def user_add():
title = "Add user"
base = request.args.get('base')
if not base:
base = "OU=People,%s" % g.ldap['dn']
form = UserAdd(request.form)
field_mapping = [('givenName', form.first_name),
('sn', form.last_name),
('displayName', form.display_name),
('sAMAccountName', form.user_name),
('mail', form.mail),
(None, form.password),
(None, form.password_confirm),
('userAccountControl', form.uac_flags)]
form.visible_fields = [field[1] for field in field_mapping]
form.uac_flags.choices = [(key, value[0]) for key, value in
LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
if value[1]]
if form.validate_on_submit():
try:
# Default attributes
upn = "%s@%s" % (form.user_name.data, g.ldap['domain'])
attributes = {'objectClass': "user",
'UserPrincipalName': upn,
'accountExpires': "0",
'lockoutTime': "0"}
for attribute, field in field_mapping:
if attribute == 'userAccountControl':
current_uac = 512
for key, flag in (LDAP_AD_USERACCOUNTCONTROL_VALUES
.items()):
if flag[1] and key in field.data:
current_uac += key
attributes[attribute] = str(current_uac)
elif attribute and field.data:
attributes[attribute] = field.data
ldap_create_entry("cn=%s,%s" % (form.user_name.data, base),
attributes)
ldap_change_password(None, form.password.data,
form.user_name.data)
flash("User successfully created.", "success")
return redirect(url_for('user_overview',
username=form.user_name.data))
except ldap.LDAPError as e:
error = e.message['info'].split(":", 2)[-1].strip()
error = str(error[0].upper() + error[1:])
flash(error, "error")
elif form.errors:
flash("Some fields failed validation.", "error")
return render_template("forms/basicform.html", form=form, title=title,
action="Add user",
parent=url_for('user_add'))
def user_edit_profile(username):
title = "Edit user"
if not ldap_user_exists(username=username):
abort(404)
user = ldap_get_user(username=username)
form = UserProfileEdit(request.form)
field_mapping = [('givenName', form.first_name),
('sn', form.last_name),
('displayName', form.display_name),
('sAMAccountName', form.user_name),
('mail', form.mail),
('userAccountControl', form.uac_flags)]
form.uac_flags.choices = [(key, value[0]) for key, value in
LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
if value[1]]
form.visible_fields = [field[1] for field in field_mapping]
if form.validate_on_submit():
try:
for attribute, field in field_mapping:
value = field.data
if value != user.get(attribute):
if attribute == 'sAMAccountName':
# Rename the account
ldap_update_attribute(user['distinguishedName'],
"sAMAccountName", value)
ldap_update_attribute(user['distinguishedName'],
"userPrincipalName",
"%s@%s" % (value,
g.ldap['domain']))
# Finish by renaming the whole record
ldap_update_attribute(user['distinguishedName'],
"cn", value)
user = ldap_get_user(value)
elif attribute == 'userAccountControl':
current_uac = user['userAccountControl']
for key, flag in (LDAP_AD_USERACCOUNTCONTROL_VALUES
.items()):
if not flag[1]:
continue
if key in value:
if not current_uac & key:
current_uac += key
else:
if current_uac & key:
current_uac -= key
ldap_update_attribute(user['distinguishedName'],
attribute, str(current_uac))
else:
ldap_update_attribute(user['distinguishedName'],
attribute, value)
flash("Profile successfully updated.", "success")
return redirect(url_for('user_overview',
username=form.user_name.data))
except ldap.LDAPError as e:
error = e.message['info'].split(":", 2)[-1].strip()
error = str(error[0].upper() + error[1:])
flash(error, "error")
elif form.errors:
flash("Some fields failed validation.", "error")
if not form.is_submitted():
form.first_name.data = user.get('givenName')
form.last_name.data = user.get('sn')
form.display_name.data = user.get('displayName')
form.user_name.data = user.get('sAMAccountName')
form.mail.data = user.get('mail')
form.uac_flags.data = [key for key, flag in
LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
if (flag[1] and
user['userAccountControl'] & key)]
return render_template("forms/basicform.html", form=form, title=title,
action="Save changes",
parent=url_for('user_overview',
username=username))
def user_add():
title = "Add user"
base = request.args.get('base')
if not base:
base = "OU=People,%s" % g.ldap['dn']
form = UserAdd(request.form)
field_mapping = [('givenName', form.first_name),
('sn', form.last_name),
('displayName', form.display_name),
('sAMAccountName', form.user_name),
('mail', form.mail), (None, form.password),
