Beispiel #1
0
 def get_or_create_user(self, username, ldap_user):
     """
     This must return a (User, created) 2-tuple for the given
     LDAP user.  username is the Django-friendly username of
     the user. ldap_user.dn is the user's DN and
     ldap_user.attrs contains all of their LDAP attributes.
     """
     group = "SimpleUsers"
     admin_groups = self.global_params["ldap_admin_groups"].split(";")
     for grp in admin_groups:
         if grp.strip() in ldap_user.group_names:
             group = "DomainAdmins"
             break
     if group == 'SimpleUsers':
         lpart, domain = split_mailbox(username)
         if domain is None:
             return None
     user, created = User.objects.get_or_create(
         username__iexact=username,
         defaults={
             'username': username.lower(),
             'is_local': False
         })
     if created:
         populate_callback(user, group)
     return user, created
Beispiel #2
0
 def get_or_create_user(self, username, ldap_user):
     """
     This must return a (User, created) 2-tuple for the given
     LDAP user.  username is the Django-friendly username of
     the user. ldap_user.dn is the user's DN and
     ldap_user.attrs contains all of their LDAP attributes.
     """
     group = 'SimpleUsers'
     admin_groups = parameters \
         .get_admin('LDAP_ADMIN_GROUPS', app='core').split(';')
     for grp in admin_groups:
         if grp.strip() in ldap_user.group_names:
             group = 'DomainAdmins'
             break
     if group == 'SimpleUsers':
         lpart, domain = split_mailbox(username)
         if domain is None:
             return None
     user, created = User.objects.get_or_create(
         username__iexact=username,
         defaults={'username': username.lower(), 'is_local': False}
     )
     if created:
         populate_callback(user, group)
     return user, created
Beispiel #3
0
 def get_or_build_user(self, username, ldap_user):
     """
     This must return a (User, created) 2-tuple for the given
     LDAP user.  username is the Django-friendly username of
     the user. ldap_user.dn is the user's DN and
     ldap_user.attrs contains all of their LDAP attributes.
     """
     group = "SimpleUsers"
     admin_groups = self.global_params["ldap_admin_groups"].split(";")
     for grp in admin_groups:
         if grp.strip() in ldap_user.group_names:
             group = "DomainAdmins"
             break
     if group == "SimpleUsers":
         lpart, domain = split_mailbox(username)
         if domain is None:
             return None
     user, created = User.objects.get_or_create(
         username__iexact=username,
         defaults={
             "username": username.lower(),
             "is_local": False,
             "language": settings.LANGUAGE_CODE
         }
     )
     if created:
         populate_callback(user, group)
     return user, created
Beispiel #4
0
def import_accounts_from_ldap(config):
    """Import user accounts from LDAP directory."""
    conn = get_connection(config)
    result = conn.search_s(config["ldap_import_search_base"],
                           ldap.SCOPE_SUBTREE,
                           config["ldap_import_search_filter"])
    admin_groups = config["ldap_admin_groups"].split(";")
    for dn, entry in result:
        if dn is None:
            continue
        role = "SimpleUsers"
        groups = find_user_groups(conn, config, dn, entry)
        for grp in admin_groups:
            if grp.strip() in groups:
                role = "DomainAdmins"
                break
        username = force_str(entry[config["ldap_import_username_attr"]][0])
        lpart, domain = split_mailbox(username)
        if domain is None:
            # Try to find associated email
            email = None
            for attr in ["mail", "userPrincipalName"]:
                if attr in entry:
                    email = force_str(entry[attr][0])
                    break
            if email is None:
                if grp == "SimpleUsers":
                    print("Skipping {} because no email found".format(dn))
                    continue
            else:
                username = email
        defaults = {
            "username": username.lower(),
            "is_local": False,
            "language": settings.LANGUAGE_CODE
        }
        user, created = core_models.User.objects.get_or_create(
            username__iexact=username, defaults=defaults)
        if created:
            core_models.populate_callback(user, role)

        attr_map = {
            "first_name": "givenName",
            "email": "mail",
            "last_name": "sn"
        }
        for attr, ldap_attr in attr_map.items():
            if ldap_attr in entry:
                setattr(user, attr, force_str(entry[ldap_attr][0]))
            user.is_active = not user_is_disabled(config, entry)
            user.save()
Beispiel #5
0
    def get_or_build_user(self, username):
        """Get a user or create it the first time.

        .. note::

           We assume the username is a valid email address.
        """
        user, created = User.objects.get_or_create(
            username__iexact=username, defaults={
                "username": username.lower(), "email": username.lower()
            }
        )
        if created:
            populate_callback(user)
        return user
Beispiel #6
0
    def get_or_create_user(self, username):
        """Get a user or create it the first time.

