def _set_password(self, name, password, by_cn=True):
unicode_pass = '******' + password + '\"'
password_value = unicode_pass.encode('utf-16-le')
ldap_client = self._bind()
if by_cn:
dn = self._str('CN=%(cn)s,%(user_dn)s' % {
'cn': name,
'user_dn': self.userdn
})
else:
dn = self._str(name)
attrs = {}
attrs['unicodePwd'] = self._str(password_value)
ldif = modlist.modifyModlist({'unicodePwd': 'tmp'}, attrs)
ldap_client.modify_s(dn, ldif)
del(attrs['unicodePwd'])
attrs['UserAccountControl'] = str(NORMAL_ACCOUNT)
ldif = modlist.modifyModlist({'UserAccountControl': 'tmp'}, attrs)
ldap_client.modify_s(dn, ldif)
def fllow_kehuclass_change(self):
_logger.info(u'当客户班级改变时,重写Ldap班级字段')
_logger.info(u'当前客户关联班级字段是%s' % self.kehu_id.name)
if self.cuid == '/':
return None
con = self._get_ldap_connection()[0]
try:
mail = self.res_email or self.email
dn = "mail=%s,%s" % (mail, self._get_ldap_basedn()[0])
#如果更换班级,修改Ldap对应的班级字段,否则设置为None
new = {}
if self.kehu_id.class_number:
new['roomNumber'] = self.kehu_id.class_number.encode('utf-8')
old = {'roomNumber': ' '}
ldif = modlist.modifyModlist(old, new)
con.modify_s(dn, ldif)
else:
new['roomNumber'] = 'None'.encode('utf-8')
old = {'roomNumber': ' '}
ldif = modlist.modifyModlist(old, new)
con.modify_s(dn, ldif)
except ldap.LDAPError, e:
_logger.error(u'注意%s' % e.message)
raise UserError(u'您提前为此客户归属了班级,请悉知,并继续您的下一步')
return False
def _set_password(self, name, password, by_cn=True):
unicode_pass = '******' + password + '\"'
password_value = unicode_pass.encode('utf-16-le')
ldap_client = self._bind()
if by_cn:
dn = self._str('CN=%(cn)s,%(user_dn)s' % {
'cn': name,
'user_dn': self.userdn
})
else:
dn = self._str(name)
attrs = {}
attrs['unicodePwd'] = self._str(password_value)
ldif = modlist.modifyModlist({'unicodePwd': 'tmp'}, attrs)
ldap_client.modify_s(dn, ldif)
del (attrs['unicodePwd'])
attrs['UserAccountControl'] = str(NORMAL_ACCOUNT)
ldif = modlist.modifyModlist({'UserAccountControl': 'tmp'}, attrs)
ldap_client.modify_s(dn, ldif)
def _set_password(self, name, password, by_cn=True):
unicode_pass = '******' + password + '\"'
password_value = unicode_pass.encode('utf-16-le')
ldap_client = self._bind()
if by_cn:
dn = self._byte_p2('CN=%(cn)s,%(user_dn)s' % {
'cn': name,
'user_dn': self.userdn
})
else:
dn = self._byte_p2(name)
attrs = {}
attrs['unicodePwd'] = self._modlist(self._byte_p2(password_value))
ldif = modlist.modifyModlist({'unicodePwd': 'tmp'}, attrs)
ldap_client.modify_s(dn, ldif)
del (attrs['unicodePwd'])
#attrs['UserAccountControl'] = self._modlist(
# self._tobyte(NORMAL_ACCOUNT)
#)
attrs['pwdLastSet'] = self._modlist(self._tobyte(0))
attrs['UserAccountControl'] = self._modlist(
self._tobyte(PASSWORD_EXPIRED))
ldif = modlist.modifyModlist({'UserAccountControl': 'tmp'}, attrs)
ldap_client.modify_s(dn, ldif)
def modify(self, dn, oldattrs, newattrs):
if not dn or newattrs is None:
return
modstruct = modlist.modifyModlist(oldattrs, newattrs)
Info("Ldap style struct: %s" % modstruct)
if modstruct:
self.l.modify(dn, modlist.modifyModlist(oldattrs, newattrs))
def modUser(user):
check = False
try:
# Open a connection
con = ldap.initialize(settings.AUTH_LDAP_SERVER_URI)
# Bind/authenticate with a user with apropriate rights to add objects
con.simple_bind_s(settings.AUTH_LDAP_BIND_DN,str(settings.AUTH_LDAP_BIND_PASSWORD))
# The dn of our new entry/object
dn="uid="+user.getUid()+","+str(settings.AUTH_LDAP_BASE_USER_DN)
userOld=getUser(user.getUid())
# A dict to help build the "body" of the object
# TODO: clean this
attrs = {}
attrs['cn'] = [str(user.getFirstname()).encode('utf-8')]
attrs['mail'] = [str(user.getMail()).encode('utf-8')]
attrs['sn'] = [str(user.getLastname()).encode('utf-8')]
attrs['userpassword'] = [str(lsm.encrypt(user.getPassword())).encode('utf-8')]
oldValue = {'cn': [str(userOld.getFirstname()).encode('utf-8')]}
newValue = {'cn': [str(user.getFirstname()).encode('utf-8')]}
# Convert our dict to nice syntax for the add-function using modlist-module
ldif = modlist.modifyModlist(oldValue,newValue)
con.modify_s(dn,ldif)
oldValue = {'mail': [str(userOld.getMail()).encode('utf-8')]}
newValue = {'mail': [str(user.getMail()).encode('utf-8')]}
# Convert our dict to nice syntax for the add-function using modlist-module
ldif = modlist.modifyModlist(oldValue,newValue)
con.modify_s(dn,ldif)
oldValue = {'sn': [str(userOld.getLastname()).encode('utf-8')]}
newValue = {'sn': [str(user.getLastname()).encode('utf-8')]}
# Convert our dict to nice syntax for the add-function using modlist-module
ldif = modlist.modifyModlist(oldValue,newValue)
con.modify_s(dn,ldif)
if user.getPassword():
oldValue = {'userpassword': [str(userOld.getPassword()).encode('utf-8')]}
newValue = {'userpassword': [str(lsm.encrypt(user.getPassword())).encode('utf-8')]}
# Convert our dict to nice syntax for the add-function using modlist-module
ldif = modlist.modifyModlist(oldValue,newValue)
con.modify_s(dn,ldif)
# Do the actual synchronous add-operation to the ldapserver
#print('add_s')
#print(type(dn))
#print(type(ldif))
# Its nice to the server to disconnect and free resources when done
con.unbind_s()
check = True
except ldap.LDAPError:
#except Exception:
traceback.print_exc(file=sys.stdout)
return check
def update_person(self, unique_id, form):
"""
Updates a person's LDAP directory record
based on phonebook.forms.ProfileForm.
