def get_attributes(user, definitions=None, source=None, **kwargs): ''' Return attributes dictionnary Dictionnary format: attributes = dict() data_from_source = list() a1 = dict() a1['oid'] = definition_name Or a1['definition'] = definition_name definition may be the definition name like 'gn' or an alias like 'givenName' Or a1['name'] = attribute_name_in_ns a1['namespace'] = ns_name a1['values'] = list_of_values data_from_source.append(a1) ... data_from_source.append(a2) attributes[source_name] = data_from_source First attempt on 'definition' key. Else, definition is searched by 'name' and 'namespece' keys. ''' if not user: logger.error('get_attributes: No user provided') return None logger.debug('get_attributes: Searching attributes for user %s' \ % user) from authentic2.attribute_aggregator.models import LdapSource sources = None if source: logger.debug('get_attributes: The required source is %s' % source) try: sources = [source.ldapsource] logger.debug('get_attributes: The source is an LDAP source!') except: logger.debug('get_attributes: \ The required source is not a LDAP one') return None else: sources = LdapSource.objects.all() if not sources: logger.debug('get_attributes: No LDAP source configured') return None attributes = dict() for source in sources: logger.debug('get_attributes: The LDAP source is known as %s' \ % source.name) identifier = None ''' Check if the user is authenticated by LDAP. If it is, grab the user dn from the LDAPUser object ''' try: from django_auth_ldap.backend import LDAPBackend backend = LDAPBackend() u = backend.get_user(user.id) dn = u.ldap_user.dn if not dn: logger.debug('get_attributes: \ User not logged with LDAP') else: logger.debug('get_attributes: \ User logged with dn %s' % dn) '''is it logged in that source?''' logger.debug('get_attributes: \ Is the user logged with the source %s?' % source.name) try: l = ldap.open(source.server) l.protocol_version = ldap.VERSION3 username = source.user password = source.password if username and password: l.simple_bind(username, password) ldap_result_id = \ l.search(dn, ldap.SCOPE_BASE, attrlist=['objectClass']) result_type, result_data = l.result(ldap_result_id, 0) logger.debug('get_attributes: Yes it is, result %s %s' \ % (result_type, result_data)) identifier = dn except ldap.LDAPError, err: logger.debug('get_attributes: \ User dn %s unknown in %s or error %s' \ % (dn, source.name, str(err))) except Exception, err: logger.error('get_attributes: \ Error working with the LDAP backend %s' % str(err)) if not identifier: identifier = get_user_alias_in_source(user, source) if not identifier: logger.error('get_attributes: \ No user identifier known into that source') else: logger.debug('get_attributes: \ the user is known as %s in source %s' \ % (identifier, source.name)) try: l = ldap.open(source.server) l.protocol_version = ldap.VERSION3 username = source.user password = source.password if username and password: l.simple_bind(username, password) except ldap.LDAPError, err: logger.error('get_attributes: \ an error occured at binding due to %s' % err) else:
def get_attributes(user, definitions=None, source=None, auth_source=False, **kwargs): ''' Return attributes dictionnary Dictionnary format: attributes = dict() data_from_source = list() a1 = dict() a1['oid'] = definition_name Or a1['definition'] = definition_name definition may be the definition name like 'gn' or an alias like 'givenName' Or a1['name'] = attribute_name_in_ns a1['namespace'] = ns_name a1['values'] = list_of_values data_from_source.append(a1) ... data_from_source.append(a2) attributes[source_name] = data_from_source First attempt on 'definition' key. Else, definition is searched by 'name' and 'namespece' keys. ''' if not user: logger.error('get_attributes: No user provided') return None logger.debug('get_attributes: Searching attributes for user %s' \ % user) from authentic2.attribute_aggregator.models import LdapSource sources = None if source and not auth_source: logger.debug('get_attributes: The required source is %s' % source) try: sources = [source.ldapsource] logger.debug('get_attributes: The source is an LDAP source!') except: logger.debug('get_attributes: \ The required source is not a LDAP one') return None else: sources = LdapSource.objects.all() if not sources: logger.debug('get_attributes: No LDAP source configured') return None attributes = dict() for source in sources: logger.debug('get_attributes: The LDAP source is known as %s' \ % source.name) ''' Check if the user is authenticated by LDAP. If it is, grab the user dn from the LDAPUser object We support our LDAP backend and django_auth_ldap. The way to grab the dn from the session is different. Check also if the source we have to grab attributes from is the ldap used as backend. Else, the dn in session is not for that LDAP source. If we only want attributs from the authn backend, if the ldap source is not the used for authn, stop process. ''' dn = None is_source_backend = False source_url = source.get_url() try: from django_auth_ldap.backend import LDAPBackend dn = LDAPBackend().get_user(user.id).ldap_user.dn # Only a single ldap can be used as backend with django_auth_ldap back_url = settings.AUTH_LDAP_SERVER_URI if back_url == source_url: is_source_backend = True except: pass if not dn and getattr(user, 'backend_id') and \ user.backend_id.startswith('ldap'): back_url, dn = user.backend_id.split('!', 1) if back_url == source_url: is_source_backend = True if auth_source and not is_source_backend: logger.debug('get_attributes: only attributes from backend and ' 'this source is not, see next') continue if not dn: dn = get_user_alias_in_source(user, source) if not dn: logger.debug('get_attributes: \ No user identifier known into that source %s' % source.name) continue logger.debug('get_attributes: \ the user is known as %s in source %s' \ % (dn, source.name)) try: l = ldap.open(source.server, port=source.port) l.protocol_version = ldap.VERSION3 username = source.user password = source.password if username and password: l.simple_bind(username, password) except ldap.LDAPError, err: logger.error('get_attributes: \ an error occured at binding due to %s' % err) else: ''' No seach of user with the scope, only exact dn ''' # base_dn = source.base # search_scope = ldap.SCOPE_SUBTREE search_scope = ldap.SCOPE_BASE retrieve_attributes = None if definitions: #The definition name is the ldap attribute name logger.debug('get_attributes: attributes requested \ are %s' % definitions) retrieve_attributes = \ [d.encode('utf-8') for d in definitions] # dn = ldap.dn.explode_dn(identifier, # flags=ldap.DN_FORMAT_LDAPV3) # search_filter = dn[0] # logger.debug('get_attributes: rdn is %s' % search_filter) data = [] try: # ldap_result_id = l.search(base_dn, search_scope, # search_filter, retrieve_attributes) ldap_result_id = l.search(dn, search_scope, attrlist=retrieve_attributes) result_type, result_data = l.result(ldap_result_id, 0) logger.debug('get_attributes: result %s %s' \ % (result_type, result_data)) for d, dic in result_data: logger.debug('get_attributes: found %s' % d) if d == dn: logger.debug('get_attributes: \ Attributes are %s' % dic) for key in dic.keys(): attr = {} attr['definition'] = key attr['values'] = [\ a.decode('utf-8') for a in dic[key]] data.append(attr) except ldap.LDAPError, err: logger.error('get_attributes: \ an error occured at searching due to %s' % err) else:
def get_attributes(user, definitions=None, source=None, **kwargs): ''' Return attributes dictionnary Dictionnary format: attributes = dict() data_from_source = list() a1 = dict() a1['oid'] = definition_name Or a1['definition'] = definition_name definition may be the definition name like 'gn' or an alias like 'givenName' Or a1['name'] = attribute_name_in_ns a1['namespace'] = ns_name a1['values'] = list_of_values data_from_source.append(a1) ... data_from_source.append(a2) attributes[source_name] = data_from_source First attempt on 'definition' key. Else, definition is searched by 'name' and 'namespece' keys. ''' if not user: logger.error('get_attributes: No user provided') return None logger.debug('get_attributes: Searching attributes for user %s' \ % user) from authentic2.attribute_aggregator.models import LdapSource sources = None if source: logger.debug('get_attributes: The required source is %s' % source) try: sources = [source.ldapsource] logger.debug('get_attributes: The source is an LDAP source!') except: logger.debug('get_attributes: \ The required source is not a LDAP one') return None else: sources = LdapSource.objects.all() if not sources: logger.debug('get_attributes: No LDAP source configured') return None attributes = dict() for source in sources: logger.debug('get_attributes: The LDAP source is known as %s' \ % source.name) identifier = None ''' Check if the user is authenticated by LDAP. If it is, grab the user dn from the LDAPUser object ''' try: from django_auth_ldap.backend import LDAPBackend backend = LDAPBackend() u = backend.get_user(user.id) dn = u.ldap_user.dn if not dn: logger.debug('get_attributes: \ User not logged with LDAP') else: logger.debug('get_attributes: \ User logged with dn %s' % dn) '''is it logged in that source?''' logger.debug('get_attributes: \ Is the user logged with the source %s?' % source.name) try: l = ldap.open(source.server) l.protocol_version = ldap.VERSION3 username = source.user password = source.password if username and password: l.simple_bind(username, password) ldap_result_id = \ l.search(dn, ldap.SCOPE_BASE, attrlist=['objectClass']) result_type, result_data = l.result(ldap_result_id, 0) logger.debug('get_attributes: Yes it is, result %s %s' \ % (result_type, result_data)) identifier = dn except ldap.LDAPError, err: logger.debug('get_attributes: \ User dn %s unknown in %s or error %s' \ % (dn, source.name, str(err))) except Exception, err: logger.error('get_attributes: \ Error working with the LDAP backend %s' %str(err)) if not identifier: identifier = get_user_alias_in_source(user, source) if not identifier: logger.error('get_attributes: \ No user identifier known into that source') else: logger.debug('get_attributes: \ the user is known as %s in source %s' \ % (identifier, source.name)) try: l = ldap.open(source.server) l.protocol_version = ldap.VERSION3 username = source.user password = source.password if username and password: l.simple_bind(username, password) except ldap.LDAPError, err: logger.error('get_attributes: \ an error occured at binding due to %s' % err) else: