Beispiel #1
0
  def fetch_ldap_group(self, file):
    """
    fetch group mapping from group ldap server
    :param file: output file name
    """
    self.logger.info("Fetching ldap groups")
    settings = Hashtable()
    settings.put(Context.INITIAL_CONTEXT_FACTORY, self.args[Constant.LDAP_GROUP_CONTEXT_FACTORY_KEY])
    settings.put(Context.PROVIDER_URL, self.args[Constant.LDAP_GROUP_CONTEXT_PROVIDER_URL_KEY])
    settings.put(Context.SECURITY_PRINCIPAL, self.args[Constant.LDAP_GROUP_CONTEXT_SECURITY_PRINCIPAL_KEY])
    settings.put(Context.SECURITY_CREDENTIALS, self.args[Constant.LDAP_GROUP_CONTEXT_SECURITY_CREDENTIALS_KEY])

    ctx = InitialDirContext(settings)
    search_target = "(objectClass=posixGroup)"
    return_attributes_standard = ['group_id', 'member_ids']
    return_attributes_actual = json.loads(self.args[Constant.LDAP_GROUP_SEARCH_RETURN_ATTRS_KEY])
    return_attributes_map = dict(zip(return_attributes_standard, return_attributes_actual))
    ctls = SearchControls()
    ctls.setReturningAttributes(return_attributes_actual)
    ctls.setSearchScope(SearchControls.SUBTREE_SCOPE)

    ldap_records = []
    org_units = json.loads(self.args[Constant.LDAP_GROUP_SEARCH_DOMAINS_KEY])
    for search_unit in org_units:
      results = ctx.search(search_unit, search_target, ctls)
      for r in results:
        person_attributes = r.getAttributes()
        group = person_attributes.get(return_attributes_map['group_id']).get(0)
        group = re.sub(r"\r|\n", '', group).strip().encode('utf8')
        # skip special group that contains all group users
        if group == 'users':
          continue
        members = person_attributes.get(return_attributes_map['member_ids'])
        if members:
          self.group_map[group] = members
          sort_id = 0
          for member in members.getAll():
            member = re.sub(r"\r|\n", '', member).strip().encode('utf8')
            ldap_group_tuple = [self.group_app_id]
            ldap_group_tuple.append(group)
            ldap_group_tuple.append(sort_id)
            if member in self.ldap_user:
              ldap_group_tuple.append(self.app_id)
            else:
              ldap_group_tuple.append(self.group_app_id)
            ldap_group_tuple.append(member)
            ldap_group_tuple.append(self.wh_exec_id)
            ldap_records.append(ldap_group_tuple)
            sort_id += 1
        else:
          pass
    self.logger.info("%d records found in group accounts" % (len(self.group_map)))

    csv_writer = csv.writer(open(file, "w"), delimiter='\x1a', quoting=csv.QUOTE_MINIMAL, lineterminator="\n")
    csv_writer.writerows(ldap_records)
Beispiel #2
0
 def search(self, criteria, returnField, default="guest"):
     srch = SearchControls()
     srch.setSearchScope(SearchControls.SUBTREE_SCOPE)
     srch.setCountLimit(1)
     srch.setReturningAttributes([returnField])
     results = self.ctx.search("", criteria, srch)
     for result in results:
         retval = result.getAttributes().get(returnField).get(0)
         results.close()
         return retval
     else:
         return default
 def search(self, criteria,  returnField, default="guest"):
     srch = SearchControls()
     srch.setSearchScope(SearchControls.SUBTREE_SCOPE)
     srch.setCountLimit(1)
     srch.setReturningAttributes([returnField])
     results = self.ctx.search("", criteria, srch)
     for result in results:
         retval = result.getAttributes().get(returnField).get(0)
         results.close()
         return retval
     else:
         return default
Beispiel #4
0
  def fetch_ldap_group(self, file):
    """
    fetch group mapping from group ldap server
    :param file: output file name
    """
    settings = Hashtable()
    settings.put(Context.INITIAL_CONTEXT_FACTORY, self.args[Constant.LDAP_GROUP_CONTEXT_FACTORY_KEY])
    settings.put(Context.PROVIDER_URL, self.args[Constant.LDAP_GROUP_CONTEXT_PROVIDER_URL_KEY])
    settings.put(Context.SECURITY_PRINCIPAL, self.args[Constant.LDAP_GROUP_CONTEXT_SECURITY_PRINCIPAL_KEY])
    settings.put(Context.SECURITY_CREDENTIALS, self.args[Constant.LDAP_GROUP_CONTEXT_SECURITY_CREDENTIALS_KEY])