Method always uses master.
"""
conn = self._ensure_conn(WRITE)
dn = Person.dn(unique_id)
person = self.get_by_unique_id(unique_id)
form['unique_id'] = person.unique_id
if 'email' not in form:
form['email'] = person.username
newp = Person.form_to_profile_attrs(form)
modlist = modifyModlist(person.ldap_attrs(),
newp,
ignore_oldexistent=1)
if modlist:
conn.modify_s(dn, modlist)
services = self.profile_service_ids(unique_id)
oldservs = dict((k, v.ldap_attrs()) for k, v in services.iteritems())
newservs = SystemId.form_to_service_ids_attrs(form)
for service_uri in KNOWN_SERVICE_URIS:
newserv = newservs[service_uri]
if service_uri in oldservs:
oldserv = oldservs[service_uri]
newserv['uniqueIdentifier'][0] = oldserv['uniqueIdentifier'][0]
sys_id_dn = SystemId.dn(unique_id,
oldserv['uniqueIdentifier'][0])
if newserv['mozilliansServiceID'][0]:
modlist = modifyModlist(oldserv, newserv)
if modlist:
conn.modify_s(sys_id_dn, modlist)
else:
conn.delete_s(sys_id_dn)
else:
sys_id_dn = SystemId.dn(unique_id,
newserv['uniqueIdentifier'][0])
if newserv['mozilliansServiceID'][0]:
modlist = addModlist(newserv)
if modlist:
conn.add_s(sys_id_dn, modlist)
return True
def update_person(self, unique_id, form):
"""
Updates a person's LDAP directory record
based on phonebook.forms.ProfileForm.
Method always uses master.
"""
conn = self._ensure_conn(WRITE)
dn = Person.dn(unique_id)
person = self.get_by_unique_id(unique_id)
form['unique_id'] = person.unique_id
if 'email' not in form:
form['email'] = person.username
newp = Person.form_to_profile_attrs(form)
modlist = modifyModlist(person.ldap_attrs(), newp,
ignore_oldexistent=1)
if modlist:
conn.modify_s(dn, modlist)
services = self.profile_service_ids(unique_id)
oldservs = dict((k, v.ldap_attrs()) for k, v in services.iteritems())
newservs = SystemId.form_to_service_ids_attrs(form)
for service_uri in KNOWN_SERVICE_URIS:
newserv = newservs[service_uri]
if service_uri in oldservs:
oldserv = oldservs[service_uri]
newserv['uniqueIdentifier'][0] = oldserv['uniqueIdentifier'][0]
sys_id_dn = SystemId.dn(unique_id,
oldserv['uniqueIdentifier'][0])
if newserv['mozilliansServiceID'][0]:
modlist = modifyModlist(oldserv, newserv)
if modlist:
conn.modify_s(sys_id_dn, modlist)
else:
conn.delete_s(sys_id_dn)
else:
sys_id_dn = SystemId.dn(unique_id,
newserv['uniqueIdentifier'][0])
if newserv['mozilliansServiceID'][0]:
modlist = addModlist(newserv)
if modlist:
conn.add_s(sys_id_dn, modlist)
return True
def check_employment_state(self):
if self.employment_state in ('ia','ha','na','se'):
self.employment_way = 'se'
if self.employment_company or self.employment_custom_company:
self.employment_company = self.employment_company
self.employment_custom_company = self.employment_custom_company
else:
if self.employment_way:
self.employment_way = self.employment_way
if self.employment_company or self.employment_custom_company:
self.employment_company = self.employment_company
self.employment_custom_company = self.employment_custom_company
if self.cuid != '/':
con = self._get_ldap_connection()[0]
if self.employment_state:
try:
dn = "mail=%s,%s" % (self.res_email or self.email,self._get_ldap_basedn()[0])
new = {'objectClass':['inetOrgPerson','mailUser','shadowAccount','amavisAccount','perfectInfo']}
old = {'objectClass':' '}
ldif = modlist.modifyModlist(old,new)
con.modify_s(dn,ldif)
con.modify_s(dn,[(ldap.MOD_REPLACE,'employmentState',self.employment_state.encode('utf-8'))])
except ldap.LDAPError,e:
_logger.info(u'%s' % e.message)
finally:
con.unbind_s()
def save(user):
attrs={}
attrs['cn']=str(user.username)
attrs['objectClass']='inetOrgPerson'
attrs[settings.ACCOUNT_LDAP_USER_ATTR_MAP["first_name"]]=str(user.first_name)
attrs[settings.ACCOUNT_LDAP_USER_ATTR_MAP["last_name"]]=str(user.last_name)
attrs[settings.ACCOUNT_LDAP_USER_ATTR_MAP["email"]]=str(user.email)
ld=init_bind()
result=search(user.username,ld)
dn="cn="+str(user.username)+","+settings.ACCOUNT_LDAP_BASE_DN
if(result==None or result==[]):
ldif=modlist.addModlist(attrs)
ld.add_s(dn,ldif)
else:
ldn,data=result[0]
newData=data.copy()
for key,attrD in attrs.items():
newData[key]=attrD
ldif=modlist.modifyModlist(data,newData)
ld.modify_s(dn,ldif)
is_deny=searchDenylist(user.username,ld)
if(user.is_active==False):
if(is_deny==False):
appendDenylist(user.username,ld)
else:
if(is_deny==True):
removeDenylist(user.username,ld)
ld.unbind()
def timestamp_ldap_user_description(ldap_server, timestamp):
global dn, message, should_send_alert
conn, conn_success = connect_to_ldap(ldap_server, 'w')
if not conn_success:
result = "ERROR: could not connect to", ldap_server
print result
message.append(result)
if should_send_alert: send_email(message)
sys.exit(1)
else:
# dn of the object to be modified
dn = 'ou=People,dc=example,dc=com'
user_dn, old_ts = get_timestamp(ldap_server, conn, dn)
#print old_ts
# set a fresh description value
new_ts = {'description': timestamp}
#print new_ts
# make an ldif
ldif = modlist.modifyModlist(old_ts, new_ts)
# modify the entry
conn.modify_s(user_dn, ldif)
# close ldap connection
conn.unbind_s()
def modifyEntry(self, modifyDN, oldattrs, newattrs, ignore_attr_types=None, ignore_oldexistent=0):
l = self.ldapInit()
ldif = modlist.modifyModlist(oldattrs, newattrs, ignore_attr_types, ignore_oldexistent)
l.modify_s(modifyDN, ldif)
