def create_obj(entity):
__validate_obj(entity, 'Create PermObj')
try:
attrs = {}
attrs.update({OBJ_NM: entity.obj_name})
# generate random id:
entity.internal_id = str(uuid.uuid4())
attrs.update({global_ids.INTERNAL_ID: entity.internal_id})
attrs.update({global_ids.OU: entity.ou})
if entity.description is not None and len(entity.description) > 0:
attrs.update({global_ids.DESC: entity.description})
if entity.type is not None and len(entity.type) > 0:
attrs.update({TYPE: entity.type})
if entity.props is not None and len(entity.props) > 0:
attrs.update({global_ids.PROPS: entity.props})
conn = ldaphelper.open()
id = conn.add(__get_obj_dn(entity), PERM_OBJ_OCS, attrs)
except Exception as e:
raise LdapException('PermObj create error=' + str(e),
global_ids.PERM_ADD_FAILED)
else:
result = ldaphelper.get_result(conn, id)
if result == global_ids.OBJECT_ALREADY_EXISTS:
raise LdapException(
'PermObj create failed, already exists:' + entity.name,
global_ids.PERM_ADD_FAILED)
elif result != 0:
raise LdapException('PermObj create failed result=' + str(result),
global_ids.PERM_ADD_FAILED)
return entity
def update_obj(entity):
__validate_obj(entity, 'Update PermObj')
try:
attrs = {}
if entity.ou is not None and len(entity.ou) > 0:
attrs.update({global_ids.OU: [(MODIFY_REPLACE, [entity.ou])]})
if entity.description is not None and len(entity.description) > 0:
attrs.update(
{global_ids.DESC: [(MODIFY_REPLACE, [entity.description])]})
if entity.type is not None and len(entity.type) > 0:
attrs.update({TYPE: [(MODIFY_REPLACE, [entity.type])]})
if entity.props is not None and len(entity.props) > 0:
attrs.update({global_ids.PROPS: [(MODIFY_REPLACE, entity.props)]})
if len(attrs) > 0:
conn = ldaphelper.open()
id = conn.modify(__get_obj_dn(entity), attrs)
except Exception as e:
raise LdapException('PermObj update error=' + str(e),
global_ids.PERM_UPDATE_FAILED)
else:
result = ldaphelper.get_result(conn, id)
if result == global_ids.NOT_FOUND:
raise LdapException(
'PermObj update failed, not found:' + entity.name,
global_ids.PERM_UPDATE_FAILED)
elif result != 0:
raise LdapException('PermObj update failed result=' + str(result),
global_ids.PERM_UPDATE_FAILED)
return entity
def create(entity):
__validate(entity, 'Create Role')
try:
attrs = {}
attrs.update({global_ids.CN: entity.name})
attrs.update({ROLE_NAME: entity.name})
# generate random id:
entity.internal_id = str(uuid.uuid4())
attrs.update({global_ids.INTERNAL_ID: entity.internal_id})
if entity.description is not None and len(entity.description) > 0:
attrs.update({global_ids.DESC: entity.description})
if entity.props is not None and len(entity.props) > 0:
attrs.update({global_ids.PROPS: entity.props})
if entity.constraint is not None:
attrs.update({global_ids.CONSTRAINT: entity.constraint.get_raw()})
conn = ldaphelper.open()
id = conn.add(__get_dn(entity), ROLE_OCS, attrs)
except Exception as e:
raise LdapException('Role create error=' + str(e),
global_ids.ROLE_ADD_FAILED)
else:
result = ldaphelper.get_result(conn, id)
if result == global_ids.OBJECT_ALREADY_EXISTS:
raise LdapException(
'Role create failed, already exists:' + entity.name,
global_ids.ROLE_ADD_FAILED)
elif result != 0:
raise LdapException('Role create failed result=' + str(result),
global_ids.ROLE_ADD_FAILED)
return entity
def update(entity):
__validate(entity, 'Update Role')
try:
attrs = {}
if entity.description is not None and len(entity.description) > 0:
attrs.update(
{global_ids.DESC: [(MODIFY_REPLACE, [entity.description])]})
if entity.props is not None and len(entity.props) > 0:
attrs.update(
{global_ids.PROPS: [(MODIFY_REPLACE, [entity.props])]})
