def __getGroups(self, user: ldaputil.LDAPResultType): try: groups: typing.List[str] = [] filter_ = '(&(objectClass=%s)(|(%s=%s)(%s=%s)))' % ( self._groupClass, self._memberAttr, user['_id'], self._memberAttr, user['dn'], ) for d in ldaputil.getAsDict( con=self.__connection(), base=self._ldapBase, ldapFilter=filter_, attrList=[self._groupIdAttr], sizeLimit=10 * LDAP_RESULT_LIMIT, ): if self._groupIdAttr in d: for k in d[self._groupIdAttr]: groups.append(k) logger.debug('Groups: %s', groups) return groups except Exception: logger.exception('Exception at __getGroups') return []
def __getGroup(self, l): base = ','.join(['DC=' + i for i in self._domain.split('.')]) group = ldaputil.escape(self._group) try: obj = next(ldaputil.getAsDict(l, base, "(&(objectClass=group)(|(cn={0})(sAMAccountName={0})))".format(group), ['dn'], sizeLimit=50)) except StopIteration: obj = None if obj is None: return None return obj['dn'] # Returns the DN
def __getUser(self, username: str) -> typing.Optional[ldaputil.LDAPResultType]: """ Searchs for the username and returns its LDAP entry @param username: username to search, using user provided parameters at configuration to map search entries. @return: None if username is not found, an dictionary of LDAP entry attributes if found. @note: Active directory users contains the groups it belongs to in "memberOf" attribute """ attributes = [self._userIdAttr] + self.__getAttrsFromField(self._userNameAttr) + self.__getAttrsFromField(self._groupNameAttr) user = ldaputil.getFirst( con=self.__connection(), base=self._ldapBase, objectClass=self._userClass, field=self._userIdAttr, value=username, attributes=attributes, sizeLimit=LDAP_RESULT_LIMIT ) # If user attributes is split, that is, it has more than one "ldap entry", get a second entry filtering by a new attribute # and add result attributes to "main" search. # For example, you can have authentication in an "user" object class and attributes in an "user_attributes" object class. # Note: This is very rare situation, but it ocurrs :) if user and self._altClass: for usr in ldaputil.getAsDict( con=self.__connection(), base=self._ldapBase, ldapFilter='(&(objectClass={})({}={}))'.format(self._altClass, self._userIdAttr, ldaputil.escape(username)), attrList=attributes, sizeLimit=LDAP_RESULT_LIMIT ): for attr in self.__getAttrsFromField(self._groupNameAttr): v = usr.get(attr) if not v: continue kl = attr.lower() # If already exists the field, check if it is a list to add new elements... if kl in usr: # Convert existing to list, so we can add a new value if not isinstance(user[kl], (list, tuple)): user[kl] = [user[kl]] # Convert values to list, if not list if not isinstance(v, (list, tuple)): v = [v] # Now append to existing values for x in v: user[kl].append(x) else: user[kl] = v return user
def __getGroup(self, ldapConnection: typing.Any) -> typing.Optional[str]: base = ','.join(['DC=' + i for i in self._domain.split('.')]) group = ldaputil.escape(self._group) obj: typing.Optional[typing.MutableMapping[str, typing.Any]] try: obj = next(ldaputil.getAsDict(ldapConnection, base, "(&(objectClass=group)(|(cn={0})(sAMAccountName={0})))".format(group), ['dn'], sizeLimit=50)) except StopIteration: obj = None if obj is None: return None return obj['dn'] # Returns the DN
def __getGroups(self, usr): filter_ = '(&(objectClass={})(|({}={})({}={})))'.format(self._groupClass, self._memberAttr, usr['_id'], self._memberAttr, usr['dn']) groups = {} for d in ldaputil.getAsDict( con=self.__connection(), base=self._ldapBase, ldapFilter=filter_, attrList=[self._groupIdAttr], sizeLimit=10 * LDAP_RESULT_LIMIT # Increase LDAP limit, so we can accept 500 groups or so ): groups[d[self._groupIdAttr][0]] = d['dn'] return groups
def __getMachine(self, l, machineName): if self._ou: base = self._ou else: base = ','.join(['DC=' + i for i in self._domain.split('.')]) fltr = '(&(objectClass=computer)(sAMAccountName={}$))'.format(ldaputil.escape(machineName)) try: obj = next(ldaputil.getAsDict(l, base, fltr, ['dn'], sizeLimit=50)) except StopIteration: obj = None if obj is None: return None return obj['dn'] # Returns the DN