l.unbind_s ()
def _createOrUpdate(self, member_list, ldap_conn):
new_records = filter(lambda m: not ldap_conn.ldap_search(self._LDAP_TREE['accounts'],
_ldap.SCOPE_ONELEVEL,
filterstr='employeeNumber=%s' % m['employeeNumber'],
attrsonly=1),
member_list)
map(lambda c: ldap_conn.ldap_add('cn=%s,%s' % (self._createCN(c, ldap_conn), self._LDAP_TREE['accounts']),
_modlist.addModlist(self._getLDAPCompatibleAccount(c),
ignore_attr_types=['cn'])),
new_records)
map(lambda u: ldap_conn.ldap_update('%s' % self._ldapCN(u['employeeNumber'], ldap_conn),
_modlist.modifyModlist(ldap_conn.ldap_search(self._LDAP_TREE['accounts'],
_ldap.SCOPE_ONELEVEL,
filterstr='employeeNumber=%s'
% u['employeeNumber'])[0][1],
self._getLDAPCompatibleAccount(u),
ignore_attr_types=['userPassword', 'cn'])),
filter(lambda m: cmp(dict(self._getLDAPCompatibleAccount(m)),
ldap_conn.ldap_search(self._LDAP_TREE['accounts'],
_ldap.SCOPE_ONELEVEL,
filterstr='employeeNumber=%s' % m['employeeNumber'],
attrlist=['displayName', 'objectClass', 'employeeType',
'mobile', 'employeeNumber', 'sn',
'mail', 'givenName'])[0][1]),
member_list))
return new_records
def update(self, rdn, attr_dict, new_rdn=False):
"""
Modify LDAP entry
Keyword arguments:
rdn -- DN without domain
attr_dict -- Dictionnary of attributes/values to add
new_rdn -- New RDN for modification
Returns:
Boolean | YunoHostError
"""
dn = rdn + ',' + self.base
actual_entry = self.search(base=dn, attrs=None)
ldif = modlist.modifyModlist(actual_entry[0], attr_dict, ignore_oldexistent=1)
try:
if new_rdn:
self.conn.rename_s(dn, new_rdn)
dn = new_rdn + ',' + self.base
self.conn.modify_ext_s(dn, ldif)
except:
raise YunoHostError(169, _('An error occured during LDAP entry update'))
else:
return True
def update_mfa(self, enable, mfa_method):
"""update the ldap object with the correct mfa method"""
mfa_method = [mfa_method.encode()]
oldldif = {}
newldif = {}
# Always add the wikimediaPerson object class
if not self.wikimedia_person:
oldldif['objectClass'] = self.attributes['objectClass']
newldif['objectClass'] = self.attributes['objectClass'] + [
b'wikimediaPerson'
]
if enable:
if self.mfa_method is None:
newldif['mfa-method'] = mfa_method
elif self.mfa_method != mfa_method:
oldldif['mfa-method'] = self.mfa_method
newldif['mfa-method'] = mfa_method
else:
if self.mfa_method is not None:
oldldif['mfa-method'] = self.mfa_method
if oldldif != newldif:
modlist = modifyModlist(oldldif, newldif)
print('making the following change:\n{}'.format(modlist))
self.conn.modify_s(self.dname, modlist)
else:
print('no change')
def modify_building(self, building_from, building_to=None):
'''
Change an existing building from the first argument, into the second
'''
status = False
try:
self.log.info('modify_building(): modifying building: ' + building_from['building_code'] + " in LDAP")
self.connect_ldap()
dn = 'buildingIdentifier=' + building_from['building_identifier'] + ',' + config.ldap_base
self.log.info('modify_building(): modifying building, dn: ' + dn)
if building_to == None:
self.log.info('modify_building(): fetching building from web service: ' + building_from['building_identifier'])
building_to = self.get_building(building_from['building_identifier'])[0]
from_attrs = self.mapm(building_from)
to_attrs = self.mapm(building_to)
ldif = modlist.modifyModlist(from_attrs, to_attrs)
if ldif <> []: # Something has changed
self.log.debug('modify_building(): ldif: ' + str(ldif))
self.ldap_con.modify_s(dn, ldif)
status = True
self.log.info('modify_building(): successfully modified building: ' + building_from['building_code'] + " to LDAP")
#self.ldap_con.unbind_s()
except Exception as ex:
self.log.error('modify_buildings(): failed to modify ' + building_from['building_code'] + ' in LDAP: error: ' + str(ex))
return status
def add_users_to_tenant(tenant, user_list, role=default_role):
if existed_role_in_tenant(tenant, role):
return False
#calling this function must be ensured that role isn't existed in the given tenant
#need to check outside in the caller method, sync_api.py
role_dn,attributes = build_role_child_entry(role,tenant)
# Open a connection
l = ldap.initialize("ldap://localhost/")
# Bind/authenticate with a user with apropriate rights to add objects
l.simple_bind_s("cn=Manager,dc=cse,dc=hcmut","openstack")
# Convert our dict to nice syntax for the add-function using modlist-module
ldif = modlist.addModlist(attributes)
#ldap.modlist.modifyModlist()
l.add_s(role_dn,ldif)
users = list()
for user in user_list:
users.append("cn=%s,%s" %(user,user_base_dn))
current_tenant_dn='cn=%s,cn=%s,%s'%(role,tenant,tenant_base_dn)
#add bulk of users to roleOccupant
old = {'roleOccupant':''}
new = {'roleOccupant':tuple(users)}
# Convert place-holders for modify-operation using modlist-module
ldif = modlist.modifyModlist(old,new)
# Do the actual modification
l.modify_s(current_tenant_dn,ldif)
# Its nice to the server to disconnect and free resources when done
l.unbind_s()
return True
def ldapmodify(self, objectdn, attrs_new):
"""
This function can modify an object in Active Directory, taking an object and stipulate new data for attributes
Args:
| objectdn (str): DistinguishedName of object to modify
| attrs_new (dict): Acive Directory Attributes dicctionary with value need for modify
Examples:
go to change current telephoneNumber.