    ctx = InitialDirContext(settings)
    search_target = "(objectClass=posixGroup)"
    return_attributes_standard = ['group_id', 'member_ids']
    return_attributes_actual = json.loads(self.args[Constant.LDAP_GROUP_SEARCH_RETURN_ATTRS_KEY])
    return_attributes_map = dict(zip(return_attributes_standard, return_attributes_actual))
    ctls = SearchControls()
    ctls.setReturningAttributes(return_attributes_actual)
    ctls.setSearchScope(SearchControls.SUBTREE_SCOPE)

    ldap_records = []
    org_units = json.loads(self.args[Constant.LDAP_GROUP_SEARCH_DOMAINS_KEY])
    for search_unit in org_units:
      results = ctx.search(search_unit, search_target, ctls)
      for r in results:
        person_attributes = r.getAttributes()
        group = person_attributes.get(return_attributes_map['group_id']).get(0)
        group = re.sub(r"\r|\n", '', group).strip().encode('utf8')
        # skip special group that contains all group users
        if group == 'users':
          continue
        members = person_attributes.get(return_attributes_map['member_ids'])
        if members:
          self.group_map[group] = members
          sort_id = 0
          for member in members.getAll():
            member = re.sub(r"\r|\n", '', member).strip().encode('utf8')
            ldap_group_tuple = [self.group_app_id]
            ldap_group_tuple.append(group)
            ldap_group_tuple.append(sort_id)
            if member in self.ldap_user:
              ldap_group_tuple.append(self.app_id)
            else:
              ldap_group_tuple.append(self.group_app_id)
            ldap_group_tuple.append(member)
            ldap_group_tuple.append(self.wh_exec_id)
            ldap_records.append(ldap_group_tuple)
            sort_id += 1
        else:
          pass
    self.logger.info("%d records found in group accounts" % (len(self.group_map)))

    csv_writer = csv.writer(open(file, "w"), delimiter='\x1a', quoting=csv.QUOTE_MINIMAL, lineterminator="\n")
    csv_writer.writerows(ldap_records)
    def fetch_ldap_user(self, file):
        """
    fetch ldap user from ldap server
    :param file: output file name
    """
        self.logger.info("Fetching ldap users")
        # Setup LDAP Context Options
        settings = Hashtable()
        settings.put(Context.INITIAL_CONTEXT_FACTORY,
                     self.args[Constant.LDAP_CONTEXT_FACTORY_KEY])
        settings.put(Context.PROVIDER_URL,
                     self.args[Constant.LDAP_CONTEXT_PROVIDER_URL_KEY])
        settings.put(Context.SECURITY_PRINCIPAL,
                     self.args[Constant.LDAP_CONTEXT_SECURITY_PRINCIPAL_KEY])
        settings.put(Context.SECURITY_CREDENTIALS,
                     self.args[Constant.LDAP_CONTEXT_SECURITY_CREDENTIALS_KEY])

        # page the result, each page have fix number of records
        pageSize = 5000
        pageControl = PagedResultsControl(pageSize, Control.NONCRITICAL)
        c_array = array([pageControl], Control)

        # Connect to LDAP Server
        ctx = InitialLdapContext(settings, None)
        ctx.setRequestControls(c_array)

        # load the java Hashtable out of the ldap server
        # Query starting point and query target
        search_target = '(objectClass=person)'
        return_attributes_standard = [
            'user_id', 'distinct_name', 'name', 'display_name', 'title',
            'employee_number', 'manager', 'mail', 'department_number',
            'department', 'start_date', 'mobile'
        ]
        return_attributes_actual = json.loads(
            self.args[Constant.LDAP_SEARCH_RETURN_ATTRS_KEY])
        return_attributes_map = dict(
            zip(return_attributes_standard, return_attributes_actual))

        ctls = SearchControls()
        ctls.setReturningAttributes(return_attributes_actual)
        ctls.setSearchScope(SearchControls.SUBTREE_SCOPE)
        ldap_records = []