(None, form.password_confirm),
('userAccountControl', form.uac_flags)]
form.visible_fields = [field[1] for field in field_mapping]
form.uac_flags.choices = [
(key, value[0])
for key, value in LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
if value[1]
]
if form.validate_on_submit():
try:
# Default attributes
upn = "%s@%s" % (form.user_name.data, g.ldap['domain'])
attributes = {
'objectClass': "user",
'UserPrincipalName': upn,
'accountExpires': "0",
'lockoutTime': "0"
}
for attribute, field in field_mapping:
if attribute == 'userAccountControl':
current_uac = 512
for key, flag in (
LDAP_AD_USERACCOUNTCONTROL_VALUES.items()):
if flag[1] and key in field.data:
current_uac += key
attributes[attribute] = str(current_uac)
elif attribute and field.data:
attributes[attribute] = field.data
ldap_create_entry("cn=%s,%s" % (form.user_name.data, base),
attributes)
ldap_change_password(None, form.password.data,
form.user_name.data)
flash("User successfully created.", "success")
return redirect(
url_for('user_overview', username=form.user_name.data))
except ldap.LDAPError as e:
error = e.message['info'].split(":", 2)[-1].strip()
error = str(error[0].upper() + error[1:])
flash(error, "error")
elif form.errors:
flash("Some fields failed validation.", "error")
return render_template("forms/basicform.html",
form=form,
title=title,
action="Add user",
parent=url_for('user_add'))
def user_edit_profile(username):
title = "Edit user"
if not ldap_user_exists(username=username):
abort(404)
user = ldap_get_user(username=username)
form = UserProfileEdit(request.form)
field_mapping = [('givenName', form.first_name),
('sn', form.last_name),
('displayName', form.display_name),
('sAMAccountName', form.user_name),
('mail', form.mail),
('userAccountControl', form.uac_flags)]
form.uac_flags.choices = [
(key, value[0])
for key, value in LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
if value[1]
]
form.visible_fields = [field[1] for field in field_mapping]
if form.validate_on_submit():
try:
for attribute, field in field_mapping:
value = field.data
if value != user.get(attribute):
if attribute == 'sAMAccountName':
# Rename the account
ldap_update_attribute(user['distinguishedName'],
"sAMAccountName", value)
ldap_update_attribute(
user['distinguishedName'], "userPrincipalName",
"%s@%s" % (value, g.ldap['domain']))
# Finish by renaming the whole record
ldap_update_attribute(user['distinguishedName'],
"cn", value)
user = ldap_get_user(value)
elif attribute == 'userAccountControl':
current_uac = user['userAccountControl']
for key, flag in (
LDAP_AD_USERACCOUNTCONTROL_VALUES.items()):
if not flag[1]:
continue
if key in value:
if not current_uac & key:
current_uac += key
else:
if current_uac & key:
current_uac -= key
ldap_update_attribute(user['distinguishedName'],
attribute, str(current_uac))
else:
ldap_update_attribute(user['distinguishedName'],
attribute, value)
flash("Profile successfully updated.", "success")
return redirect(
url_for('user_overview', username=form.user_name.data))
except ldap.LDAPError as e:
error = e.message['info'].split(":", 2)[-1].strip()
error = str(error[0].upper() + error[1:])
flash(error, "error")
elif form.errors:
flash("Some fields failed validation.", "error")
if not form.is_submitted():
form.first_name.data = user.get('givenName')
form.last_name.data = user.get('sn')
form.display_name.data = user.get('displayName')
form.user_name.data = user.get('sAMAccountName')
form.mail.data = user.get('mail')
form.uac_flags.data = [
key for key, flag in LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
if (flag[1] and user['userAccountControl'] & key)
]
return render_template("forms/basicform.html",
form=form,
title=title,
action="Save changes",
parent=url_for('user_overview',
username=username))
def user_edit_profile(username):
title = "Edit user"
if not ldap_user_exists(username=username):
abort(404)
user = ldap_get_user(username=username)
form = UserProfileEdit(request.form)
field_mapping = [('givenName', form.first_name),
('sn', form.last_name),
('sAMAccountName', form.user_name),
('mail', form.mail),
('userAccountControl', form.uac_flags)]
form.uac_flags.choices = [
(key, value[0])
for key, value in LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
]
form.visible_fields = [field[1] for field in field_mapping]
if form.validate_on_submit():
try:
for attribute, field in field_mapping:
value = field.data
given_name = user.get('givenName')