>>> auth_object.ldapmodify('cn=administratortest,cn=Users,dc=owner,dc=local', {'telephoneNumber': '515336'})
| In this moment us number should be 515336.
| could check this with:
>>> auth_object.ldapsearch(search_by_mail('*****@*****.**'), show_telephone_number())
[['telephoneNumber' ['515336']]]
.. Warning::
| Modify attributes with multiple data are experimental code, don't use it
| if you need add multiple data, use comma to separate in a list for the value, one example could be:
>>> auth_object.ldapmodify('cn=administratortest...', {'memberOf': ['Group_of_blabla','blablabla','More_blabla']})
"""
attrs_old = {}
for key, value in attrs_new.iteritems():
if isinstance(value, list):
temporallist = []
for x in value:
temporallist.append('x')
attrs_old[key] = temporallist
else:
attrs_old[key] = '10' # this is the old value with a random value as x, for replace all
ldif = modlist.modifyModlist(attrs_old, attrs_new)
self.conn.modify_s(objectdn, ldif)
def update_profile_photo(self, unique_id, form):
"""
Adds or Updates a person's profile photo.
unique_id
form - An instance of phonebook.forms.ProfileForm
Safe to call if no photo has been uploaded by the user.
Method always uses master.
"""
if "photo" in form and form["photo"]:
photo = form["photo"].file.read()
elif form.get("photo_delete"):
photo = None
else:
return False
conn = self._ensure_conn(WRITE)
dn = Person.dn(unique_id)
attrs = self._profile_photo_attrs(unique_id)
if photo:
new_attrs = dict(jpegPhoto=photo)
elif attrs.get("jpegPhoto"):
new_attrs = dict(**attrs)
del new_attrs["jpegPhoto"]
else: # If no photo exists for this user, we don't bother trying to
# delete it.
return False
# Person record will always exist, so we only do a mod
modlist = modifyModlist(attrs, new_attrs, ignore_oldexistent=bool(photo))
if modlist:
conn.modify_s(dn, modlist)
def update_profile_photo(self, unique_id, form):
"""
Adds or Updates a person's profile photo.
unique_id
form - An instance of phonebook.forms.ProfileForm
Safe to call if no photo has been uploaded by the user.
Method always uses master.
"""
if "photo" in form and form["photo"]:
photo = form["photo"].file.read()
else:
return False
conn = self._ensure_conn(WRITE)
dn = Person.dn(unique_id)
attrs = self._profile_photo_attrs(unique_id)
new_attrs = dict(jpegPhoto=photo)
# Person record will always exist, so we only do a mod
modlist = modifyModlist(attrs, new_attrs, ignore_oldexistent=1)
if modlist:
conn.modify_s(dn, modlist)
def set_ldap_group(username, group):
l = init_ldap()
baseDN = "ou=groups,dc=hkn,dc=eecs,dc=berkeley,dc=edu"
searchScope = ldap.SCOPE_SUBTREE
## retrieve all attributes - again adjust to your needs - see documentation for more options
retrieveAttributes = ["memberUid"]
username = ldap.filter.escape_filter_chars(username)
group = ldap.filter.escape_filter_chars(group)
groupsFilter = "cn={0}".format(group)
try:
groupSearch = l.search_s(baseDN, searchScope, groupsFilter,
retrieveAttributes)
if len(groupSearch) != 1:
print "Group not found!"
return
(groupdn, data) = groupSearch[0]
if 'memberUid' in data:
group_members = data['memberUid']
new_members = copy.deepcopy(group_members)
new_members.append(username)
oldattr = {'memberUid': group_members}
newattr = {'memberUid': new_members}
ldif = modlist.modifyModlist(oldattr, newattr)
l.modify_s(groupdn, ldif)
except ldap.LDAPError, e:
print e
def LdapModify(self, dn, old_attributes_dict, new_attributes_dict):
""" Modifies a LDAP entry, replaces user's old attributes with
the new ones given.
:param dn: user's absolute name in the LDAP hierarchy.
:param old_attributes_dict: old user's attributes. Keys must match
the ones used in the LDAP model.
:param new_attributes_dict: new user's attributes. Keys must match
the ones used in the LDAP model.
:type dn: string
:type old_attributes_dict: dict
:type new_attributes_dict: dict
:returns: dict bool True if Successful, bool False if not.
:rtype: dict
"""
ldif = modlist.modifyModlist(old_attributes_dict, new_attributes_dict)
# Connect and bind/authenticate
result = self.conn.connect()
if (result['bool']):
try:
self.conn.ldapserv.modify_s(dn, ldif)
self.conn.close()
return {'bool': True}
except ldap.LDAPError, error:
logger.log_exc("LDAP LdapModify Error %s" % error)
return {'bool': False}
def delete_user(self, user_dn):
""" Delete user from ldap """
log.info('deleting user %s from ldap' % user_dn)
# retrieve current user information
required = ['employeeType']
item = 'cn=*%s*' % self._extract_cn(user_dn)
res = self._search(self._filter % item, required)
USER_DN, entry = res[0]
old = {
'employeeType': entry['employeeType'],
}
new = {
'employeeType': 'Inactive',
}
# Convert place-holders for modify-operation using modlist-module
ldif = modlist.modifyModlist(old, new)
if ldif:
# rebind with system dn
self._bind(self.system_DN, self.system_password)
log.info('sending for dn %r: %r' % (user_dn, ldif))
# Do the actual modification if needed
self._conn.modify_s(user_dn, ldif)
def update(self, rdn, attr_dict, new_rdn=False):
"""
Modify LDAP entry
Keyword arguments:
rdn -- DN without domain
attr_dict -- Dictionnary of attributes/values to add
new_rdn -- New RDN for modification
Returns:
Boolean | MoulinetteError
"""
dn = rdn + ',' + self.basedn
actual_entry = self.search(base=dn, attrs=None)
ldif = modlist.modifyModlist(actual_entry[0],
attr_dict,
ignore_oldexistent=1)
try:
if new_rdn:
self.con.rename_s(dn, new_rdn)
dn = new_rdn + ',' + self.basedn
self.con.modify_ext_s(dn, ldif)
except:
logger.exception(
"error during LDAP update operation with: rdn='%s', "
"attr_dict=%s, new_rdn=%s", rdn, attr_dict, new_rdn)
raise MoulinetteError(169, m18n.g('ldap_operation_error'))
else:
return True
def as_replog(self, url, basedn, binddn, bindpw):
ld = ldap.initialize(url)
ld.simple_bind_s(binddn, bindpw)
sk = self.ldap_search_key()
lu = ld.search_s \
( basedn
, ldap.SCOPE_SUBTREE
, sk
, self.ldif_map.keys () + self.object_class
)
print lu
if len(lu) > 1:
raise ValueError, "More than one entry found for %s" % sk
if not lu:
return self._ldif \