        # domain format should look like : ['OU=domain1','OU=domain2','OU=domain3,OU=subdomain3']
        org_units = json.loads(self.args[Constant.LDAP_SEARCH_DOMAINS_KEY])

        cookie = None
        for search_unit in org_units:
            # pagination
            while True:
                # do the search
                search_result = ctx.search(search_unit, search_target, ctls)
                for person in search_result:
                    ldap_user_tuple = [self.app_id]
                    if search_unit == self.args[
                            Constant.LDAP_INACTIVE_DOMAIN_KEY]:
                        ldap_user_tuple.append('N')
                    else:
                        ldap_user_tuple.append('Y')
                    person_attributes = person.getAttributes()
                    user_id = person_attributes.get(
                        return_attributes_map['user_id'])
                    user_id = re.sub(r"\r|\n", '',
                                     user_id.get(0)).strip().encode('utf8')
                    self.ldap_user.add(user_id)

                    for attr_name in return_attributes_actual:
                        attr = person_attributes.get(attr_name)
                        if attr:
                            attr = re.sub(r"\r|\n", '',
                                          attr.get(0)).strip().encode('utf8')
                            # special fix for start_date
                            if attr_name == return_attributes_map[
                                    'start_date'] and len(attr) == 4:
                                attr += '0101'
                            ldap_user_tuple.append(attr)
                        else:
                            ldap_user_tuple.append("")

                    ldap_user_tuple.append(self.wh_exec_id)
                    ldap_records.append(ldap_user_tuple)

                # Examine the paged results control response
                control = ctx.getResponseControls()[
                    0]  # will always return a list, but only have one item
                if isinstance(control, PagedResultsResponseControl):
                    cookie = control.getCookie()

                # Re-activate paged results
                if cookie is None:
                    # reset ctx, break while loop, do next search
                    pageControl = PagedResultsControl(pageSize,
                                                      Control.NONCRITICAL)
                    c_array = array([pageControl], Control)
                    ctx.setRequestControls(c_array)
                    break
                else:
                    self.logger.debug(
                        "Have more than one page of result when search " +
                        search_unit)
                    pageControl = PagedResultsControl(pageSize, cookie,
                                                      Control.CRITICAL)
                    c_array = array([pageControl], Control)
                    ctx.setRequestControls(c_array)

        self.logger.info("%d records found in ldap search" %
                         (len(self.ldap_user)))

        csv_writer = csv.writer(open(file, "w"),
                                delimiter='\x1a',
                                quoting=csv.QUOTE_MINIMAL,
                                lineterminator="\n")
        csv_writer.writerows(ldap_records)
Beispiel #6
0
  def fetch_ldap_user(self, file):
    """
    fetch ldap user from ldap server
    :param file: output file name
    """

    # Setup LDAP Context Options
    settings = Hashtable()
    settings.put(Context.INITIAL_CONTEXT_FACTORY, self.args[Constant.LDAP_CONTEXT_FACTORY_KEY])
    settings.put(Context.PROVIDER_URL, self.args[Constant.LDAP_CONTEXT_PROVIDER_URL_KEY])
    settings.put(Context.SECURITY_PRINCIPAL, self.args[Constant.LDAP_CONTEXT_SECURITY_PRINCIPAL_KEY])
    settings.put(Context.SECURITY_CREDENTIALS, self.args[Constant.LDAP_CONTEXT_SECURITY_CREDENTIALS_KEY])

    # Connect to LDAP Server
    ctx = InitialDirContext(settings)

    # load the java Hashtable out of the ldap server
    # Query starting point and query target
    search_target = '(objectClass=person)'
    return_attributes_standard = ['user_id', 'distinct_name', 'name', 'display_name', 'title', 'employee_number',
                                  'manager', 'mail', 'department_number', 'department', 'start_date', 'mobile']
    return_attributes_actual = self.split_property(self.args[Constant.LDAP_SEARCH_RETURN_ATTRS_KEY])
    return_attributes_map = dict(zip(return_attributes_standard, return_attributes_actual))

    ctls = SearchControls()
    ctls.setReturningAttributes(return_attributes_actual)
    ctls.setSearchScope(SearchControls.SUBTREE_SCOPE)
    ldap_records = []

    # domain format should look like : 'OU=domain1','OU=domain2','OU=domain3,OU=subdomain3'
    org_units = self.split_property(self.args[Constant.LDAP_SEARCH_DOMAINS_KEY])

    for search_unit in org_units:
      search_result = ctx.search(search_unit, search_target, ctls)

