def _sync_ldap_members(connection, group, ldap_info, count=0, max_count=1): if count >= max_count: return None # Find all users and groups of group. users_info = connection.find_users_of_group(ldap_info['dn']) groups_info = connection.find_groups_of_group(ldap_info['dn']) posix_members = ldap_info['posix_members'] for user_info in users_info: LOG.debug("Synchronizing user %s with group %s" % (smart_str(user_info['dn']), smart_str(group.name))) try: user = ldap_access.get_ldap_user(username=user_info['username']) group.user_set.add(user) except User.DoesNotExist: LOG.debug("Synchronizing user %s with group %s failed. User does not exist." % (smart_str(user_info['dn']), smart_str(group.name))) for group_info in groups_info: LOG.debug("Synchronizing group %s" % smart_str(group_info['dn'])) try: group = Group.objects.get(name=group_info['name']) _sync_ldap_members(connection, group, group_info, count+1, max_count) except Group.DoesNotExist: LOG.debug("Synchronizing group %s failed. Group does not exist." % smart_str(group.name)) for posix_member in posix_members: LOG.debug("Synchronizing posix user %s with group %s" % (smart_str(posix_member), smart_str(group.name))) users_info = connection.find_users(posix_member, search_attr='uid', user_name_attr=desktop.conf.LDAP.USERS.USER_NAME_ATTR.get(), find_by_dn=False) for user_info in users_info: try: user = ldap_access.get_ldap_user(username=user_info['username']) group.user_set.add(user) except User.DoesNotExist: LOG.debug("Synchronizing posix user %s with group %s failed. User does not exist." % (smart_str(posix_member), smart_str(group.name)))
def _sync_ldap_members(connection, group, ldap_info, count=0, max_count=1): if count >= max_count: return None # Find all users and groups of group. users_info = connection.find_users_of_group(ldap_info['dn']) groups_info = connection.find_groups_of_group(ldap_info['dn']) posix_members = ldap_info['posix_members'] for user_info in users_info: LOG.debug("Synchronizing user %s with group %s" % (smart_str(user_info['dn']), smart_str(group.name))) try: user = ldap_access.get_ldap_user(username=user_info['username']) group.user_set.add(user) except User.DoesNotExist: LOG.warn("Synchronizing user %s with group %s failed. User does not exist." % (smart_str(user_info['dn']), smart_str(group.name))) for group_info in groups_info: LOG.debug("Synchronizing group %s" % smart_str(group_info['dn'])) try: group = Group.objects.get(name=group_info['name']) _sync_ldap_members(connection, group, group_info, count+1, max_count) except Group.DoesNotExist: LOG.warn("Synchronizing group %s failed. Group does not exist." % smart_str(group.name)) for posix_member in posix_members: LOG.debug("Synchronizing posix user %s with group %s" % (smart_str(posix_member), smart_str(group.name))) users_info = connection.find_users(posix_member, search_attr='uid', user_name_attr=desktop.conf.LDAP.USERS.USER_NAME_ATTR.get(), find_by_dn=False) for user_info in users_info: try: user = ldap_access.get_ldap_user(username=user_info['username']) group.user_set.add(user) except User.DoesNotExist: LOG.warn("Synchronizing posix user %s with group %s failed. User does not exist." % (smart_str(posix_member), smart_str(group.name)))
def _import_ldap_suboordinate_groups(connection, groupname_pattern, import_members=False, recursive_import_members=False, sync_users=True, import_by_dn=False): """ Import a group from LDAP. If import_members is true, this will also import any LDAP users that exist within the group. This will use suboordinate group logic. A suboordinate group is a group that is a subentry of another group. e.g. CN=subtest,CN=test,OU=groups,DC=exampe,DC=COM is a suboordinate group of CN=test,OU=groups,DC=exampe,DC=COM """ if import_by_dn: scope = ldap.SCOPE_BASE else: scope = ldap.SCOPE_SUBTREE group_info = connection.find_groups(groupname_pattern, find_by_dn=import_by_dn, scope=scope) if not group_info: LOG.warn("Could not get LDAP details for group pattern %s" % groupname_pattern) return None groups = [] for ldap_info in group_info: group, created = Group.objects.get_or_create(name=ldap_info['name']) if not created and not LdapGroup.objects.filter(group=group).exists(): # This is a Hue group, and shouldn't be overwritten LOG.warn( _('There was a naming conflict while importing group %(groupname)s in pattern %(groupname_pattern)s' ) % { 'groupname': ldap_info['name'], 'groupname_pattern': groupname_pattern }) return None LdapGroup.objects.get_or_create(group=group) group.user_set.clear() # Find members and posix members for group and subgoups members = ldap_info['members'] posix_members = ldap_info['posix_members'] # @TODO: Deprecate recursive_import_members as it may not be useful. if import_members: if recursive_import_members: for sub_ldap_info in connection.find_groups(ldap_info['dn'], find_by_dn=True): members += sub_ldap_info['members'] posix_members += sub_ldap_info['posix_members'] for member in members: LOG.debug("Importing user %s" % smart_str(member)) group.user_set.add( *(_import_ldap_users(connection, member, import_by_dn=True) or [])) # Sync users if sync_users: for member in members: user_info = connection.find_users(member, find_by_dn=True) if len(user_info) > 1: LOG.warn('Found multiple users for member %s.' % member) else: for ldap_info in user_info: try: user = ldap_access.get_ldap_user( username=ldap_info['username']) group.user_set.add(user) except User.DoesNotExist: pass # Import/fetch posix users and groups # Posix members if posix_members: if import_members: for posix_member in posix_members: LOG.debug("Importing user %s" % str(posix_member)) # posixGroup class defines 'memberUid' to be login names, # which are defined by 'uid'. user_info = connection.find_users( posix_member, search_attr='uid', user_name_attr=desktop.conf.LDAP.USERS.USER_NAME_ATTR. get(), find_by_dn=False) users = _import_ldap_users_info(connection, user_info, import_by_dn=False) if users: LOG.debug( "Adding member %s represented as users (should be a single user) %s to group %s" % (str(posix_member), str(users), str(group.name))) group.user_set.add(*users) if sync_users: for posix_member in posix_members: user_info = connection.find_users( posix_member, search_attr='uid', user_name_attr=desktop.conf.LDAP.USERS.USER_NAME_ATTR. get(), find_by_dn=False) if len(user_info) > 1: LOG.warn('Found multiple users for member %s.' % posix_member) else: for ldap_info in user_info: try: user = ldap_access.get_ldap_user( username=ldap_info['username']) group.user_set.add(user) except User.DoesNotExist: pass group.save() groups.append(group) return groups
def _import_ldap_suboordinate_groups(connection, groupname_pattern, import_members=False, recursive_import_members=False, sync_users=True, import_by_dn=False): """ Import a group from LDAP. If import_members is true, this will also import any LDAP users that exist within the group. This will use suboordinate group logic. A suboordinate group is a group that is a subentry of another group. e.g. CN=subtest,CN=test,OU=groups,DC=exampe,DC=COM is a suboordinate group of CN=test,OU=groups,DC=exampe,DC=COM """ if import_by_dn: scope = ldap.SCOPE_BASE else: scope = ldap.SCOPE_SUBTREE group_info = connection.find_groups(groupname_pattern, find_by_dn=import_by_dn, scope=scope) if not group_info: LOG.warn("Could not get LDAP details for group pattern %s" % groupname_pattern) return None groups = [] for ldap_info in group_info: group, created = Group.objects.get_or_create(name=ldap_info['name']) if not created and not LdapGroup.objects.filter(group=group).exists(): # This is a Hue group, and shouldn't be overwritten LOG.warn(_('There was a naming conflict while importing group %(groupname)s in pattern %(groupname_pattern)s') % { 'groupname': ldap_info['name'], 'groupname_pattern': groupname_pattern }) return None LdapGroup.objects.get_or_create(group=group) group.user_set.clear() # Find members and posix members for group and subgoups members = ldap_info['members'] posix_members = ldap_info['posix_members'] # @TODO: Deprecate recursive_import_members as it may not be useful. if import_members: if recursive_import_members: for sub_ldap_info in connection.find_groups(ldap_info['dn'], find_by_dn=True): members += sub_ldap_info['members'] posix_members += sub_ldap_info['posix_members'] for member in members: LOG.debug("Importing user %s" % smart_str(member)) group.user_set.add( *( _import_ldap_users(connection, member, import_by_dn=True) or [] ) ) # Sync users if sync_users: for member in members: user_info = connection.find_users(member, find_by_dn=True) if len(user_info) > 1: LOG.warn('Found multiple users for member %s.' % member) else: for ldap_info in user_info: try: user = ldap_access.get_ldap_user(username=ldap_info['username']) group.user_set.add(user) except User.DoesNotExist: pass # Import/fetch posix users and groups # Posix members if posix_members: if import_members: for posix_member in posix_members: LOG.debug("Importing user %s" % str(posix_member)) # posixGroup class defines 'memberUid' to be login names, # which are defined by 'uid'. user_info = connection.find_users(posix_member, search_attr='uid', user_name_attr=desktop.conf.LDAP.USERS.USER_NAME_ATTR.get(), find_by_dn=False) users = _import_ldap_users_info(connection, user_info, import_by_dn=False) if users: LOG.debug("Adding member %s represented as users (should be a single user) %s to group %s" % (str(posix_member), str(users), str(group.name))) group.user_set.add(*users) if sync_users: for posix_member in posix_members: user_info = connection.find_users(posix_member, search_attr='uid', user_name_attr=desktop.conf.LDAP.USERS.USER_NAME_ATTR.get(), find_by_dn=False) if len(user_info) > 1: LOG.warn('Found multiple users for member %s.' % posix_member) else: for ldap_info in user_info: try: user = ldap_access.get_ldap_user(username=ldap_info['username']) group.user_set.add(user) except User.DoesNotExist: pass group.save() groups.append(group) return groups
try: users_info = connection.find_users_of_group(ldap_info['dn']) except LdapSearchException, e: LOG.warn("Failed to find LDAP users of group: %s" % e) try: groups_info = connection.find_groups_of_group(ldap_info['dn']) except LdapSearchException, e: LOG.warn("Failed to find LDAP groups of group: %s" % e) posix_members = ldap_info['posix_members'] for user_info in users_info: LOG.debug("Synchronizing user %s with group %s" % (smart_str(user_info['dn']), smart_str(group.name))) try: user = ldap_access.get_ldap_user(username=user_info['username']) group.user_set.add(user) except User.DoesNotExist: LOG.warn("Synchronizing user %s with group %s failed. User does not exist." % (smart_str(user_info['dn']), smart_str(group.name))) for group_info in groups_info: LOG.debug("Synchronizing group %s" % smart_str(group_info['dn'])) try: group = Group.objects.get(name=group_info['name']) _sync_ldap_members(connection, group, group_info, count+1, max_count, failed_users=failed_users) except Group.DoesNotExist: LOG.warn("Synchronizing group %s failed. Group does not exist." % smart_str(group.name)) for posix_member in posix_members: LOG.debug("Synchronizing posix user %s with group %s" % (smart_str(posix_member), smart_str(group.name)))
def _import_ldap_groups(groupname_pattern, import_members=False, recursive_import_members=False, sync_users=True, import_by_dn=False): """ Import a group from LDAP. If import_members is true, this will also import any LDAP users that exist within the group. """ conn = ldap_access.get_connection() if import_by_dn: scope = ldap.SCOPE_BASE else: scope = ldap.SCOPE_SUBTREE group_info = conn.find_groups(groupname_pattern, find_by_dn=import_by_dn, scope=scope) if not group_info: LOG.warn("Could not get LDAP details for group pattern %s" % groupname_pattern) return None groups = [] for ldap_info in group_info: group, created = Group.objects.get_or_create(name=ldap_info['name']) if not created and not LdapGroup.objects.filter(group=group).exists(): # This is a Hue group, and shouldn't be overwritten LOG.warn( _('There was a naming conflict while importing group %(groupname)s in pattern %(groupname_pattern)s' ) % { 'groupname': ldap_info['name'], 'groupname_pattern': groupname_pattern }) return None LdapGroup.objects.get_or_create(group=group) group.user_set.clear() # Find members and posix members for group and subgoups members = ldap_info['members'] posix_members = ldap_info['posix_members'] if recursive_import_members: sub_group_info = conn.find_groups(ldap_info['dn'], find_by_dn=True) for sub_ldap_info in sub_group_info: members.extend(sub_ldap_info['members']) posix_members.extend(sub_ldap_info['posix_members']) # Import/fetch users for member in members: users = [] if import_members: LOG.debug("Importing user %s" % str(member)) users = _import_ldap_users(member, import_by_dn=True) elif sync_users: user_info = conn.find_users(member, find_by_dn=True) if len(user_info) > 1: LOG.warn('Found multiple users for member %s.' % member) else: for ldap_info in user_info: try: user = ldap_access.get_ldap_user( username=ldap_info['username']) users.append(user) except User.DoesNotExist: pass if users: LOG.debug( "Adding member %s represented as users (should be a single user) %s to group %s" % (str(member), str(users), str(group.name))) group.user_set.add(*users) # Import/fetch posix users for