Beispiel #1
0
def populate(engine, ldap):
    """ Retrieve users from ldap directory and import them in local database
    """

    session = DBSession()

    # retrieve managers from dedicated group
    managers = ldap.list_manager()

    # retrieve users
    searchFilter = '(&(objectClass=inetOrgPerson)(employeetype=Employee))'
    required = ['objectClass', 'employeeType', 'cn', 'givenName', 'sn',
                'manager', 'mail', 'ou', 'uid', 'userPassword']

    users = ldap._search(searchFilter, required)
    for user_dn, user_entry in users:
        user_data = ldap.parse_ldap_entry(user_dn, user_entry)
        if not user_data or not user_data.get('login'):
            continue
        login = user_data['login'].decode('utf-8')
        # check what type of user it is
        group = 'user'
        # if it's a manager he should be in manager group
        if user_data['dn'] in managers:
            group = 'manager'
        # if it's an admin he should be in admin group
        what = '(member=%s)' % user_data['dn']
        if len(ldap._search_admin(what, None)) > 0:
            group = 'admin'

        user = User.by_login(session, login)
        if not user:
            user = User.create_from_ldap(session, user_data, group)
        else:
            # update user with ldap informations in case it changed
            user.email = user_data['email'].decode('utf-8')
            user.firstname = user_data['firstname'].decode('utf-8')
            user.lastname = user_data['lastname'].decode('utf-8')
            user.manager_dn = user_data['manager_dn'].decode('utf-8')
            user.dn = user_data['dn'].decode('utf-8')
            user.role = group

        session.add(user)

    session.commit()
Beispiel #2
0
def populate(engine, ldap):
    """ Retrieve users from ldap directory and import them in local database
    """

    session = DBSession()

    # retrieve managers from dedicated group
    managers = ldap.list_manager()

    # retrieve users
    searchFilter = '(&(objectClass=inetOrgPerson)(employeetype=Employee))'
    required = ['objectClass', 'employeeType', 'cn', 'givenName', 'sn',
                'manager', 'mail', 'ou', 'uid', 'userPassword']

    users = ldap._search(searchFilter, required)
    for user_dn, user_entry in users:
        user_data = ldap.parse_ldap_entry(user_dn, user_entry)
        login = user_data['login'].decode('utf-8')
        # check what type of user it is
        group = u'user'
        # if it's a manager he should be in manager group
        if user_data['dn'] in managers:
            group = u'manager'
        # if it's an admin he should be in admin group
        what = '(member=%s)' % user_data['dn']
        if len(ldap._search_admin(what, None)) > 0:
            group = u'admin'

        user = User.by_login(session, login)
        if not user:
            user = User.create_from_ldap(session, user_data, group)
        else:
            # update user with ldap informations in case it changed
            user.email = user_data['email'].decode('utf-8')
            user.firstname = user_data['firstname'].decode('utf-8')
            user.lastname = user_data['lastname'].decode('utf-8')
            user.manager_dn = user_data['manager_dn'].decode('utf-8')
            user.dn = user_data['dn'].decode('utf-8')
            user.role = group

        session.add(user)

    session.commit()