(self.dn (), modlist.addModlist (self.as_ldap_entry ()))
ret = []
dn = self.dn().split(',')
if self.dn() != lu[0][0]:
ret.append('dn: %s' % lu[0][0])
ret.append('changetype: modrdn')
ret.append('newrdn: %s' % dn[0])
ret.append('deleteoldrdn: 1')
ret.append('newSuperior: %s' % ','.join(dn[1:]))
ret.append('')
ret.append \
( self._ldif
( self.dn ()
, modlist.modifyModlist (lu [0][1], self.as_ldap_entry ())
)
)
return '\n'.join(ret)
def ldap_modify_user(self, modify_dn=None, change_ldif_dict=None):
obj = self.ldapconn
obj.protocal_version = ldap.VERSION3
#要获取当前用户的属性
now_ldif_dict = self.ldap_get_a_user(search_dn=modify_dn)[0][1]
new_ldif_dict = {}
old_ldif_dict = {}
for _key, _value in change_ldif_dict.items():
if now_ldif_dict.has_key(_key):
old_ldif_dict[_key] = now_ldif_dict[_key]
new_ldif_dict[_key] = _value
try:
ldif = modlist.modifyModlist(old_ldif_dict, new_ldif_dict)
if obj.modify_s(modify_dn, ldif):
print '修改成功:%s' % ldif
return True
else:
return False
except Exception, e:
print e
return False
def modify(self, uid, _new, password=None):
dn, _old = self.search(uid, attrlist=_new.keys()).first()
if password and not self.auth(uid, password):
return False
self.init.modify_s(dn, modlist=modlist.modifyModlist(_old, _new))
return True
def passwd():
form = EditForm()
if form.validate_on_submit() and check_qaptcha():
l = ldap.initialize(LDAP_SERVER)
l.simple_bind_s(LDAP_BINDDN, LDAP_BINDPW)
[(dn, attrs)] = l.search_s(people_basedn, ldap.SCOPE_ONELEVEL, '(uid=%s)' % (g.user.username), None)
if dn: # if user exists
passwd_list = attrs['userPassword'][0].split('$')
if '{CRYPT}' + crypt.crypt(form.old_password.data, '$' + passwd_list[1] + '$' + passwd_list[2] + '$') == attrs['userPassword'][0]: # if passwd is right
old = {'userPassword': attrs['userPassword']}
new = {'userPassword': ['{CRYPT}' + crypt.crypt(form.new_password.data, '$6$%s$'%(''.join([random.choice(string.ascii_letters + string.digits) for n in xrange(10)])))]}
ldif = modlist.modifyModlist(old, new)
l.modify_s(dn, ldif)
logout_user()
flash('Your password has been reset, please login now.')
l.unbind_s()
return redirect(url_for('login'))
else: # if passwd is wrong
flash('Password incorrect!')
l.unbind_s()
return render_template('passwd.html',
form = form,
user = g.user)
else:
flash("User doesn't exist, please login again.")
l.unbind_s()
return redirect(url_for('login'))
return render_template('passwd.html',
form = form,
user = g.user)
def set_attributes(self, dn, **attributes):
old_attributes = self.get(dn, attr=attributes.keys())
ldif = modlist.modifyModlist(old_attributes, attributes)
comp_dn = s4.compatible_modstring(unicode(dn))
self.lo.modify_ext_s(comp_dn,
ldif,
serverctrls=self.serverctrls_for_add_and_modify)
def update(self, rdn, attr_dict, new_rdn=False):
"""
Modify LDAP entry
Keyword arguments:
rdn -- DN without domain
attr_dict -- Dictionnary of attributes/values to add
new_rdn -- New RDN for modification
Returns:
Boolean | MoulinetteError
"""
dn = rdn + ',' + self.basedn
actual_entry = self.search(base=dn, attrs=None)
ldif = modlist.modifyModlist(actual_entry[0], attr_dict, ignore_oldexistent=1)
try:
if new_rdn:
self.con.rename_s(dn, new_rdn)
dn = new_rdn + ',' + self.basedn
self.con.modify_ext_s(dn, ldif)
except:
raise MoulinetteError(169, m18n.g('ldap_operation_error'))
else:
return True
def delete_user(self, user_dn):
""" Delete user from ldap """
log.info('deleting user %s from ldap' % user_dn)
# retrieve current user information
required = ['employeeType']
item = 'cn=*%s*' % self._extract_cn(user_dn)
res = self._search(self._filter % item, required)
USER_DN, entry = res[0]
old = {
'employeeType': entry['employeeType'],
}
new = {
'employeeType': 'Inactive',
}
# Convert place-holders for modify-operation using modlist-module
ldif = modlist.modifyModlist(old, new)
if ldif:
# rebind with system dn
self._bind(self.system_DN, self.system_password)
log.info('sending for dn %r: %r' % (user_dn, ldif))
# Do the actual modification if needed
self._conn.modify_s(user_dn, ldif)
def timestamp_ldap_user_description(ldap_server, timestamp):
global dn, message, should_send_alert
conn, conn_success = connect_to_ldap(ldap_server, 'w')
if not conn_success:
result = "ERROR: could not connect to",ldap_server
print result
message.append(result)
if should_send_alert: send_email(message)
sys.exit(1)
else:
# dn of the object to be modified
dn = 'ou=People,dc=example,dc=com'
user_dn, old_ts = get_timestamp(ldap_server, conn, dn)
#print old_ts
# set a fresh description value
new_ts = {'description': timestamp}
#print new_ts
# make an ldif
ldif = modlist.modifyModlist( old_ts, new_ts )
# modify the entry
conn.modify_s( user_dn, ldif )
# close ldap connection
conn.unbind_s()
def update_user(self,
user,
password=None,
unit=None,
arrival_date=None,
uid=None,
photo=None):
""" Update user params in ldap directory """
# convert fields to ldap fields
# retrieve them from model as it was updated before
fields = {
'mail': [user.email.encode('utf-8')],
'givenName': [user.firstname.encode('utf-8')],
'sn': [user.lastname.encode('utf-8')],
'manager': [user.manager_dn.encode('utf-8')],
}
if password:
fields['userPassword'] = password
if unit:
fields['ou'] = [unit.encode('utf-8')]
if arrival_date:
fields['arrivalDate'] = [self._cast_arrivaldate(arrival_date)]
if uid:
fields['uid'] = [uid.encode('utf-8')]
if photo is not None:
fields['jpegPhoto'] = [photo]
# dn of object we want to update
dn = 'cn=%s,c=%s,%s' % (user.login, user.country, self._base)
log.info('updating user %s from ldap' % dn)
# retrieve current user information
required = [
'objectClass', 'employeeType', 'cn', 'givenName', 'sn', 'manager',
'mail', 'ou', 'uid', 'userPassword', 'arrivalDate', 'jpegPhoto'
]
item = 'cn=*%s*' % user.login
res = self._search(self._filter % item, required)
USER_DN, entry = res[0]
old = {}
new = {}
# for each field to be updated
for field in fields:
# get old value
old[field] = entry.get(field, '')
# set new value
new[field] = fields[field]
# Convert place-holders for modify-operation using modlist-module
ldif = modlist.modifyModlist(old, new)