if entity.constraint is not None:
attrs.update({
global_ids.CONSTRAINT:
[(MODIFY_REPLACE, [entity.constraint.get_raw()])]
})
if len(attrs) > 0:
conn = ldaphelper.open()
id = conn.modify(__get_dn(entity), attrs)
except Exception as e:
raise LdapException('Role update error=' + str(e),
global_ids.ROLE_UPDATE_FAILED)
else:
result = ldaphelper.get_result(conn, id)
if result == global_ids.NOT_FOUND:
raise LdapException('Role update failed, not found:' + entity.name,
global_ids.ROLE_UPDATE_FAILED)
elif result != 0:
raise LdapException('Role update failed result=' + str(result),
global_ids.ROLE_UPDATE_FAILED)
return entity
def delete_obj(entity):
__validate_obj(entity, 'Delete PermObj')
try:
conn = ldaphelper.open()
id = conn.delete(__get_obj_dn(entity))
except Exception as e:
raise LdapException('PermObj delete error=' + str(e),
global_ids.PERM_DELETE_FAILED)
else:
result = ldaphelper.get_result(conn, id)
if result == global_ids.NOT_FOUND:
raise LdapException('PermObj delete not found:' + entity.name,
global_ids.PERM_DELETE_FAILED)
elif result != 0:
raise LdapException('PermObj delete failed result=' + str(result),
global_ids.PERM_DELETE_FAILED)
return entity
def remove_member(entity, uid):
__validate(entity, 'Remove Member')
try:
attrs = {}
if uid is not None and len(uid) > 0:
user_dn = __get_user_dn(uid)
attrs.update({MEMBER: [(MODIFY_DELETE, user_dn)]})
conn = ldaphelper.open()
id = conn.modify(__get_dn(entity), attrs)
except Exception as e:
raise LdapException('Remove member error=' + str(e),
global_ids.ROLE_USER_DEASSIGN_FAILED)
else:
result = ldaphelper.get_result(conn, id)
if result == global_ids.NO_SUCH_ATTRIBUTE:
raise LdapException('Remove member failed, not assigned, role=' +
entity.name + ', member dn=' + user_dn)
elif result != 0:
raise LdapException('Remove member failed result=' + str(result),
global_ids.ROLE_USER_DEASSIGN_FAILED)
return entity
def add_member(entity, uid):
__validate(entity, 'Add Member')
try:
attrs = {}
if uid is not None and len(uid) > 0:
user_dn = __get_user_dn(uid)
attrs.update({MEMBER: [(MODIFY_ADD, user_dn)]})
conn = ldaphelper.open()
id = conn.modify(__get_dn(entity), attrs)
except Exception as e:
raise LdapException('Add member error=' + str(e),
global_ids.ROLE_USER_ASSIGN_FAILED)
else:
result = ldaphelper.get_result(conn, id)
if result == global_ids.NOT_FOUND:
raise LdapException('Add member failed, not found, role=' +
entity.name + ', member dn=' + user_dn)
elif result != 0:
raise LdapException('Add member failed result=' + str(result),
global_ids.ROLE_USER_ASSIGN_FAILED)
return entity
def grant(entity, role):
__validate(entity, 'Grant Perm')
try:
attrs = {}
if role is not None:
attrs.update({ROLES: [(MODIFY_ADD, role.name)]})
conn = ldaphelper.open()
id = conn.modify(__get_dn(entity), attrs)
except Exception as e:
raise LdapException('Perm grant error=' + str(e),
global_ids.PERM_GRANT_FAILED)
else:
result = ldaphelper.get_result(conn, id)
if result == global_ids.NOT_FOUND:
raise LdapException(
'Perm grant failed, not found, obj name=' + entity.obj_name +
', op_name=' + entity.op_name + ', op id=' + entity.obj_id +
', role=' + role.name, global_ids.PERM_OP_NOT_FOUND)
elif result != 0:
raise LdapException('Perm grant failed result=' + str(result),
global_ids.PERM_GRANT_FAILED)
return entity
def revoke(entity, role):
__validate(entity, 'Revoke Perm')
try:
attrs = {}
if role is not None:
attrs.update({ROLES: [(MODIFY_DELETE, role.name)]})
conn = ldaphelper.open()
id = conn.modify(__get_dn(entity), attrs)
except Exception as e:
raise LdapException('Perm revoke error=' + str(e),
global_ids.PERM_REVOKE_FAILED)
else:
result = ldaphelper.get_result(conn, id)