posix_member in posix_members: users = [] if import_members: LOG.debug("Importing user %s" % str(posix_member)) # posixGroup class defines 'memberUid' to be login names, # which are defined by 'uid'. user_info = conn.find_users(posix_member, search_attr='uid', user_name_attr=desktop.conf.LDAP. USERS.USER_NAME_ATTR.get(), find_by_dn=False) users = _import_ldap_users_info(user_info, import_by_dn=False) elif sync_users: user_info = conn.find_users(posix_member, search_attr='uid', user_name_attr=desktop.conf.LDAP. USERS.USER_NAME_ATTR.get(), find_by_dn=False) if len(user_info) > 1: LOG.warn('Found multiple users for member %s.' % member) else: for ldap_info in user_info: try: user = ldap_access.get_ldap_user( username=ldap_info['username']) users.append(user) except User.DoesNotExist: pass if users: LOG.debug( "Adding member %s represented as users (should be a single user) %s to group %s" % (str(posix_member), str(users), str(group.name))) group.user_set.add(*users) group.save() groups.append(group) return groups
def _import_ldap_groups(groupname_pattern, import_members=False, recursive_import_members=False, sync_users=True, import_by_dn=False): """ Import a group from LDAP. If import_members is true, this will also import any LDAP users that exist within the group. """ conn = ldap_access.get_connection() if import_by_dn: scope = ldap.SCOPE_BASE else: scope = ldap.SCOPE_SUBTREE group_info = conn.find_groups(groupname_pattern, find_by_dn=import_by_dn, scope=scope) if not group_info: LOG.warn("Could not get LDAP details for group pattern %s" % groupname_pattern) return None groups = [] for ldap_info in group_info: group, created = Group.objects.get_or_create(name=ldap_info['name']) if not created and not LdapGroup.objects.filter(group=group).exists(): # This is a Hue group, and shouldn't be overwritten LOG.warn(_('There was a naming conflict while importing group %(groupname)s in pattern %(groupname_pattern)s') % { 'groupname': ldap_info['name'], 'groupname_pattern': groupname_pattern }) return None LdapGroup.objects.get_or_create(group=group) group.user_set.clear() # Find members and posix members for group and subgoups members = ldap_info['members'] posix_members = ldap_info['posix_members'] if recursive_import_members: sub_group_info = conn.find_groups(ldap_info['dn'], find_by_dn=True) for sub_ldap_info in sub_group_info: members.extend(sub_ldap_info['members']) posix_members.extend(sub_ldap_info['posix_members']) # Import/fetch users for member in members: users = [] if import_members: LOG.debug("Importing user %s" % str(member)) users = _import_ldap_users(member, import_by_dn=True) elif sync_users: user_info = conn.find_users(member, find_by_dn=True) if len(user_info) > 1: LOG.warn('Found multiple users for member %s.' % member) else: for ldap_info in user_info: try: user = ldap_access.get_ldap_user(username=ldap_info['username']) users.append(user) except User.DoesNotExist: pass if users: LOG.debug("Adding member %s represented as users (should be a single user) %s to group %s" % (str(member), str(users), str(group.name))) group.user_set.add(*users) # Import/fetch posix users for posix_member in posix_members: users = [] if import_members: LOG.debug("Importing user %s" % str(posix_member)) # posixGroup class defines 'memberUid' to be login names, # which are defined by 'uid'. user_info = conn.find_users(posix_member, search_attr='uid', user_name_attr=desktop.conf.LDAP.USERS.USER_NAME_ATTR.get(), find_by_dn=False) users = _import_ldap_users_info(user_info, import_by_dn=False) elif sync_users: user_info = conn.find_users(posix_member, search_attr='uid', user_name_attr=desktop.conf.LDAP.USERS.USER_NAME_ATTR.get(), find_by_dn=False) if len(user_info) > 1: LOG.warn('Found multiple users for member %s.' % member) else: for ldap_info in user_info: try: user = ldap_access.get_ldap_user(username=ldap_info['username']) users.append(user) except User.DoesNotExist: pass if users: LOG.debug("Adding member %s represented as users (should be a single user) %s to group %s" % (str(posix_member), str(users), str(group.name))) group.user_set.add(*users) group.save() groups.append(group) return groups