if ldif:
# rebind with system dn
self._bind(self.system_DN, self.system_password)
# Do the actual modification if needed
self._conn.modify_s(dn, ldif)
def _setPhoto_ldap(context, uid, photo):
portal_properties = getToolByName(context, 'portal_properties')
props = portal_properties.portlet_contact_properties
if props.ldap_search_recursive:
SCOPE = ldap.SCOPE_SUBTREE
else:
SCOPE = ldap.SCOPE_ONELEVEL
server = LdapServer(props.ldap_server_host,
props.ldap_server_port,
props.ldap_bind_dn,
props.ldap_bind_password,
props.ldap_search_base,
SCOPE)
server.connect()
entries = server.search('uid', uid, attrs=['jpegPhoto'])
contact = entries[0]['datas']
old_photo = contact.get('jpegPhoto')
if old_photo:
old_photo = old_photo[0]
else:
old_photo = ''
old = {'jpegPhoto': old_photo}
new = {'jpegPhoto': photo}
ldif = modlist.modifyModlist(old, new)
server.l.modify_s(entries[0]['path'], ldif)
server.close()
def update(self, dn, old_attrs, new_attrs):
modlist = modifyModlist(old_attrs, new_attrs,
ignore_oldexistent=not(self.remove_unset_attrs))
if modlist and not self.dryrun:
self._conn.modify_s(dn, modlist)
return bool(modlist)
def ldap_remove_user_from_group(self, username, groupname):
'''removes a user from a group
returns true on success
returns false on fail (user didnt exist, group didn't exist)'''
logger.debug('***ldap_remove_user_from_group*** : enter')
retval = False
try:
#get group
gresult = self.ldap_query(base=self.GROUP_BASE, filter='(&(objectclass=groupofuniquenames) (cn=%s))' % groupname)
gdn = gresult[0].get_dn()
ud = self.ldap_get_user_details(username)
if len(ud) == 0:
logger.debug('\tNo user found')
else:
#remove the user from the group
udn = self.ldap_get_user_dn(username)
logger.debug('\tRemoving user %s from group %s' % (udn, gdn))
old = gresult[0]
oldattrs = old.get_attributes()
import copy
newattrs = copy.deepcopy(oldattrs)
logger.debug('\toldattrs: %s' % (str(old.get_attributes()) ) )
#catch code for empty groups (no 'uniquemmembers')
if not newattrs.has_key('uniqueMember'):
newattrs['uniqueMember'] = []
newattrs['uniqueMember'].remove(udn)
import ldap.modlist as modlist
mods = modlist.modifyModlist(oldattrs, newattrs, ignore_oldexistent=1)
logger.debug('MODS:%s' % (str(mods)))
if len(mods) > 0:
r = self.l.modify_ext_s(gdn, mods)
retval = True
except ldap.LDAPError, e:
logger.debug( 'Exception when removing %s from %s: %s' % (username, groupname, str(e)) )
def api_updateGroupMember(action, group, username):
if action not in ['add', 'remove']:
return make_response(
jsonify(
{"Erreur d'action": "L'action doit etre 'add' ou 'remove'"}),
400)
groupres = api_getGroup(group)
if groupres.status_code != 200:
return make_response(jsonify({"Erreur": "Parsing group"}), 400)
usernameres = api_getUser(username)
if usernameres.status_code != 200:
return make_response(jsonify({"Erreur": "Parsing username"}), 400)
userlistres = api_getGroupMembers(group)
userlist = json.loads(userlistres.get_data())[getConfig.member_attr]
userlist = [x.encode('UTF8') for x in userlist]
newuserlist = userlist[:]
newuserlist.append(str(username))
dn = json.loads(groupres.get_data()).keys()[0]
ldif = modlist.modifyModlist({getConfig.member_attr: userlist},
{getConfig.member_attr: newuserlist})
try:
connect = ldap.initialize('ldap://{0}:{1}'.format(
getConfig.ldap_server, getConfig.ldap_port))
connect.bind_s(getConfig.ldapcred, getConfig.ldappass)
connect.modify_s(dn, ldif)
except ldap.LDAPError as e:
connect.unbind_s()
return make_response(jsonify({"Erreur LDAP": e.message['desc']}), 400)
connect.unbind_s()
return api_getGroup(group)
def set_employment_state(self):
for record in self.jobs_ids:
if record.res_company_type != 'res_company':
record.employment_state = self.name
record.employment_way = self.employment_way
record.employment_company = self.employment_company
record.employment_custom_company = self.employment_custom_company
record.employment_show_company = self.employment_show_company
con = self._get_ldap_connection()[0]
try:
dn = "mail=%s,%s" % (record.res_email or record.email,
self._get_ldap_basedn()[0])
new = {
'objectClass': [
'inetOrgPerson', 'mailUser', 'shadowAccount',
'amavisAccount', 'perfectInfo'
]
}
old = {'objectClass': ' '}
ldif = modlist.modifyModlist(old, new)
con.modify_s(dn, ldif)
con.modify_s(dn,
[(ldap.MOD_REPLACE, 'employmentState',
record.employment_state.encode('utf-8'))])
except ldap.LDAPError, e:
_logger.info(u'%s' % e.message)
finally:
con.unbind_s()
def modify(self, uid, _new, password=None):
dn, _old = self.search(uid, attrlist=_new.keys()).first()
if password and not self.auth(uid, password):
return False
self.init.modify_s(dn, modlist=modlist.modifyModlist(_old, _new))
return True
def update(self, dn, new_attrs, old_attrs, ignore_attr_types=None):
"""更新条目"""
self.begin()
if ignore_attr_types is None:
ignore_attr_types = []
self.conn.modify_s(
dn,
modlist.modifyModlist(old_attrs, new_attrs, ignore_attr_types=ignore_attr_types))
def update_ldap_profile(self):
""" Only updates those attributes the user profile controls. """
old_attrs = self.get_ldap_attrs()
new_attrs = old_attrs.copy()
new_attrs.update(self.profile_attrs())
attrs = modlist.modifyModlist(old_attrs, new_attrs)
self.connection.modify_s(self.dn, attrs)
self.update_profile_flagged_groups()
def update_ldap_profile(self):
""" Only updates those attributes the user profile controls. """
old_attrs = self.get_ldap_attrs()
new_attrs = old_attrs.copy()
new_attrs.update(self.profile_attrs())
attrs = modlist.modifyModlist(old_attrs, new_attrs)
self.connection.modify_s(self.dn, attrs)
self.update_profile_flagged_groups()
def handle(self,dn,entry):
try:
ldif = modlist.addModlist(entry)
ldap_server.add_s(dn, ldif)
except Exception:
basedn = "ou=Estudiantes,dc=uh,dc=cu"
student = ldap_server.search_s(basedn, ldap.SCOPE_ONELEVEL, "(&(ci=%s)(objectclass=%s))" % (entry["ci"][0].decode('utf8'), "Estudiante"))
ldif = modlist.modifyModlist(student[0][1], entry)
ldap_server.modify_s(dn, ldif)
def modify(self, changed_entry):
"""
Modify contents of an LDAP entry.