if result == global_ids.NO_SUCH_ATTRIBUTE:
raise LdapException(
'Perm revoke failed, not granted, obj name=' +
entity.obj_name + ', op_name=' + entity.op_name + ', op id=' +
entity.obj_id + ', role=' + role.name,
global_ids.PERM_ROLE_NOT_EXIST)
elif result != 0:
raise LdapException('Perm revoke failed result=' + str(result),
global_ids.PERM_REVOKE_FAILED)
return entity
def assign(entity, constraint):
__validate(entity, 'Assign')
try:
attrs = {}
if constraint is not None:
attrs.update(
{ROLE_CONSTRAINTS: [(MODIFY_ADD, constraint.get_raw())]})
attrs.update({ROLES: [(MODIFY_ADD, constraint.name)]})
if len(attrs) > 0:
conn = ldaphelper.open()
id = conn.modify(__get_dn(entity), attrs)
except Exception as e:
raise LdapException('User assign error=' + str(e),
global_ids.URLE_ASSIGN_FAILED)
else:
result = ldaphelper.get_result(conn, id)
if result == global_ids.NOT_FOUND:
raise LdapException('User assign failed, not found:' + entity.name,
global_ids.USER_NOT_FOUND)
elif result != 0:
raise LdapException('User assign failed result=' + str(result),
global_ids.URLE_ASSIGN_FAILED)
return entity
def update(entity):
__validate(entity, 'Update User')
try:
attrs = {}
if entity.cn is not None or len(entity.cn) > 0:
attrs.update({global_ids.CN: [(MODIFY_REPLACE, [entity.cn])]})
if entity.sn is not None or len(entity.sn) > 0:
attrs.update({global_ids.SN: [(MODIFY_REPLACE, [entity.sn])]})
if entity.password is not None and len(entity.password) > 0:
attrs.update({PW: [(MODIFY_REPLACE, [entity.password])]})
if entity.description is not None and len(entity.description) > 0:
attrs.update(
{global_ids.DESC: [(MODIFY_REPLACE, [entity.description])]})
if entity.ou is not None and len(entity.ou) > 0:
attrs.update({global_ids.OU: [(MODIFY_REPLACE, [entity.ou])]})
if entity.display_name is not None and len(entity.display_name) > 0:
attrs.update(
{DISPLAY_NAME: [(MODIFY_REPLACE, [entity.display_name])]})
if entity.employee_type is not None and len(entity.employee_type) > 0:
attrs.update(
{EMPLOYEE_TYPE: [(MODIFY_REPLACE, entity.employee_type)]})
if entity.title is not None and len(entity.title) > 0:
attrs.update({TITLE: [(MODIFY_REPLACE, [entity.title])]})
if entity.phones is not None and len(entity.phones) > 0:
attrs.update({TELEPHONE_NUMBER: [(MODIFY_REPLACE, entity.phones)]})
if entity.mobiles is not None and len(entity.mobiles) > 0:
attrs.update({MOBILE: [(MODIFY_REPLACE, entity.mobiles)]})
if entity.emails is not None and len(entity.emails) > 0:
attrs.update({MAIL: [(MODIFY_REPLACE, entity.emails)]})
if entity.system is not None:
attrs.update({IS_SYSTEM: [(MODIFY_REPLACE, entity.system)]})
if entity.props is not None and len(entity.props) > 0:
attrs.update({global_ids.PROPS: [(MODIFY_REPLACE, entity.props)]})
if entity.department_number is not None and len(
entity.department_number) > 0:
attrs.update(
{DEPT_NUM: [(MODIFY_REPLACE, entity.department_number)]})
if entity.l is not None and len(entity.l) > 0:
attrs.update({LOCATION: [(MODIFY_REPLACE, entity.l)]})
if entity.physical_delivery_office_name is not None and len(
entity.physical_delivery_office_name) > 0:
attrs.update({
PHYSICAL_OFFICE_NM:
[(MODIFY_REPLACE, entity.physical_delivery_office_name)]
})
if entity.postal_code is not None and len(entity.postal_code) > 0:
attrs.update({POSTAL_CODE: [(MODIFY_REPLACE, entity.postal_code)]})
if entity.room_number is not None and len(entity.room_number) > 0:
attrs.update({RM_NUM: [(MODIFY_REPLACE, entity.room_number)]})
if entity.constraint is not None:
attrs.update({
global_ids.CONSTRAINT:
[(MODIFY_REPLACE, entity.constraint.get_raw())]
})
if entity.pw_policy is not None and len(entity.pw_policy) > 0:
attrs.update({PW_POLICY: [(MODIFY_REPLACE, entity.pw_policy)]})
if len(attrs) > 0:
conn = ldaphelper.open()
id = conn.modify(__get_dn(entity), attrs)
except Exception as e:
raise LdapException('User update error=' + str(e),
global_ids.USER_UPDATE_FAILED)
else:
result = ldaphelper.get_result(conn, id)
if result == global_ids.NOT_FOUND:
raise LdapException('User update failed, not found:' + entity.name,
global_ids.USER_UPDATE_FAILED)
elif result != 0:
raise LdapException('User update failed result=' + str(result),
global_ids.USER_UPDATE_FAILED)
return entity
def create(entity):
__validate(entity, 'Create User')
try:
attrs = {}
attrs.update({global_ids.UID: entity.uid})
# generate random id:
entity.internal_id = str(uuid.uuid4())
attrs.update({global_ids.INTERNAL_ID: entity.internal_id})
# cn is req'd for iNetOrgPerson, if caller did not set, use uid value
if entity.cn is None or len(entity.cn) == 0:
entity.cn = entity.uid
attrs.update({global_ids.CN: entity.cn})
# likewise sn is req'd for iNetOrgPerson, if caller did not set, use uid value
if entity.sn is None or len(entity.sn) == 0:
entity.sn = entity.uid
attrs.update({global_ids.SN: entity.sn})
if entity.password is not None and len(entity.password) > 0:
attrs.update({PW: entity.password})
if entity.description is not None and len(entity.description) > 0:
attrs.update({global_ids.DESC: entity.description})
if entity.ou is not None and len(entity.ou) > 0:
attrs.update({global_ids.OU: entity.ou})
if entity.display_name is not None and len(entity.display_name) > 0:
attrs.update({DISPLAY_NAME: entity.display_name})
if entity.employee_type is not None and len(entity.employee_type) > 0:
attrs.update({EMPLOYEE_TYPE: entity.employee_type})
if entity.title is not None and len(entity.title) > 0:
attrs.update({TITLE: entity.title})
if entity.phones is not None and len(entity.phones) > 0:
attrs.update({TELEPHONE_NUMBER: entity.phones})
if entity.mobiles is not None and len(entity.mobiles) > 0:
attrs.update({MOBILE: entity.mobiles})
if entity.emails is not None and len(entity.emails) > 0:
attrs.update({MAIL: entity.emails})
if entity.system is not None:
attrs.update({IS_SYSTEM: entity.system})
if entity.props is not None and len(entity.props) > 0:
attrs.update({global_ids.PROPS: entity.props})
if entity.department_number is not None and len(
entity.department_number) > 0:
attrs.update({DEPT_NUM: entity.department_number})
if entity.l is not None and len(entity.l) > 0:
attrs.update({LOCATION: entity.l})
if entity.physical_delivery_office_name is not None and len(
entity.physical_delivery_office_name) > 0:
attrs.update(
{PHYSICAL_OFFICE_NM: entity.physical_delivery_office_name})
if entity.postal_code is not None and len(entity.postal_code) > 0:
attrs.update({POSTAL_CODE: entity.postal_code})
if entity.room_number is not None and len(entity.room_number) > 0:
attrs.update({RM_NUM: entity.room_number})
if entity.constraint is not None:
attrs.update({global_ids.CONSTRAINT: entity.constraint.get_raw()})
if entity.pw_policy is not None and len(entity.pw_policy) > 0:
attrs.update({PW_POLICY: entity.pw_policy})
conn = ldaphelper.open()
id = conn.add(__get_dn(entity), USER_OCS, attrs)
except Exception as e:
raise LdapException('User create error=' + str(e),
global_ids.USER_ADD_FAILED)
else:
result = ldaphelper.get_result(conn, id)
if result == global_ids.OBJECT_ALREADY_EXISTS:
raise LdapException(
'User create failed, already exists:' + entity.name,
global_ids.USER_ADD_FAILED)
elif result != 0:
raise LdapException('User create failed result=' + str(result),
global_ids.USER_ADD_FAILED)
return entity
