def accesslogDBEntry(self,
replicator_dn,
log_dir="/opt/gluu/data/accesslog"):
attributes = {
'objectClass': ['olcDatabaseConfig', 'olcMdbConfig'],
'olcDatabase':
'{2}mdb',
'olcDbDirectory':
log_dir,
'OlcDbMaxSize':
1073741824,
'olcSuffix':
'cn=accesslog',
'olcRootDN':
'cn=admin, cn=accesslog',
'olcRootPW':
ldap_encode(self.passwd),
'olcDbIndex': [
'default eq',
'objectClass,entryCSN,entryUUID,reqEnd,reqResult,reqStart'
],
'olcLimits':
'dn.exact="{0}" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited'
.format(replicator_dn),
}
if not self.checkAccesslogDBEntry():
return self.conn.add('olcDatabase={2}mdb,cn=config',
attributes=attributes)
def accesslogDBEntry(self, replicator_dn,
log_dir="/opt/gluu/data/accesslog"):
"""This function creates ldap entry on server for accesslog database.
Args:
replicator_dn (string): replicator dn for replication
log_dir (string, optional): accesslog database directorsy,
default to /opt/gluu/data/accesslog
Returns:
None if accesslogdb entry is already exists else ldap modifcation
result for adding accsesslogdb entry.
"""
attributes = {'objectClass': ['olcDatabaseConfig', 'olcMdbConfig'],
'olcDatabase': '{2}mdb',
'olcDbDirectory': log_dir,
'OlcDbMaxSize': 1073741824,
'olcSuffix': 'cn=accesslog',
'olcRootDN': 'cn=admin, cn=accesslog',
'olcRootPW': ldap_encode(self.passwd),
'olcDbIndex': ['default eq', 'objectClass,entryCSN,entryUUID,reqEnd,reqResult,reqStart,reqDN'],
'olcLimits': 'dn.exact="{0}" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited'.format(replicator_dn),
}
#check if accesslogdb entry is allread exists. If not exists, create it.
if not self.checkAccesslogDBEntry():
return self.conn.add('olcDatabase={2}mdb,cn=config',
attributes=attributes)
def generate_conf(server):
appconfig = AppConfiguration.query.first()
s = server
conf = ''
confile = os.path.join(app.root_path, "templates", "slapd",
s.role + ".conf")
with open(confile, 'r') as c:
conf = c.read()
vals = {
"openldapTLSCACert": "",
"openldapTLSCert": "",
"openldapTLSKey": "",
"encoded_ldap_pw": ldap_encode(s.admin_pw),
"server_id": s.id,
"replication_dn": appconfig.replication_dn,
"openldapSchemaFolder": "/opt/gluu/schema/openldap",
"BCRYPT": "{BCRYPT}"
}
if s.tls_cacert:
vals["openldapTLSCACert"] = 'TLSCACertificateFile "%s"' % s.tls_cacert
if s.tls_servercert:
vals["openldapTLSCert"] = 'TLSCertificateFile "%s"' % s.tls_servercert
if s.tls_serverkey:
vals["openldapTLSKey"] = 'TLSCertificateKeyFile "%s"' % s.tls_serverkey
if s.role == 'consumer':
vals["r_id"] = s.provider_id
vals["phost"] = s.provider.hostname
vals["pport"] = s.provider.port
vals["r_pw"] = appconfig.replication_pw
vals["pprotocol"] = "ldap"
vals["provider_cert"] = ""
if s.provider.protocol == "ldaps":
vals["pprotocol"] = "ldaps"
if s.provider.protocol != "ldap":
cert = "tls_cacert=\"/opt/symas/ssl/{0}.crt\"".format(
s.provider.hostname)
vals["provider_cert"] = cert
conf = conf.format(**vals)
return conf
def addReplicatorUser(self, replicator_dn, passwd):
self.checkBaseDN()
enc_passwd = ldap_encode(passwd)
self.conn.search(replicator_dn,
search_filter='(objectClass=*)',
search_scope=BASE)
if len(self.conn.response): # user dn already exists
return self.conn.modify(
replicator_dn, {"userPassword": [MODIFY_REPLACE, enc_passwd]})
else:
m = re.search('cn=(?P<cn>[a-zA-Z][a-zA-Z ]*[a-zA-Z]),o=gluu',
replicator_dn)
cn = m.group('cn')
attributes = {
'objectClass': ['top', 'inetOrgPerson'],
'cn': cn,
'sn': 'replicator',
'uid': 'replicator',
'userpassword': enc_passwd,
}
return self.conn.add(replicator_dn, attributes=attributes)
def addReplicatorUser(self, replicator_dn, passwd):
"""Adds replicator user (dn)
Args:
replicator_dn (string): dn for replicator user
passwd (string): password of replicator user
Returns:
ldap add/modification result
"""
#Ckech if base dn exists
self.checkBaseDN()
#get encoded password
enc_passwd = ldap_encode(passwd)
#check if replicator user exists
self.conn.search(replicator_dn,
search_filter='(objectClass=*)',
search_scope=BASE)
if len(self.conn.response): # user dn already exists
return self.conn.modify(
replicator_dn, {"userPassword": [MODIFY_REPLACE, enc_passwd]})
else:
m = re.search('cn=(?P<cn>[a-zA-Z][a-zA-Z ]*[a-zA-Z]),o=gluu',
replicator_dn)
cn = m.group('cn')
attributes = {
'objectClass': ['top', 'inetOrgPerson'],
'cn': cn,
'sn': 'replicator',
'uid': 'replicator',
'userpassword': enc_passwd,
}
return self.conn.add(replicator_dn, attributes=attributes)
def test_ldap_encode_uses_a_random_salt(self, mockur):
mockur.return_value = 'asdf'
ldap_encode('password')
mockur.assert_called_once_with(4)
def test_ldap_encode(self):
assert "{SSHA}" in ldap_encode('A Password')