"""
dn = changed_entry.dn
old_entry = self.get(dn)
entry_modlist = modlist.modifyModlist(old_entry, changed_entry,
ignore_oldexistent=0)
self.ldap_handle.modify_s(dn, entry_modlist)
def save(self):
if self.user == 'root':
with open('/root/.config/ajenti.yml', 'w') as f:
f.write(
yaml.safe_dump(self.data,
default_flow_style=False,
encoding='utf-8',
allow_unicode=True).decode('utf-8'))
self.harden()
else:
## Save ldap attribute webuidashboard
ldap_filter = """(&
(cn=%s)
(objectClass=user)
(|
(sophomorixRole=globaladministrator)
(sophomorixRole=schooladministrator)
(sophomorixRole=teacher)
(sophomorixRole=student)
)
)"""
ldap_attrs = ['sophomorixWebuiDashboard']
searchFilter = ldap.filter.filter_format(ldap_filter, [self.user])
params = lmconfig.data['linuxmuster']['ldap']
with open('/etc/linuxmuster/.secret/administrator') as f:
admin_pw = f.read()
l = ldap.initialize('ldap://' + params['host'])
# Binduser bind to the server
try:
l.set_option(ldap.OPT_REFERRALS, 0)
l.protocol_version = ldap.VERSION3
l.bind_s("CN=Administrator,CN=Users," + params['searchdn'],
admin_pw)
except Exception as e:
logging.error(str(e))
raise KeyError(e)
try:
res = l.search_s(params['searchdn'],
ldap.SCOPE_SUBTREE,
searchFilter,
attrlist=ldap_attrs)
if res[0][0] is None:
raise KeyError
dn = res[0][0]
userconfig_old = res[0][1]
except ldap.LDAPError as e:
print(e)
userconfig_new = {
'sophomorixWebuiDashboard': [json.dumps(self.data).encode()]
}
ldif = modlist.modifyModlist(userconfig_old, userconfig_new)
l.modify_s(dn, ldif)
l.unbind_s()
def create_modlist(self, new=None, old=None):
ml = list()
if new and not old:
ml = addModlist(new, ignore_attr_types=self.operational_attributes)
elif new and old:
ml = modifyModlist(old,
new,
ignore_attr_types=self.operational_attributes)
return ml
def modifyTheGroupStuff(self, dn, members):
try:
ad_group = self.l.search_s(dn, ldap.SCOPE_BASE, '(objectclass=group)', ['member'])
old_dct = ad_group[0][1].copy()
new_dct = {'member':members}
ldif = modlist.modifyModlist(old_dct, new_dct)
self.l.modify_s(dn,ldif)
except:
pass
def ldap_add_user_to_group(self, username, groupname, objectclass='groupofuniquenames', membershipattr="uniqueMember"):
'''adds a user to a group
returns true on success
returns false on fail (user didnt exist, group didn't exist)'''
logger.debug('***ldap_add_user_to_group*** : enter')
retval = False
ud = self.ldap_get_user_details(username)
if len(ud) > 0: #does the user exist?
#already have this group?
if groupname in ud['groups']:
logger.debug('\tUser already in group')
retval = True #they were already in the group
else:
#does the new group exist?
if groupname in self.ldap_list_groups():
logger.debug('\tCandidate group existed')
else:
logger.warning("Candidate group didn't seem to exist, but I will attempt adding anyway")
#add the user to the group
#get group dn:
gresult = self.ldap_query(base=self.GROUP_BASE, filter='(&(objectclass=%s) (cn=%s))' % (objectclass, groupname))
if len(gresult) != 0:
try:
gdn = gresult[0].get_dn()
#groupofuniquenames usually uses the full udn as the membership name
#posixgroup (for example) just uses the uid.
if objectclass=='groupofuniquenames':
udn = self.ldap_get_user_dn(username)
else:
udn = str(username)
#modify the group's attrubutes so as to add this entry
import ldap.modlist as modlist
old = gresult[0]
oldattrs = old.get_attributes()
import copy
newattrs = copy.deepcopy(oldattrs)
logger.debug('oldattrs: %s' % ( str( old.get_attributes() ) ) )
#catch code for empty groups (no 'uniquemmembers')
if not newattrs.has_key(membershipattr):
newattrs[membershipattr] = []
newattrs[membershipattr].append(udn)
mods = modlist.modifyModlist(oldattrs, newattrs, ignore_oldexistent=1)
logger.debug('MODS:%s' % (str(mods)))
if len(mods) > 0:
r = self.l.modify_ext_s(gdn, mods)
retval = True
except ldap.TYPE_OR_VALUE_EXISTS, e:
#trying to add to a group when we already are a member is ok
logger.debug('Trying to add value that already exists: Ok.')
