def search_on_roles(roles):
conn = None
userList = []
search_filter = '(&(objectClass=' + USER_OC_NAME + ')'
if len(roles) > 1:
search_filter += '(|'
end_filter = '))'
else:
end_filter = ')'
for role in roles:
search_filter += '(' + ROLES + '=' + role + ')'
search_filter += end_filter
try:
conn = ldaphelper.open()
entries = conn.search_s(CONTAINER_DN,
scope=ldap.SCOPE_SUBTREE,
filterstr=search_filter,
attrlist=SEARCH_ATTRS)
for dn, attrs in entries:
userList.append(__unload(dn, attrs))
except Exception as e:
raise RbacError(msg='User Search Roles error=' + str(e),
id=global_ids.URLE_SEARCH_FAILED)
finally:
if conn:
ldaphelper.close(conn)
return userList
def get_members_constraint(entity):
conn = None
mList = []
search_filter = '(&(objectClass=' + ROLE_OC_NAME + ')'
search_filter += '(' + ROLE_NAME + '=' + entity.name + '))'
try:
conn = ldaphelper.open()
# TODO: use sizelimit=1
entries = conn.search_s(__CONTAINER_DN,
scope=ldap.SCOPE_SUBTREE,
filterstr=search_filter,
attrlist=[MEMBER, global_ids.CONSTRAINT])
if not entries:
raise NotFound(msg="Role not found, name=" + entity.name,
id=global_ids.ROLE_NOT_FOUND)
elif len(entries) > 1:
raise NotUnique(msg="Role not unique, name=" + entity.name,
id=global_ids.ROLE_SEARCH_FAILED)
dn, attrs = entries[0]
member_dns = ldaphelper.get_list(attrs.get(MEMBER, []))
constraint = Constraint(
ldaphelper.get_attr_val(attrs.get(global_ids.CONSTRAINT, [])))
mList = __convert_list(member_dns)
except Exception as e: # FIXME: change to LDAPError
raise RbacError(msg='Get members search error=' + str(e),
id=global_ids.ROLE_OCCUPANT_SEARCH_FAILED)
finally:
if conn:
ldaphelper.close(conn)
return [mList, constraint]
def search(entity):
conn = None
permList = []
search_filter = '(&(objectClass=' + PERM_OC_NAME + ')'
if entity.obj_name:
search_filter += '(' + OBJ_NM + '=' + entity.obj_name + ')'
if entity.op_name:
search_filter += '(' + OP_NM + '=' + entity.op_name + ')'
if entity.obj_id:
search_filter += '(' + OBJ_ID + '=' + entity.obj_id + ')'
search_filter += ')'
try:
conn = ldaphelper.open()
entries = conn.search_s(__CONTAINER_DN,
scope=ldap.SCOPE_SUBTREE,
filterstr=search_filter,
attrlist=SEARCH_ATTRS)
for dn, attrs in entries:
permList.append(__unload(dn, attrs))
except Exception as e:
raise RbacError(msg='Perm search error=' + str(e),
id=global_ids.PERM_SEARCH_FAILED)
finally:
if conn:
ldaphelper.close(conn)
return permList
def search(entity):
conn = None
roleList = []
search_filter = '(&(objectClass=' + ROLE_OC_NAME + ')'
search_filter += '(' + ROLE_NAME + '=' + entity.name + '))'
try:
conn = ldaphelper.open()
entries = conn.search_s(__CONTAINER_DN,
scope=ldap.SCOPE_SUBTREE,
filterstr=search_filter,
attrlist=SEARCH_ATTRS)
for dn, attrs in entries:
roleList.append(__unload(dn, attrs))
except Exception as e:
raise RbacError(msg='Role search error=' + str(e),
id=global_ids.ROLE_SEARCH_FAILED)
finally:
if conn:
ldaphelper.close(conn)
return roleList
def search(entity):
conn = None
userList = []
search_filter = '(&(objectClass=' + USER_OC_NAME + ')'
if entity.uid:
search_filter += '(' + global_ids.UID + '=' + entity.uid + ')'
if entity.ou:
search_filter += '(' + global_ids.OU + '=' + entity.ou + ')'
search_filter += ')'
try:
conn = ldaphelper.open()
entries = conn.search_s(CONTAINER_DN,
scope=ldap.SCOPE_SUBTREE,
filterstr=search_filter,
attrlist=SEARCH_ATTRS)
for dn, attrs in entries:
userList.append(__unload(dn, attrs))
except Exception as e:
raise RbacError(msg='User Search error=' + str(e))
finally:
if conn:
ldaphelper.close(conn)
return userList