stdin problems + (man 3 getlogin) + Another solution would be to use $LOGNAME, $USER or $USERNAME + """ + return pwd.getpwuid(os.getuid())[0] + + + try: + database = sys.argv[1] + except IndexError: + print 'USAGE: python ldap2system.py ' + sys.exit(1) + + if raw_input('update %s db ? [y/n]: ' % database).strip().lower().startswith('y'): + cnx = get_connection(user=getlogin(), database=database) + cursor = cnx.cursor() + + insert = ('INSERT INTO euser (creation_date, eid, modification_date, login, firstname, surname, last_login_time, upassword) ' + "VALUES (%(mtime)s, %(eid)s, %(mtime)s, %(login)s, %(firstname)s, %(surname)s, %(mtime)s, './fqEz5LeZnT6');") + update = "UPDATE entities SET source='system' WHERE eid=%(eid)s;" + cursor.execute("SELECT eid,type,source,extid,mtime FROM entities WHERE source!='system'") + for eid, type, source, extid, mtime in cursor.fetchall(): + if type != 'EUser': + print "don't know what to do with entity type", type + continue + if source != 'ldapuser': + print "don't know what to do with source type", source + continue + ldapinfos = dict(x.strip().split('=') for x in extid.split(',')) + login = ldapinfos['uid'] + firstname = ldapinfos['uid'][0].upper() + surname = ldapinfos['uid'][1:].capitalize() + if login != 'jcuissinat': + args = dict(eid=eid, type=type, source=source, login=login, + firstname=firstname, surname=surname, mtime=mtime) + print args + cursor.execute(insert, args) + cursor.execute(update, args) + + cnx.commit() + cnx.close() +