def handle_noargs(self, **options):
"""
ldap_test management command enters here. Main logic as follows:
* check ldap parameters from hue.ini file
* check ldap connection if connection is not successful then provide hints and equivalent
ldapsearch command for more hints.
* using successful ldap connection check for the test_ldap_user. If test_ldap_user is not
specified then assume filter string for all users
* if test_ldap_group is presented in DN(distinguished name format) then execute
find users of test_ldap_group and find groups of test_ldap_group
* if test_ldap_group is not presented in DN format then execute ldap search function
based on group_filter from hue.ini
"""
err_code = 0
connection = None
ldap_config = None
if LDAP.LDAP_SERVERS.get():
ldap_config = next(LDAP.LDAP_SERVERS.__iter__())
else:
ldap_config = LDAP
self.print_ldap_setting(ldap_config)
# Basic validation check for hue.ini's ldap parameters [desktop] > [[ldap]]
err_code = self.check_ldap_params(ldap_config)
if not err_code:
# Connect to only one LDAP server given in the hue.ini config
# @TODO@ support for multiple LDAP servers
try:
connection = ldap_access.get_connection(ldap_config)
except ldap_access.LdapBindException as err:
LOG.warn(str(err))
LOG.info(_(ldap_url_msg))
LOG.info(_(bind_dn_msg))
LOG.warn('hints: check bind_dn, bind_password and ldap_url')
LOG.warn('ldap_url="%s"' % ldap_config.LDAP_URL.get())
LOG.warn('bind_dn="%s"' % ldap_config.BIND_DN.get())
err_code = 1
except:
typ, value, traceback = sys.exc_info()
LOG.warn("%s %s" % (typ, value))
LOG.info(_(ldap_url_msg))
LOG.info(_(bind_dn_msg))
LOG.warn('hints: check bind_dn, bind_password and ldap_url')
LOG.warn('ldap_url="%s"' % ldap_config.LDAP_URL.get())
LOG.warn('bind_dn="%s"' % ldap_config.BIND_DN.get())
err_code = 1
if err_code:
cfg = ldap_access.get_auth(ldap_config)
ldapsearch = 'ldapsearch -x -LLL -H {ldap_url} -D "{binddn}" -w "********" -b "" ' \
' -s base'.format(ldap_url=cfg[0], binddn=cfg[1])
LOG.warn(ldapsearch)
self.sys_exit(err_code)
LOG.info('LDAP whoami_s() %s' %
(connection.ldap_handle.whoami_s()))
if ldap_config.TEST_LDAP_USER.get() is not None:
err_code = self.find_ldapusers(ldap_config, connection)
if err_code:
self.sys_exit(err_code)
if ldap_config.TEST_LDAP_GROUP.get() is not None:
group_dn = None
try:
group_dn = ldap.explode_dn(
ldap_config.TEST_LDAP_GROUP.get())
except:
group_dn = None
if group_dn is not None:
# group DN
err_code = self.find_users_of_group(
ldap_config, connection)
if err_code:
self.sys_exit(err_code)
err_code = self.find_groups_of_group(
ldap_config, connection)
if err_code:
self.sys_exit(err_code)
else:
# group name pattern goes as search attribute
err_code = self.find_ldapgroups(
ldap_config, connection)
if err_code:
self.sys_exit(err_code)
else:
LOG.info(
'Now test further by providing test ldap group in CM')
LOG.info('test_ldap_group=somegroupname')
LOG.info(
'test_ldap_group=cn=Administrators,dc=test,dc=com')
else:
LOG.info('Now test further by providing test ldap user in CM')
LOG.info('test_ldap_user=someusername')
self.sys_exit(err_code)
def check_single_ldap_setting(self, ldap_config, is_multi_ldap=False):
self.print_ldap_setting(ldap_config, is_multi_ldap)
# Basic validation check for hue.ini's ldap parameters [desktop] > [[ldap]]
err_code = self.check_ldap_params(ldap_config)
if not err_code:
# Connect to only one LDAP server given in the hue.ini config
try:
connection = ldap_access.get_connection(ldap_config)
except ldap_access.LdapBindException as err:
LOG.warn(str(err))
LOG.info(_(ldap_url_msg))
LOG.info(_(bind_dn_msg))
LOG.warn('hints: check bind_dn, bind_password and ldap_url')
LOG.warn('ldap_url="%s"' % ldap_config.LDAP_URL.get())
LOG.warn('bind_dn="%s"' % ldap_config.BIND_DN.get())
err_code = 1
except:
typ, value, traceback = sys.exc_info()