def __getMachine(self, ldapConnection, machineName: str) -> typing.Optional[str]: # if self._ou: # base = self._ou # else: base = ','.join(['DC=' + i for i in self._domain.split('.')]) fltr = '(&(objectClass=computer)(sAMAccountName={}$))'.format(ldaputil.escape(machineName)) obj: typing.Optional[typing.MutableMapping[str, typing.Any]] try: obj = next(ldaputil.getAsDict(ldapConnection, base, fltr, ['dn'], sizeLimit=50)) except StopIteration: obj = None if obj is None: return None return obj['dn'] # Returns the DN
def __getMachine(self, l, machineName): # if self._ou: # base = self._ou # else: base = ','.join(['DC=' + i for i in self._domain.split('.')]) fltr = '(&(objectClass=computer)(sAMAccountName={}$))'.format( ldaputil.escape(machineName)) try: obj = next(ldaputil.getAsDict(l, base, fltr, ['dn'], sizeLimit=50)) except StopIteration: obj = None if obj is None: return None return obj['dn'] # Returns the DN
def searchGroups(self, pattern): try: res = [] for r in ldaputil.getAsDict( con=self.__connection(), base=self._ldapBase, ldapFilter='(&(objectClass={})({}={}*))'.format( self._groupClass, self._groupIdAttr, pattern), attrList=[self._groupIdAttr], sizeLimit=LDAP_RESULT_LIMIT): grpId = r[self._groupIdAttr][0] res.append({'id': grpId, 'name': grpId}) return res except Exception: logger.exception("Exception: ") raise AuthenticatorException( _('Too many results, be more specific'))
def __getGroups(self, usr): filter_ = '(&(objectClass={})(|({}={})({}={})))'.format( self._groupClass, self._memberAttr, usr['_id'], self._memberAttr, usr['dn']) groups = {} for d in ldaputil.getAsDict( con=self.__connection(), base=self._ldapBase, ldapFilter=filter_, attrList=[self._groupIdAttr], sizeLimit=10 * LDAP_RESULT_LIMIT # Increase LDAP limit, so we can accept 500 groups or so ): groups[d[self._groupIdAttr][0]] = d['dn'] return groups
def searchUsers(self, pattern): try: res = [] for r in ldaputil.getAsDict( con=self.__connection(), base=self._ldapBase, ldapFilter='(&(objectClass={})({}={}*))'.format(self._userClass, self._userIdAttr, pattern), attrList=[self._userIdAttr], sizeLimit=LDAP_RESULT_LIMIT ): res.append({ 'id': r[self._userIdAttr][0], # Ignore @... 'name': self.__getUserRealName(r) }) return res except Exception: logger.exception("Exception: ") raise AuthenticatorException(_('Too many results, be more specific'))
def searchGroups(self, pattern): try: fld = self._groupIdAttr res = [] for r in ldaputil.getAsDict( con=self.__connection(), base=self.__getLdapBase(), ldapFilter='(&(objectClass=%s)(%s=%s*))' % (self._groupClass, self._groupIdAttr, pattern), attrList=[fld, 'memberOf', 'description'], sizeLimit=LDAP_RESULT_LIMIT): res.append({'id': r[fld][0], 'name': r['description'][0]}) return res except Exception: logger.exception("Exception: ") raise AuthenticatorException( _('Too many results, be more specific'))
def __getGroup(self, l): base = ','.join(['DC=' + i for i in self._domain.split('.')]) group = ldaputil.escape(self._group) try: obj = next( ldaputil.getAsDict( l, base, "(&(objectClass=group)(|(cn={0})(sAMAccountName={0})))". format(group), ['dn'], sizeLimit=50)) except StopIteration: obj = None if obj is None: return None return obj['dn'] # Returns the DN
def searchGroups(self, pattern): try: res = [] for r in ldaputil.getAsDict( con=self.__connection(), base=self._ldapBase, ldapFilter='(&(objectClass={})({}={}*))'.format(self._groupClass, self._groupIdAttr, pattern), attrList=[self._groupIdAttr], sizeLimit=LDAP_RESULT_LIMIT ): grpId = r[self._groupIdAttr][0] res.append({ 'id': grpId, 'name': grpId }) return res except Exception: logger.exception("Exception: ") raise AuthenticatorException(_('Too many results, be more specific'))
def searchGroups(self, pattern: str) -> typing.Iterable[typing.Dict[str, str]]: try: res = [] for r in ldaputil.getAsDict( con=self.__connection(), base=self._ldapBase, ldapFilter='(&(objectClass=%s)(%s=%s*))' % (self._groupClass, self._groupIdAttr, pattern), attrList=[self._groupIdAttr, 'memberOf', 'description'], sizeLimit=LDAP_RESULT_LIMIT, ): res.append({'id': r[self._groupIdAttr][0], 'name': r['description'][0]}) return res except Exception: logger.exception("Exception: ") raise auths.exceptions.AuthenticatorException( _('Too many results, be more specific') )