def _import_ldap_suboordinate_groups(connection, groupname_pattern, import_members=False, recursive_import_members=False, sync_users=True, import_by_dn=False): """ Import a group from LDAP. If import_members is true, this will also import any LDAP users that exist within the group. This will use suboordinate group logic. A suboordinate group is a group that is a subentry of another group. e.g. CN=subtest,CN=test,OU=groups,DC=exampe,DC=COM is a suboordinate group of CN=test,OU=groups,DC=exampe,DC=COM """ if import_by_dn: scope = ldap.SCOPE_BASE else: scope = ldap.SCOPE_SUBTREE group_info = connection.find_groups(groupname_pattern, find_by_dn=import_by_dn, scope=scope) if not group_info: LOG.warn("Could not get LDAP details for group pattern %s" % groupname_pattern) return None groups = [] for ldap_info in group_info: group, created = Group.objects.get_or_create(name=ldap_info['name']) if not created and not LdapGroup.objects.filter(group=group).exists(): # This is a Hue group, and shouldn't be overwritten LOG.warn(_('There was a naming conflict while importing group %(groupname)s in pattern %(groupname_pattern)s') % { 'groupname': ldap_info['name'], 'groupname_pattern': groupname_pattern }) return None LdapGroup.objects.get_or_create(group=group) group.user_set.clear() # Find members and posix members for group and subgoups members = ldap_info['members'] posix_members = ldap_info['posix_members'] # @TODO: Deprecate recursive_import_members as it may not be useful. if import_members: if recursive_import_members: for sub_ldap_info in connection.find_groups(ldap_info['dn'], find_by_dn=True): members += sub_ldap_info['members'] posix_members += sub_ldap_info['posix_members'] for member in members: LOG.debug("Importing user %s" % smart_str(member)) group.user_set.add( *( _import_ldap_users(connection, member, import_by_dn=True) or [] ) ) # Sync users if sync_users: for member in members: user_info = connection.find_users(member, find_by_dn=True) if len(user_info) > 1: LOG.warn('Found multiple users for member %s.' % member) else: for ldap_info in user_info: try: validate_username(ldap_info['username']) user = ldap_access.get_ldap_user(username=ldap_info['username']) group.user_set.add(user) except (AssertionError, RuntimeError), e: LOG.warn('Could not sync %s: %s' % (ldap_info['username'], e.message)) except User.DoesNotExist: pass
def _import_ldap_suboordinate_groups(connection, groupname_pattern, import_members=False, recursive_import_members=False, sync_users=True, import_by_dn=False): """ Import a group from LDAP. If import_members is true, this will also import any LDAP users that exist within the group. This will use suboordinate group logic. A suboordinate group is a group that is a subentry of another group. e.g. CN=subtest,CN=test,OU=groups,DC=exampe,DC=COM is a suboordinate group of CN=test,OU=groups,DC=exampe,DC=COM """ if import_by_dn: scope = ldap.SCOPE_BASE else: scope = ldap.SCOPE_SUBTREE group_info = connection.find_groups(groupname_pattern, find_by_dn=import_by_dn, scope=scope) if not group_info: LOG.warn("Could not get LDAP details for group pattern %s" % groupname_pattern) return None groups = [] for ldap_info in group_info: group, created = Group.objects.get_or_create(name=ldap_info['name']) if not created and not LdapGroup.objects.filter(group=group).exists(): # This is a Hue group, and shouldn't be overwritten LOG.warn( _('There was a naming conflict while importing group %(groupname)s in pattern %(groupname_pattern)s' ) % { 'groupname': ldap_info['name'], 'groupname_pattern': groupname_pattern }) return None LdapGroup.objects.get_or_create(group=group) group.user_set.clear() # Find members and posix members for group and subgoups members = ldap_info['members'] posix_members = ldap_info['posix_members'] # @TODO: Deprecate recursive_import_members as it may not be useful. if import_members: if recursive_import_members: for sub_ldap_info in connection.find_groups(ldap_info['dn'], find_by_dn=True): members += sub_ldap_info['members'] posix_members += sub_ldap_info['posix_members'] for member in members: LOG.debug("Importing user %s" % smart_str(member)) group.user_set.add( *(_import_ldap_users(connection, member, import_by_dn=True) or [])) # Sync users if sync_users: for member in members: user_info = connection.find_users(member, find_by_dn=True) if len(user_info) > 1: LOG.warn('Found multiple users for member %s.' % member) else: for ldap_info in user_info: try: validate_username(ldap_info['username']) user = ldap_access.get_ldap_user( username=ldap_info['username']) group.user_set.add(user) except (AssertionError, RuntimeError), e: LOG.warn('Could not sync %s: %s' % (ldap_info['username'], e.message)) except User.DoesNotExist: pass