Beispiel #1
0
 def get_all_filtered(self, hints, query=None):
     if self.ldap_filter:
         query = (query or '') + self.ldap_filter
     query = self.filter_query(hints, query)
     return [
         common_ldap.filter_entity(group)
         for group in self.get_all(query, hints)
     ]
Beispiel #2
0
    def filter_attributes(self, user):
        # make sure inactive users are disabled
        if 'sapObjectStatus' in user:
            if user['sapObjectStatus'] != STATUS_ACTIVE:
                user['enabled'] = False
        if 'camObjectStatus' in user:
            if user['camObjectStatus'] != CAM_STATUS_ACTIVE:
                user['enabled'] = False
        if 'ccObjectStatus' in user:
            if user['ccObjectStatus'] != STATUS_ACTIVE:
                user['enabled'] = False
            # keep CAM from messing with temporary T-users
            elif re.match(T_REGEX, user['name']):
                user['enabled'] = True
        else:
            # special case for fresh priovisioned CAM users: we transiently enable them to allow a initial login
            # the following pasword update will take care of setting the ccObjectStatus
            if not user['enabled'] and user[
                    'camObjectStatus'] == CAM_STATUS_ACTIVE:
                user['enabled'] = True

        user.pop('sAMAccountName', None)
        user.pop('sapObjectStatus', None)
        user.pop('ccObjectStatus', None)
        user.pop('camObjectStatus', None)

        # evaluate password_expires_at
        if 'password_expires_at' in user:
            if user['password_expires_at'] == '0' or user[
                    'password_expires_at'] == '9223372036854775807':
                user['password_expires_at'] = None
            else:
                # convert pwdLastSet to unix epoch
                ts = (int(user['password_expires_at']) /
                      10000000) - 11644473600
                # TODO: this is over simplified and actually potentially dynamic (AD policy based)
                # add max 180 days AD policy based password age
                ts += 15552000
                user['password_expires_at'] = datetime.datetime.fromtimestamp(
                    ts)

        if 'userAccountControl' in user:
            do_not_expire = int(user['userAccountControl']
                                ) & 0x10000  # AD PASSWORD_NEVER_EXPIRES bit
            if do_not_expire:
                user['password_expires_at'] = None
            user.pop('userAccountControl', None)

        if 'password_failures' in user:
            if user['password_failures'] == '0':
                user.pop('password_failures', None)

        return base.filter_user(common_ldap.filter_entity(user))
Beispiel #3
0
 def get_all_filtered(self, hints, query=None):
     if self.ldap_filter:
         query = (query or '') + self.ldap_filter
     query = self.filter_query(hints, query)
     return [common_ldap.filter_entity(group)
             for group in self.get_all(query, hints)]
Beispiel #4
0
 def get_filtered_by_name(self, group_name):
     group = self.get_by_name(group_name)
     return common_ldap.filter_entity(group)
Beispiel #5
0
 def get_filtered(self, group_id):
     group = self.get(group_id)
     return common_ldap.filter_entity(group)
Beispiel #6
0
 def filter_attributes(self, user):
     return base.filter_user(common_ldap.filter_entity(user))
Beispiel #7
0
 def update_group(self, group_id, group):
     msg = _DEPRECATION_MSG % "update_group"
     versionutils.report_deprecated_feature(LOG, msg)
     self.group.check_allow_update()
     return common_ldap.filter_entity(self.group.update(group_id, group))
Beispiel #8
0
 def get_filtered_by_name(self, group_name):
     group = self.get_by_name(group_name)
     return common_ldap.filter_entity(group)
Beispiel #9
0
 def get_filtered(self, group_id):
     group = self.get(group_id)
     return common_ldap.filter_entity(group)
Beispiel #10
0
 def filter_attributes(self, user):
     return base.filter_user(common_ldap.filter_entity(user))
Beispiel #11
0
 def _update_group(self, group_id, group):
     msg = _DEPRECATION_MSG % "update_group"
     versionutils.report_deprecated_feature(LOG, msg)
     return common_ldap.filter_entity(self.group.update(group_id, group))
Beispiel #12
0
 def create_group(self, group_id, group):
     msg = _DEPRECATION_MSG % "create_group"
     versionutils.report_deprecated_feature(LOG, msg)
     self.group.check_allow_create()
     return common_ldap.filter_entity(self.group.create(group))
Beispiel #13
0
 def _create_group(self, group_id, group):
     msg = _DEPRECATION_MSG % "create_group"
     versionutils.report_deprecated_feature(LOG, msg)
     return common_ldap.filter_entity(self.group.create(group))