      # print search_return_attributes
      for person in search_result:
        ldap_user_tuple = [self.app_id]
        if search_unit == self.args[Constant.LDAP_INACTIVE_DOMAIN_KEY]:
          ldap_user_tuple.append('N')
        else:
          ldap_user_tuple.append('Y')
        person_attributes = person.getAttributes()
        user_id = person_attributes.get(return_attributes_map['user_id'])
        user_id = re.sub(r"\r|\n", '', user_id.get(0)).strip().encode('utf8')
        self.ldap_user.add(user_id)

        for attr_name in return_attributes_actual:
          attr = person_attributes.get(attr_name)
          if attr:
            attr = re.sub(r"\r|\n", '', attr.get(0)).strip().encode('utf8')
            # special fix for start_date
            if attr_name == return_attributes_map['start_date'] and len(attr) == 4:
              attr += '0101'
            ldap_user_tuple.append(attr)
          else:
            ldap_user_tuple.append("")

        ldap_user_tuple.append(self.wh_exec_id)
        ldap_records.append(ldap_user_tuple)

    self.logger.info("%d records found in ldap search" % (len(self.ldap_user)))

    csv_writer = csv.writer(open(file, "w"), delimiter='\x1a', quoting=csv.QUOTE_MINIMAL, lineterminator="\n")
    csv_writer.writerows(ldap_records)
Beispiel #7
0
  def fetch_ldap_user(self, file):
    """
    fetch ldap user from ldap server
    :param file: output file name
    """

    # Setup LDAP Context Options
    settings = Hashtable()
    settings.put(Context.INITIAL_CONTEXT_FACTORY, self.args[Constant.LDAP_CONTEXT_FACTORY_KEY])
    settings.put(Context.PROVIDER_URL, self.args[Constant.LDAP_CONTEXT_PROVIDER_URL_KEY])
    settings.put(Context.SECURITY_PRINCIPAL, self.args[Constant.LDAP_CONTEXT_SECURITY_PRINCIPAL_KEY])
    settings.put(Context.SECURITY_CREDENTIALS, self.args[Constant.LDAP_CONTEXT_SECURITY_CREDENTIALS_KEY])

    # page the result, each page have fix number of records
    pageSize = 5000
    pageControl = PagedResultsControl(pageSize, Control.NONCRITICAL)
    c_array = array([pageControl], Control)

    # Connect to LDAP Server
    ctx = InitialLdapContext(settings, None)
    ctx.setRequestControls(c_array)

    # load the java Hashtable out of the ldap server
    # Query starting point and query target
    search_target = '(objectClass=person)'
    return_attributes_standard = ['user_id', 'distinct_name', 'name', 'display_name', 'title', 'employee_number',
                                  'manager', 'mail', 'department_number', 'department', 'start_date', 'mobile']
    return_attributes_actual = json.loads(self.args[Constant.LDAP_SEARCH_RETURN_ATTRS_KEY])
    return_attributes_map = dict(zip(return_attributes_standard, return_attributes_actual))

    ctls = SearchControls()
    ctls.setReturningAttributes(return_attributes_actual)
    ctls.setSearchScope(SearchControls.SUBTREE_SCOPE)
    ldap_records = []

    # domain format should look like : ['OU=domain1','OU=domain2','OU=domain3,OU=subdomain3']
    org_units = json.loads(self.args[Constant.LDAP_SEARCH_DOMAINS_KEY])

    cookie = None
    for search_unit in org_units:
      # pagination
      while True:
        # do the search
        search_result = ctx.search(search_unit, search_target, ctls)
        for person in search_result:
          ldap_user_tuple = [self.app_id]
          if search_unit == self.args[Constant.LDAP_INACTIVE_DOMAIN_KEY]:
            ldap_user_tuple.append('N')
          else:
            ldap_user_tuple.append('Y')
          person_attributes = person.getAttributes()
          user_id = person_attributes.get(return_attributes_map['user_id'])
          user_id = re.sub(r"\r|\n", '', user_id.get(0)).strip().encode('utf8')
          self.ldap_user.add(user_id)

          for attr_name in return_attributes_actual:
            attr = person_attributes.get(attr_name)
            if attr:
              attr = re.sub(r"\r|\n", '', attr.get(0)).strip().encode('utf8')
              # special fix for start_date
              if attr_name == return_attributes_map['start_date'] and len(attr) == 4:
                attr += '0101'
              ldap_user_tuple.append(attr)
            else:
              ldap_user_tuple.append("")

          ldap_user_tuple.append(self.wh_exec_id)
          ldap_records.append(ldap_user_tuple)

        # Examine the paged results control response
        control = ctx.getResponseControls()[0] # will always return a list, but only have one item
        if isinstance(control, PagedResultsResponseControl):
          cookie = control.getCookie()