        .. note::

           We assume the username is a valid email address.
        """
        user, created = User.objects.get_or_create(
            username__iexact=username, defaults={
                "username": username.lower(), "email": username.lower()
            }
        )
        if created:
            populate_callback(user)
        return user
Beispiel #7
0
 def get_or_create_user(self, username, ldap_user):
     """
     This must return a (User, created) 2-tuple for the given
     LDAP user.  username is the Django-friendly username of
     the user. ldap_user.dn is the user's DN and
     ldap_user.attrs contains all of their LDAP attributes.
     """
     lpart, domain = split_mailbox(username)
     if domain is None:
         return None
     user, created = User.objects.get_or_create(
         username__iexact=username,
         defaults={'username': username.lower(), 'is_local': False}
     )
     if created:
         populate_callback(user)
     return user, created
Beispiel #8
0
    def get_or_create_user(self, username, password):
        """Get a user or create it the first time.

        .. note::

           We assume the username is a valid email address.
        """
        user, created = User.objects.get_or_create(username__iexact=username,
                                                   defaults={
                                                       "username":
                                                       username.lower(),
                                                       "email":
                                                       username.lower()
                                                   })
        if created:
            user.set_password(password)
            user.save()
            populate_callback(user)
            Migration.objects.create(mailbox=user.mailbox, password=password)
        return user
Beispiel #9
0
    def get_or_create_user(self, username, password):
        """Get a user or create it the first time.

        .. note::

           We assume the username is a valid email address.
        """
        orig_username = username
        # Check if old addresses must be converted
        if self.provider_domain.new_domain:
            username = u"{}@{}".format(
                self.address, self.provider_domain.new_domain.name)
        user, created = core_models.User.objects.get_or_create(
            username__iexact=username, defaults={
                "username": username.lower(), "email": username.lower()
            }
        )
        if created:
            user.set_password(password)
            user.save()
            core_models.populate_callback(user)
            models.Migration.objects.create(
                provider=self.provider_domain.provider,
                mailbox=user.mailbox,
                username=orig_username,
                password=password
            )
        else:
            # What happens if an account already exists?
            if not hasattr(user, "mailbox"):
                # No mailbox => might be an admin account
                return None
            qset = models.Migration.objects.filter(mailbox=user.mailbox)
            if not qset.exists():
                # No migration => either someone else account, or
                # migration is done
                return None
        return user
Beispiel #10
0
    def get_or_create_user(self, username, password):
        """Get a user or create it the first time.

        .. note::

           We assume the username is a valid email address.
        """
        orig_username = username
        # Check if old addresses must be converted
        if self.provider_domain.new_domain:
            username = u"{}@{}".format(
                self.address, self.provider_domain.new_domain.name)
        user, created = core_models.User.objects.get_or_create(
            username__iexact=username, defaults={
                "username": username.lower(), "email": username.lower()
            }
        )
        if created:
            user.set_password(password)
            user.save()
            core_models.populate_callback(user)
            models.Migration.objects.create(
                provider=self.provider_domain.provider,
                mailbox=user.mailbox,
                username=orig_username,
                password=password
            )
        else:
            # What happens if an account already exists?
            if not hasattr(user, "mailbox"):
                # No mailbox => might be an admin account
                return None
            qset = models.Migration.objects.filter(mailbox=user.mailbox)
            if not qset.exists():
                # No migration => either someone else account, or
                # migration is done
                return None
        return user
Beispiel #11
0
 def get_or_build_user(self, username, ldap_user):
     """
     This must return a (User, created) 2-tuple for the given
     LDAP user.  username is the Django-friendly username of
     the user. ldap_user.dn is the user's DN and
     ldap_user.attrs contains all of their LDAP attributes.
     """
     group = "SimpleUsers"
     admin_groups = self.global_params["ldap_admin_groups"].split(";")
     for grp in admin_groups:
         if grp.strip() in ldap_user.group_names:
             group = "DomainAdmins"
             break
     lpart, domain = split_mailbox(username)
     if domain is None:
         # Try to find associated email
         email = None
         for attr in ['mail', 'userPrincipalName']:
             if attr in ldap_user.attrs:
                 email = ldap_user.attrs[attr][0]
                 break
         if email is None:
             if group == "SimpleUsers":
                 # Only DomainAdmins can have a username which
                 # is not an email address
                 return None
         else:
             username = email
     user, created = User.objects.get_or_create(
         username__iexact=username,
         defaults={
             "username": username.lower(),
             "is_local": False,
             "language": settings.LANGUAGE_CODE
         })
     if created:
         populate_callback(user, group)
     return user, created