def _validate_set_ldap_request(self): if not self._only_system_reserved_users_in_manager(): raise MethodNotAllowedError('LDAP Configuration may be set only on' ' a clean manager.') if not premium_enabled: raise MethodNotAllowedError('LDAP is only supported in the ' 'Cloudify premium edition.') ldap_config = rest_utils.get_json_and_verify_params({ 'ldap_server': {}, 'ldap_username': { 'optional': True }, 'ldap_password': { 'optional': True }, 'ldap_domain': {}, 'ldap_is_active_directory': { 'optional': True }, 'ldap_dn_extra': {}, 'ldap_ca_cert': { 'optional': True }, }) # Not allowing empty username or password ldap_config['ldap_username'] = ldap_config.get('ldap_username', '') ldap_config['ldap_password'] = ldap_config.get('ldap_password', '') ldap_config['ldap_is_active_directory'] = \ rest_utils.verify_and_convert_bool( 'ldap_is_active_directory', ldap_config.get('ldap_is_active_directory') or False ) if ldap_config['ldap_server'].startswith('ldaps://'): if 'ldap_ca_cert' not in ldap_config: raise BadParametersError( 'A CA certificate must be provided to use ldaps.') elif ldap_config['ldap_server'].startswith('ldap://'): if 'ldap_ca_cert' in ldap_config: raise BadParametersError( 'CA certificate cannot be provided when not using ldaps.') else: raise BadParametersError( 'ldap_server must specify protocol and should specify port, ' 'e.g. ldap://192.0.2.1:389 or ldaps://192.0.2.45:636') if ((ldap_config['ldap_username'] and not ldap_config['ldap_password']) or (ldap_config['ldap_password'] and not ldap_config['ldap_username'])): raise BadParametersError( 'Must supply either both username and password or neither. ' 'Note that an empty username or password is invalid') return ldap_config
def _validate_set_ldap_request(self): if not self._only_admin_in_manager(): raise MethodNotAllowedError('LDAP Configuration may be set only on' ' a clean manager.') if not current_app.premium_enabled: raise MethodNotAllowedError('LDAP is only supported in the ' 'Cloudify premium edition.') ldap_config = rest_utils.get_json_and_verify_params({ 'ldap_server', 'ldap_username', 'ldap_password', 'ldap_domain', 'ldap_is_active_directory', 'ldap_dn_extra' }) return ldap_config
def _validate_set_ldap_request(self): if not self._only_admin_in_manager(): raise MethodNotAllowedError('LDAP Configuration may be set only on' ' a clean manager.') if not premium_enabled: raise MethodNotAllowedError('LDAP is only supported in the ' 'Cloudify premium edition.') ldap_config = rest_utils.get_json_and_verify_params({ 'ldap_server': {}, 'ldap_username': { 'optional': True }, 'ldap_password': { 'optional': True }, 'ldap_domain': {}, 'ldap_is_active_directory': { 'optional': True }, 'ldap_dn_extra': {} }) # Not allowing empty username or password ldap_config['ldap_username'] = ldap_config.get('ldap_username', '') ldap_config['ldap_password'] = ldap_config.get('ldap_password', '') ldap_config['ldap_is_active_directory'] = \ rest_utils.verify_and_convert_bool( 'ldap_is_active_directory', ldap_config.get('ldap_is_active_directory') or False ) if ((ldap_config['ldap_username'] and not ldap_config['ldap_password']) or (ldap_config['ldap_password'] and not ldap_config['ldap_username'])): raise BadParametersError( 'Must supply either both username and password or neither. ' 'Note that an empty username or password is invalid') return ldap_config
def put(self, multi_tenancy): """ Add a user to a group """ if current_app.ldap: raise MethodNotAllowedError( 'Explicit group to user association is not permitted when ' 'using LDAP. Group association to users is done automatically' ' according to the groups associated with the user in LDAP.') request_dict = rest_utils.get_json_and_verify_params( {'username', 'group_name'}) rest_utils.validate_inputs(request_dict) return multi_tenancy.add_user_to_group(request_dict['username'], request_dict['group_name'])
def _validate_set_ldap_request(self): if not premium_enabled: raise MethodNotAllowedError('LDAP is only supported in the ' 'Cloudify premium edition.') base_substitutions = ['base_dn', 'domain_dn', 'group_dn'] ldap_config = rest_utils.get_json_and_verify_params({ 'ldap_server': {}, 'ldap_domain': {}, 'ldap_username': {'optional': True}, 'ldap_password': {'optional': True}, 'ldap_is_active_directory': {'optional': True}, 'ldap_dn_extra': {'optional': True}, 'ldap_ca_cert': {'optional': True}, 'ldap_nested_levels': {'optional': True}, 'ldap_bind_format': { 'optional': True, 'allowed_substitutions': [ 'username', 'domain'] + base_substitutions, }, 'ldap_group_dn': { 'optional': True, 'allowed_substitutions': ['base_dn', 'domain_dn'], }, 'ldap_base_dn': {'optional': True}, 'ldap_group_member_filter': { 'optional': True, 'allowed_substitutions': ['object_dn'] }, 'ldap_user_filter': { 'optional': True, 'allowed_substitutions': ['username'] + base_substitutions, }, 'ldap_attribute_email': {'optional': True}, 'ldap_attribute_first_name': {'optional': True}, 'ldap_attribute_last_name': {'optional': True}, 'ldap_attribute_uid': {'optional': True}, 'ldap_attribute_group_membership': {'optional': True}, }) if ldap_config.get('ldap_nested_levels') is None: ldap_config['ldap_nested_levels'] = 1 else: ldap_config['ldap_nested_levels'] = rest_utils.convert_to_int( ldap_config['ldap_nested_levels']) for attr in ldap_config: if ldap_config[attr] is None: # Otherwise we try to set None on the config entry, which is # not a string. ldap_config[attr] = '' ldap_config['ldap_is_active_directory'] = \ rest_utils.verify_and_convert_bool( 'ldap_is_active_directory', ldap_config.get('ldap_is_active_directory') or False ) if ldap_config['ldap_server'].startswith('ldaps://'): if 'ldap_ca_cert' not in ldap_config: raise BadParametersError( 'A CA certificate must be provided to use ldaps.' ) elif ldap_config['ldap_server'].startswith('ldap://'): if 'ldap_ca_cert' in ldap_config: raise BadParametersError( 'CA certificate cannot be provided when not using ldaps.' ) else: raise BadParametersError( 'ldap_server must specify protocol and should specify port, ' 'e.g. ldap://192.0.2.1:389 or ldaps://192.0.2.45:636' ) user = ldap_config.get('ldap_username') password = ldap_config.get('ldap_password') if (user or password) and not (user and password): raise BadParametersError( 'Must supply either both username and password or neither. ' 'Note that an empty username or password is invalid') return ldap_config