def searchUsers(self, pattern): try: res = [] for r in ldaputil.getAsDict( con=self.__connection(), base=self._ldapBase, ldapFilter='(&(objectClass={})({}={}*))'.format( self._userClass, self._userIdAttr, pattern), attrList=[self._userIdAttr], sizeLimit=LDAP_RESULT_LIMIT): res.append({ 'id': r[self._userIdAttr][0], # Ignore @... 'name': self.__getUserRealName(r) }) return res except Exception: logger.exception("Exception: ") raise AuthenticatorException( _('Too many results, be more specific'))
def searchUsers(self, pattern): try: res = [] for r in ldaputil.getAsDict( con=self.__connection(), base=self._ldapBase, ldapFilter='(&(&(objectClass={})({}={}*)))'.format(self._userClass, self._userIdAttr, ldaputil.escape(pattern)), attrList=None, # All attrs sizeLimit=LDAP_RESULT_LIMIT ): logger.debug('R: {0}'.format(r)) res.append({ 'id': r.get(self._userIdAttr.lower(), '')[0], 'name': self.__getUserRealName(r) }) logger.debug(res) return res except Exception: logger.exception("Exception: ") raise AuthenticatorException(_('Too many results, be more specific'))
def searchGroups(self, pattern): try: fld = self._groupIdAttr res = [] for r in ldaputil.getAsDict( con=self.__connection(), base=self.__getLdapBase(), ldapFilter='(&(objectClass=%s)(%s=%s*))' % (self._groupClass, self._groupIdAttr, pattern), attrList=[fld, 'memberOf', 'description'], sizeLimit=LDAP_RESULT_LIMIT ): res.append({ 'id': r[fld][0], 'name': r['description'][0] }) return res except Exception: logger.exception("Exception: ") raise AuthenticatorException(_('Too many results, be more specific'))
def searchUsers(self, pattern): try: res = [] for r in ldaputil.getAsDict( con=self.__connection(), base=self._ldapBase, ldapFilter='(&(&(objectClass={})({}={}*)))'.format(self._userClass, self._userIdAttr, ldaputil.escape(pattern)), attrList=None, # All attrs sizeLimit=LDAP_RESULT_LIMIT ): logger.debug('R: {0}'.format(r)) res.append({ 'id': r.get(self._userIdAttr.lower(), '')[0], 'name': self.__getUserRealName(r) }) logger.debug(res) return res except Exception: logger.exception("Exception: ") raise AuthenticatorException(_('Too many results, be more specific'))
def searchUsers(self, pattern: str) -> typing.Iterable[typing.Dict[str, str]]: try: res = [] for r in ldaputil.getAsDict( con=self.__connection(), base=self._ldapBase, ldapFilter='(&(objectClass=%s)(%s=%s*))' % (self._userClass, self._userIdAttr, pattern), attrList=[self._userIdAttr, self._userNameAttr], sizeLimit=LDAP_RESULT_LIMIT): res.append({ 'id': r[self._userIdAttr][0], # Ignore @... 'name': self.__getUserRealName(r) }) return res except Exception: logger.exception("Exception: ") raise auths.exceptions.AuthenticatorException( _('Too many results, be more specific'))
def __getGroups(self, usr): try: groups = {} filter_ = '(&(objectClass=%s)(|(%s=%s)(%s=%s)))' % (self._groupClass, self._memberAttr, usr['_id'], self._memberAttr, usr['dn']) fld = self._groupIdAttr for d in ldaputil.getAsDict( con=self.__connection(), base=self.__getLdapBase(), ldapFilter=_filter, attrList=[fld], sizeLimit=10 * LDAP_RESULT_LIMIT ): if fld in d: for k in d[fld]: groups.add(k) logger.debug('Groups: {0}'.format(groups)) return groups except Exception: logger.exception('Exception at __getGroups') return {}
def __getGroups(self, usr): try: groups = {} filter_ = '(&(objectClass=%s)(|(%s=%s)(%s=%s)))' % ( self._groupClass, self._memberAttr, usr['_id'], self._memberAttr, usr['dn']) fld = self._groupIdAttr for d in ldaputil.getAsDict(con=self.__connection(), base=self.__getLdapBase(), ldapFilter=_filter, attrList=[fld], sizeLimit=10 * LDAP_RESULT_LIMIT): if fld in d: for k in d[fld]: groups.add(k) logger.debug('Groups: {0}'.format(groups)) return groups except Exception: logger.exception('Exception at __getGroups') return {}