def create_on_internal_ldap(sender, user, **kwargs):
"""
BackendUser instances are used to represent external backends (e.g. LDAP) users.
If such a user is created, we should therefor create the user on the backend.
"""
if user is not None:
try:
internal_ldap = get_internal_ldap_connected()
created = internal_ldap.create_user(user.backend_id,
user.backend_pk,
user.django_user.password,
user.primary_group.backend_id,
'/home/' + user.get_username())
# FIXME: this is the first time we really know the ID/PK given by the backend.
# all other operations having used to old ones might not be valid anymore...
user.backend_id = created.get(UserBackend.FIELD_ID)
user.backend_pk = created.get(UserBackend.FIELD_PK)
user.save()
except UserBackendError as ex:
user.delete() # XXX: cleanup?
raise ex
finally:
try:
internal_ldap.disconnect()
except:
pass
def create_on_internal_ldap(sender, user, **kwargs):
"""
BackendUser instances are used to represent external backends (e.g. LDAP) users.
If such a user is created, we should therefor create the user on the backend.
"""
if user is not None:
try:
internal_ldap = get_internal_ldap_connected()
created = internal_ldap.create_user(
user.backend_id,
user.backend_pk,
user.django_user.password,
user.primary_group.backend_id,
'/home/' + user.get_username()
)
# FIXME: this is the first time we really know the ID/PK given by the backend.
# all other operations having used to old ones might not be valid anymore...
user.backend_id = created.get(UserBackend.FIELD_ID)
user.backend_pk = created.get(UserBackend.FIELD_PK)
user.save()
except UserBackendError as ex:
user.delete() # XXX: cleanup?
raise ex
finally:
try:
internal_ldap.disconnect()
except:
pass
def remove_member_from_internal_ldap_group(sender, group, user, **kwargs):
"""
Whenever a member is removed from a group we need to sync the LDAP group.
"""
if group is not None and user is not None:
try:
internal_ldap = get_internal_ldap_connected()
internal_ldap.remove_group_member(group.backend_pk, user.backend_pk)
finally:
try:
internal_ldap.disconnect()
except:
pass
def authenticate(self, username=None, password=None):
"""
:inherit.
"""
# check if the user already exists in our system
# if so, use the defined backend_pk for validating the credentials on the backend
# if its a Django only user, disallow the login
user = None
if User.objects.filter(username=username).exists():
user = User.objects.get(username=username)
if hasattr(user, 'backend_user'):
username = user.backend_user.backend_pk
else:
return None # not allowed, Django only user
try:
internal_ldap = get_internal_ldap_connected()
user_backend = get_user_backend_connected()
user_backend.auth_user(username, password)
if user is not None: # existing user
if not user.check_password(password):
user.set_password(password) # XXX: not needed. should we leave it empty?
internal_ldap.set_user_password(username, password)
user.save()
else: # new user
uid = BackendUser.generate_internal_uid()
group = self.create_user_groups(username, uid)
user = self.create_users(username, password, uid, group.backend_group)
group.add_user(user.backend_user)
if user.is_active:
return user
else:
return None
except AuthenticationError:
raise PermissionDenied
except UserNotFoundError:
if user is not None: # exists locally but not on backend
user.delete()
except ConnectionError as ex:
logger.exception(ex)
return None
finally:
try:
internal_ldap.disconnect()
user_backend.disconnect()
except:
pass
def delete_on_internal_ldap(sender, user, **kwargs):
"""
In case the BackendUser record is deleted, we need to cleanup the LDAP server.
"""
if user is not None:
try:
internal_ldap = get_internal_ldap_connected()
internal_ldap.delete_user(user.backend_pk)
except UserNotFoundError:
pass # already deleted
except UserBackendError as ex:
# XXX: recreate?
raise ex
finally:
try:
internal_ldap.disconnect()
except:
pass
def delete_on_internal_ldap(sender, group, **kwargs):
"""
In case the BackendGroup record is deleted, we need to cleanup the internal LDAP server.
"""
if group is not None:
try:
internal_ldap = get_internal_ldap_connected()
internal_ldap.delete_group(group.backend_pk)
except GroupNotFoundError:
pass # already deleted
except GroupBackendError as ex:
# XXX: recreate?
raise ex
finally:
try:
internal_ldap.disconnect()
except:
pass
def delete_on_internal_ldap(sender, user, **kwargs):
"""
In case the BackendUser record is deleted, we need to cleanup the LDAP server.
"""
if user is not None:
try:
internal_ldap = get_internal_ldap_connected()
internal_ldap.delete_user(user.backend_pk)
except UserNotFoundError:
pass # already deleted
except UserBackendError as ex:
# XXX: recreate?
raise ex
finally:
try:
internal_ldap.disconnect()
except:
pass
def create_on_internal_ldap(sender, group, **kwargs):
"""
BackendGroup instances are used to represent external backends (e.g. LDAP) groups.
If such a group is created, we should therefor create the group on the backend.
"""
if group is not None:
try:
internal_ldap = get_internal_ldap_connected()
created = internal_ldap.create_group(group.backend_id, group.backend_pk)
# FIXME: this is the first time we really know the ID/PK given by the backend.
# all other operations having used to old ones might not be valid anymore...
group.backend_id = created.get(GroupBackend.FIELD_ID)
group.backend_pk = created.get(GroupBackend.FIELD_PK)
group.save()
except GroupBackendError as ex:
group.delete() # XXX: cleanup?
raise ex
finally:
try:
internal_ldap.disconnect()
except:
pass