        # Re-activate paged results
        if cookie is None:
          # reset ctx, break while loop, do next search
          pageControl = PagedResultsControl(pageSize, Control.NONCRITICAL)
          c_array = array([pageControl], Control)
          ctx.setRequestControls(c_array)
          break
        else:
          self.logger.debug("Have more than one page of result when search " + search_unit)
          pageControl = PagedResultsControl(pageSize, cookie, Control.CRITICAL)
          c_array = array([pageControl], Control)
          ctx.setRequestControls(c_array)

    self.logger.info("%d records found in ldap search" % (len(self.ldap_user)))

    csv_writer = csv.writer(open(file, "w"), delimiter='\x1a', quoting=csv.QUOTE_MINIMAL, lineterminator="\n")
    csv_writer.writerows(ldap_records)
Beispiel #8
0
    def fetch_ldap_user(self, file):
        """
    fetch ldap user from ldap server
    :param file: output file name
    """

        # Setup LDAP Context Options
        settings = Hashtable()
        settings.put(Context.INITIAL_CONTEXT_FACTORY,
                     self.args[Constant.LDAP_CONTEXT_FACTORY_KEY])
        settings.put(Context.PROVIDER_URL,
                     self.args[Constant.LDAP_CONTEXT_PROVIDER_URL_KEY])
        settings.put(Context.SECURITY_PRINCIPAL,
                     self.args[Constant.LDAP_CONTEXT_SECURITY_PRINCIPAL_KEY])
        settings.put(Context.SECURITY_CREDENTIALS,
                     self.args[Constant.LDAP_CONTEXT_SECURITY_CREDENTIALS_KEY])

        # Connect to LDAP Server
        ctx = InitialDirContext(settings)

        # load the java Hashtable out of the ldap server
        # Query starting point and query target
        search_target = '(objectClass=person)'
        return_attributes_standard = [
            'user_id', 'distinct_name', 'name', 'display_name', 'title',
            'employee_number', 'manager', 'mail', 'department_number',
            'department', 'start_date', 'mobile'
        ]
        return_attributes_actual = self.split_property(
            self.args[Constant.LDAP_SEARCH_RETURN_ATTRS_KEY])
        return_attributes_map = dict(
            zip(return_attributes_standard, return_attributes_actual))

        ctls = SearchControls()
        ctls.setReturningAttributes(return_attributes_actual)
        ctls.setSearchScope(SearchControls.SUBTREE_SCOPE)
        ldap_records = []

        # domain format should look like : 'OU=domain1','OU=domain2','OU=domain3,OU=subdomain3'
        org_units = self.split_property(
            self.args[Constant.LDAP_SEARCH_DOMAINS_KEY])

        for search_unit in org_units:
            search_result = ctx.search(search_unit, search_target, ctls)

            # print search_return_attributes
            for person in search_result:
                ldap_user_tuple = [self.app_id]
                if search_unit == self.args[Constant.LDAP_INACTIVE_DOMAIN_KEY]:
                    ldap_user_tuple.append('N')
                else:
                    ldap_user_tuple.append('Y')
                person_attributes = person.getAttributes()
                user_id = person_attributes.get(
                    return_attributes_map['user_id'])
                user_id = re.sub(r"\r|\n", '',
                                 user_id.get(0)).strip().encode('utf8')
                self.ldap_user.add(user_id)

                for attr_name in return_attributes_actual:
                    attr = person_attributes.get(attr_name)
                    if attr:
                        attr = re.sub(r"\r|\n", '',
                                      attr.get(0)).strip().encode('utf8')
                        # special fix for start_date
                        if attr_name == return_attributes_map[
                                'start_date'] and len(attr) == 4:
                            attr += '0101'
                        ldap_user_tuple.append(attr)
                    else:
                        ldap_user_tuple.append("")

                ldap_user_tuple.append(self.wh_exec_id)
                ldap_records.append(ldap_user_tuple)

        self.logger.info("%d records found in ldap search" %
                         (len(self.ldap_user)))

        csv_writer = csv.writer(open(file, "w"),
                                delimiter='\x1a',
                                quoting=csv.QUOTE_MINIMAL,
                                lineterminator="\n")
        csv_writer.writerows(ldap_records)
 def find(self,filter):
     srch=SearchControls()
     srch.setSearchScope(SearchControls.SUBTREE_SCOPE)
     results=self.ctx.search("",filter,srch)
     return self.pythonize(results)