LOG.warn("%s %s" % (typ, value))
LOG.info(_(ldap_url_msg))
LOG.info(_(bind_dn_msg))
LOG.warn('hints: check bind_dn, bind_password and ldap_url')
LOG.warn('ldap_url="%s"' % ldap_config.LDAP_URL.get())
LOG.warn('bind_dn="%s"' % ldap_config.BIND_DN.get())
err_code = 1
if err_code:
cfg = ldap_access.get_auth(ldap_config)
ldapsearch = 'ldapsearch -x -LLL -H {ldap_url} -D "{binddn}" -w "********" -b "" ' \
' -s base'.format(ldap_url=cfg[0], binddn=cfg[1])
LOG.warn(ldapsearch)
self.sys_exit(err_code)
LOG.info('LDAP whoami_s() %s' %
(connection.ldap_handle.whoami_s()))
if ldap_config.TEST_LDAP_USER.get() is not None:
err_code = self.find_ldapusers(ldap_config, connection)
if err_code:
self.sys_exit(err_code)
if ldap_config.TEST_LDAP_GROUP.get() is not None:
group_dn = None
try:
group_dn = ldap.explode_dn(
ldap_config.TEST_LDAP_GROUP.get())
except:
group_dn = None
if group_dn is not None:
# group DN
err_code = self.find_users_of_group(
ldap_config, connection)
if err_code:
self.sys_exit(err_code)
err_code = self.find_groups_of_group(
ldap_config, connection)
if err_code:
self.sys_exit(err_code)
else:
# group name pattern goes as search attribute
err_code = self.find_ldapgroups(
ldap_config, connection)
if err_code:
self.sys_exit(err_code)
else:
LOG.info(
'Now test further by providing test ldap group in CM')
LOG.info('test_ldap_group=somegroupname')
LOG.info(
'test_ldap_group=cn=Administrators,dc=test,dc=com')
else:
LOG.info('Now test further by providing test ldap user in CM')
LOG.info('test_ldap_user=someusername')
return err_code
def check_single_ldap_setting(self, ldap_config, is_multi_ldap=False):
self.print_ldap_setting(ldap_config, is_multi_ldap)
# Basic validation check for hue.ini's ldap parameters [desktop] > [[ldap]]
err_code = self.check_ldap_params(ldap_config)
if not err_code:
# Connect to only one LDAP server given in the hue.ini config
try:
connection = ldap_access.get_connection(ldap_config)
except ldap_access.LdapBindException as err:
LOG.warn(str(err))
LOG.info(_(ldap_url_msg))
LOG.info(_(bind_dn_msg))
LOG.warn('hints: check bind_dn, bind_password and ldap_url')
LOG.warn('ldap_url="%s"' % ldap_config.LDAP_URL.get())
LOG.warn('bind_dn="%s"' % ldap_config.BIND_DN.get())
err_code = 1
except:
typ, value, traceback = sys.exc_info()
LOG.warn("%s %s" % (typ, value))
LOG.info(_(ldap_url_msg))
LOG.info(_(bind_dn_msg))
LOG.warn('hints: check bind_dn, bind_password and ldap_url')
LOG.warn('ldap_url="%s"' % ldap_config.LDAP_URL.get())
LOG.warn('bind_dn="%s"' % ldap_config.BIND_DN.get())
err_code = 1
if err_code:
cfg = ldap_access.get_auth(ldap_config)
ldapsearch = 'ldapsearch -x -LLL -H {ldap_url} -D "{binddn}" -w "********" -b "" ' \
' -s base'.format(ldap_url=cfg[0], binddn=cfg[1])
LOG.warn(ldapsearch)
self.sys_exit(err_code)
LOG.info('LDAP whoami_s() %s' % (connection.ldap_handle.whoami_s()))
if ldap_config.TEST_LDAP_USER.get() is not None:
err_code = self.find_ldapusers(ldap_config, connection)
if err_code:
self.sys_exit(err_code)
if ldap_config.TEST_LDAP_GROUP.get() is not None:
group_dn = None
try:
group_dn = ldap.explode_dn(ldap_config.TEST_LDAP_GROUP.get())
except:
group_dn = None
if group_dn is not None:
# group DN
err_code = self.find_users_of_group(ldap_config, connection)
if err_code:
self.sys_exit(err_code)
err_code = self.find_groups_of_group(ldap_config, connection)
if err_code:
self.sys_exit(err_code)
else:
# group name pattern goes as search attribute
err_code = self.find_ldapgroups(ldap_config, connection)
if err_code:
self.sys_exit(err_code)
else:
LOG.info('Now test further by providing test ldap group in CM')
LOG.info('test_ldap_group=somegroupname')
LOG.info('test_ldap_group=cn=Administrators,dc=test,dc=com')
else:
LOG.info('Now test further by providing test ldap user in CM')
LOG.info('test_ldap_user=someusername')
return err_code