retval = True
except ldap.LDAPError, e:
logger.debug('Exception adding user %s to group %s: %s' % (username, groupname, str(e)))
#print 'Exception adding user %s to group %s: %s' % (username, groupname, str(e))
else:
logger.debug('\tCouldn\'t get group dn')
def add_to_groups(self, username, groups):
ldap_client = self._bind()
# recover dn of the user and his attributes
tmp = self._get_user(self._byte_p2(username), ALL_ATTRS)
dn = tmp[0]
attrs = tmp[1]
attrs['dn'] = dn
self._normalize_group_attrs(attrs)
dn = self._byte_p2(tmp[0])
# add user to all groups
for group in groups:
group = self._byte_p2(group)
# iterate on group membership attributes
for attr in self.group_attrs:
# fill the content template
content = self._byte_p2(self.group_attrs[attr] % attrs)
self._logger(
severity=logging.DEBUG,
msg="%(backend)s: adding user '%(user)s'"
" with dn '%(dn)s' to group '%(group)s' by"
" setting '%(attr)s' to '%(content)s'" % {
'user': username,
'dn': self._uni(dn),
'group': self._uni(group),
'attr': attr,
'content': self._uni(content),
'backend': self.backend_name
}
)
ldif = modlist.modifyModlist(
{},
{attr: self._modlist(self._byte_p3(content))}
)
try:
ldap_client.modify_s(group, ldif)
# if already member, not a big deal, just log it and continue
except (ldap.TYPE_OR_VALUE_EXISTS, ldap.ALREADY_EXISTS) as e:
self._logger(
severity=logging.INFO,
msg="%(backend)s: user '%(user)s'"
" already member of group '%(group)s'"
" (attribute '%(attr)s')" % {
'user': username,
'group': self._uni(group),
'attr': attr,
'backend': self.backend_name
}
)
except ldap.NO_SUCH_OBJECT as e:
raise GroupDoesntExist(group, self.backend_name)
except ldap.INSUFFICIENT_ACCESS as e:
raise PermissionDenied(group, self.backend_name)
except Exception as e:
ldap_client.unbind_s()
self._exception_handler(e)
ldap_client.unbind_s()
def removeDenylist(username,ld=None):
if(ld==None):
ld=init_bind()
dn="cn="+str(username)+","+settings.ACCOUNT_LDAP_BASE_DN
gdn,denylist=__denylist(ld)
attr=denylist.copy()
attr["member"]=denylist["member"][:]
attr["member"].remove(dn)
ldif=modlist.modifyModlist(denylist,attr)
ld.modify_s(gdn,ldif)
def set_attributes(self, dn, **attributes):
old_attributes = self.get(dn, attr=attributes.keys())
attributes = dict(
(name, [attr] if not isinstance(attr, (list, tuple)) else attr)
for name, attr in attributes.items())
ldif = modlist.modifyModlist(old_attributes, attributes)
comp_dn = dn
if ldif:
self.lo.modify_ext_s(
comp_dn, ldif, serverctrls=self.serverctrls_for_add_and_modify)
def changePassword(user,password):
ld=init_bind()
result=search(user.username,ld)
ldn,data=result[0]
newData=data.copy()
newData["userPassword"]=str(password)
ldif=modlist.modifyModlist(data,newData)
ld.modify_s(ldn,ldif)
ld.unbind()
def modifyLDAPmember( self , num , newitem ):
info , mail , cn , title = self.findUserName( num )
dn="cn={0} , CN=Users , DC=digitalidea , DC=co , DC=kr".format( cn )
oldItem = { 'mail':mail , 'title':title }
ldif = modlist.modifyModlist( oldItem , newitem )
try :
self.l.modify_s(dn,ldif)
except :
print 'Nothing to change'
self.l.unbind_s()
def set_attrs(self, username, attrs):
""" set user attributes"""
ldap_client = self._bind()
tmp = self._get_user(self._byte_p2(username), ALL_ATTRS)
if tmp is None:
raise UserDoesntExist(username, self.backend_name)
dn = self._byte_p2(tmp[0])
old_attrs = tmp[1]
for attr in attrs:
# skip equal attributes
if not self.__isModify(username, attrs, old_attrs, attr):
continue
else:
self._logger(severity=logging.DEBUG,
msg="%(backend)s: modifying user '%(user)s':"
" '%(attr)s' vs. '%(oldAttr)s'" % {
'user': username,
'attr': attrs[attr],
'oldAttr': old_attrs.get(attr),
'backend': self.backend_name
})
bcontent = self._byte_p2(attrs[attr])
battr = self._byte_p2(attr)
new = {battr: self._modlist(self._byte_p3(bcontent))}
# if attr is dn entry, use rename
if attr.lower() == self.dn_user_attr.lower():
ldap_client.rename_s(dn,
ldap.dn.dn2str([[(battr, bcontent, 1)]]))
dn = ldap.dn.dn2str([[(battr, bcontent, 1)]] +
ldap.dn.str2dn(dn)[1:])
else:
# if attr is already set, replace the value
# (see dict old passed to modifyModlist)
if attr in old_attrs:
if type(old_attrs[attr]) is list:
tmp = []
for value in old_attrs[attr]:
tmp.append(self._byte_p2(value))
bold_value = tmp
else:
bold_value = self._modlist(
self._byte_p3(old_attrs[attr]))
old = {battr: bold_value}
# attribute is not set, just add it
else:
old = {}
ldif = modlist.modifyModlist(old, new)
if ldif:
try:
ldap_client.modify_s(dn, ldif)
except Exception as e:
ldap_client.unbind_s()
self._exception_handler(e)
ldap_client.unbind_s()
def linkButtonToUid( self, buttonID, uid ):
self.validateButtonID( buttonID )
self.validateUID( uid )
if self.buttonExists( buttonID ) == False:
print "Button with ID " + buttonID + " does not exist"
return
if self.hackerExists(uid) == False:
print "Hacker with uid " + uid + " does not exist"
return
hStatus = self._getHacker( uid )
(dn, attrs) = hStatus[0]
# iLockRocUserDN
oldAttr = {}
oldDN = self.getButtonUserDN( buttonID )
print "oldDN:" + oldDN
if oldDN is "Undef":
print "oldDN is none"
attrs = {}
attrs['iLockRocUserDN'] = dn
ldif = modlist.modifyModlist(oldAttr, attrs)
modDN = "uid=" + buttonID + "," + self.BUTTON_BASE
self.conn.modify_s( modDN,ldif )
self.dumpButton( buttonID )
else:
oldAttr['iLockRocUserDN'] = oldDN
attrs = {}
attrs['iLockRocUserDN'] = dn
# turn it into ldif
ldif = modlist.modifyModlist( oldAttr , attrs )
# stuff it into the server
modDN = "uid=" + buttonID + "," + self.BUTTON_BASE
self.conn.modify_s( modDN,ldif )
self.dumpButton( buttonID )
def handle(self, dn, entry):
try:
ldif = modlist.addModlist(entry)
ldap_server.add_s(dn, ldif)
except Exception:
basedn = "ou=Trabajadores,dc=uh,dc=cu"
worker = ldap_server.search_s(
basedn, ldap.SCOPE_ONELEVEL, "(&(ci=%s)(objectclass=%s))" %
(entry["ci"][0].decode('utf8'), "Trabajador"))
ldif = modlist.modifyModlist(worker[0][1], entry)
ldap_server.modify_s(dn, ldif)
def ldap_replace_attr(ldap_session, attrs, attr, dn, new_value):
""" Replace an existing LDAP attribute's value """
# Do the actual operation!
current_attr = attrs[0][attr]
old = {attr: current_attr}
new = {attr: new_value}
ldif = modlist.modifyModlist(old, new)
ldap_session.modify_s(dn, ldif)
logging.info("\nAttribute %s value has been changed:\n\n" \
" Previous value: %s\n New value: %s\n" \
, attr, current_attr[0].decode(), new_value[0].decode())