last_name = user.get('lastName')
if value != user.get(attribute):
if attribute == 'sAMAccountName':
# Rename the account
ldap_update_attribute(user['distinguishedName'],
"sAMAccountName", value)
ldap_update_attribute(
user['distinguishedName'], "userPrincipalName",
"%s@%s" % (value, g.ldap['domain']))
# Finish by renaming the whole record
# TODO: refactor this to use rename_s instead of update
# ldap_update_attribute(user['distinguishedName'], "cn", value)
user = ldap_get_user(value)
elif attribute == 'userAccountControl':
current_uac = 512
for key, flag in (
LDAP_AD_USERACCOUNTCONTROL_VALUES.items()):
if flag[1] and key in field.data:
current_uac += key
ldap_update_attribute(user['distinguishedName'],
attribute, str(current_uac))
elif attribute == 'givenName':
given_name = value
ldap_update_attribute(user['distinguishedName'],
attribute, value)
displayName = given_name + ' ' + last_name
ldap_update_attribute(user['distinguishedName'],
'displayName', displayName)
elif attribute == 'sn':
last_name = value
ldap_update_attribute(user['distinguishedName'],
attribute, value)
displayName = given_name + ' ' + last_name
ldap_update_attribute(user['distinguishedName'],
'displayName', displayName)
else:
ldap_update_attribute(user['distinguishedName'],
attribute, value)
flash(u"Profile updated successfully.", "success")
return redirect(
url_for('user_overview', username=form.user_name.data))
except ldap.LDAPError as e:
e = dict(e.args[0])
flash(e['info'], "error")
elif form.errors:
flash(u"Data validation failed.", "error")
if not form.is_submitted():
form.first_name.data = user.get('givenName')
form.last_name.data = user.get('sn')
form.user_name.data = user.get('sAMAccountName')
form.mail.data = user.get('mail')
form.uac_flags.data = [
key for key, flag in LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
if (flag[1] and user['userAccountControl'] & key)
]
return render_template("forms/basicform.html",
form=form,
title=title,
action="Save changes",
parent=url_for('user_overview',
username=username))
def user_add():
title = "Add User"
if g.extra_fields:
form = UserAddExtraFields(request.form)
else:
form = UserAdd(request.form)
field_mapping = [('givenName', form.first_name),
('sn', form.last_name),
('sAMAccountName', form.user_name),
('mail', form.mail), (None, form.password),
(None, form.password_confirm),
('userAccountControl', form.uac_flags)]
if g.extra_fields:
extra_field_mapping = [('cUJAEPersonExternal', form.manual),
('cUJAEPersonType', form.person_type),
('cUJAEPersonDNI', form.dni)]
field_mapping += extra_field_mapping
form.visible_fields = [field[1] for field in field_mapping]
form.uac_flags.choices = [
(key, value[0])
for key, value in LDAP_AD_USERACCOUNTCONTROL_VALUES.items()
]
if form.validate_on_submit():
try:
base = request.args.get("b'base")
base = base.rstrip("'")
# Default attributes
upn = "%s@%s" % (form.user_name.data, g.ldap['domain'])
attributes = {
'objectClass': [
b'top', b'person', b'organizationalPerson', b'user',
b'inetOrgPerson'
],
'UserPrincipalName': [upn.encode('utf-8')],
'accountExpires': [b"0"],
'lockoutTime': [b"0"],
}
for attribute, field in field_mapping:
if attribute == 'userAccountControl':
current_uac = 512
for key, flag in (
LDAP_AD_USERACCOUNTCONTROL_VALUES.items()):
if flag[1] and key in field.data:
current_uac += key
attributes[attribute] = [
str(current_uac).encode('utf-8')
]
elif attribute and field.data:
if isinstance(field, BooleanField):
if field.data:
attributes[attribute] = 'TRUE'.encode('utf-8')
else:
attributes[attribute] = 'FALSE'.encode('utf-8')
else:
attributes[attribute] = [
field.data.encode('utf-8')
]
if 'sn' in attributes:
attributes['displayName'] = attributes['givenName'][
0].decode('utf-8') + " " + attributes['sn'][0].decode(
'utf-8')
attributes['displayName'] = [
attributes['displayName'].encode('utf-8')
]
else:
attributes['displayName'] = attributes['givenName']
ldap_create_entry("cn=%s,%s" % (form.user_name.data, base),
attributes)
ldap_change_password(None, form.password.data,
form.user_name.data)
flash(u"User created successfully.", "success")
return redirect(
url_for('user_overview', username=form.user_name.data))
except ldap.LDAPError as e:
e = dict(e.args[0])
flash(e['info'], "error")
elif form.errors:
print(form.errors)
flash("Some fields failed validation.", "error")
return render_template("forms/basicform.html",
form=form,
title=title,
action="Adicionar Usuario",
parent=url_for('tree_base'))