def _sync_ldap_members(connection, group, ldap_info, count=0, max_count=1):
if count >= max_count:
return None
# Find all users and groups of group.
users_info = connection.find_users_of_group(ldap_info['dn'])
groups_info = connection.find_groups_of_group(ldap_info['dn'])
posix_members = ldap_info['posix_members']
for user_info in users_info:
LOG.debug("Synchronizing user %s with group %s" % (smart_str(user_info['dn']), smart_str(group.name)))
try:
user = ldap_access.get_ldap_user(username=user_info['username'])
group.user_set.add(user)
except User.DoesNotExist:
LOG.debug("Synchronizing user %s with group %s failed. User does not exist." % (smart_str(user_info['dn']), smart_str(group.name)))
for group_info in groups_info:
LOG.debug("Synchronizing group %s" % smart_str(group_info['dn']))
try:
group = Group.objects.get(name=group_info['name'])
_sync_ldap_members(connection, group, group_info, count+1, max_count)
except Group.DoesNotExist:
LOG.debug("Synchronizing group %s failed. Group does not exist." % smart_str(group.name))
for posix_member in posix_members:
LOG.debug("Synchronizing posix user %s with group %s" % (smart_str(posix_member), smart_str(group.name)))
users_info = connection.find_users(posix_member, search_attr='uid', user_name_attr=desktop.conf.LDAP.USERS.USER_NAME_ATTR.get(), find_by_dn=False)
for user_info in users_info:
try:
user = ldap_access.get_ldap_user(username=user_info['username'])
group.user_set.add(user)
except User.DoesNotExist:
LOG.debug("Synchronizing posix user %s with group %s failed. User does not exist." % (smart_str(posix_member), smart_str(group.name)))
def _sync_ldap_members(connection, group, ldap_info, count=0, max_count=1):
if count >= max_count:
return None
# Find all users and groups of group.
users_info = connection.find_users_of_group(ldap_info['dn'])
groups_info = connection.find_groups_of_group(ldap_info['dn'])
posix_members = ldap_info['posix_members']
for user_info in users_info:
LOG.debug("Synchronizing user %s with group %s" % (smart_str(user_info['dn']), smart_str(group.name)))
try:
user = ldap_access.get_ldap_user(username=user_info['username'])
group.user_set.add(user)
except User.DoesNotExist:
LOG.warn("Synchronizing user %s with group %s failed. User does not exist." % (smart_str(user_info['dn']), smart_str(group.name)))
for group_info in groups_info:
LOG.debug("Synchronizing group %s" % smart_str(group_info['dn']))
try:
group = Group.objects.get(name=group_info['name'])
_sync_ldap_members(connection, group, group_info, count+1, max_count)
except Group.DoesNotExist:
LOG.warn("Synchronizing group %s failed. Group does not exist." % smart_str(group.name))
for posix_member in posix_members:
LOG.debug("Synchronizing posix user %s with group %s" % (smart_str(posix_member), smart_str(group.name)))
users_info = connection.find_users(posix_member, search_attr='uid', user_name_attr=desktop.conf.LDAP.USERS.USER_NAME_ATTR.get(), find_by_dn=False)
for user_info in users_info:
try:
user = ldap_access.get_ldap_user(username=user_info['username'])
group.user_set.add(user)
except User.DoesNotExist:
LOG.warn("Synchronizing posix user %s with group %s failed. User does not exist." % (smart_str(posix_member), smart_str(group.name)))
def _import_ldap_suboordinate_groups(connection,
groupname_pattern,
import_members=False,
recursive_import_members=False,
sync_users=True,
import_by_dn=False):
"""
Import a group from LDAP. If import_members is true, this will also import any
LDAP users that exist within the group. This will use suboordinate group logic.
A suboordinate group is a group that is a subentry of another group.
e.g. CN=subtest,CN=test,OU=groups,DC=exampe,DC=COM is a suboordinate group of
CN=test,OU=groups,DC=exampe,DC=COM
"""
if import_by_dn:
scope = ldap.SCOPE_BASE
else:
scope = ldap.SCOPE_SUBTREE
group_info = connection.find_groups(groupname_pattern,
find_by_dn=import_by_dn,
scope=scope)
if not group_info:
LOG.warn("Could not get LDAP details for group pattern %s" %
groupname_pattern)
return None
groups = []
for ldap_info in group_info:
group, created = Group.objects.get_or_create(name=ldap_info['name'])
if not created and not LdapGroup.objects.filter(group=group).exists():
# This is a Hue group, and shouldn't be overwritten
LOG.warn(
_('There was a naming conflict while importing group %(groupname)s in pattern %(groupname_pattern)s'
) % {
'groupname': ldap_info['name'],
'groupname_pattern': groupname_pattern
})
return None
LdapGroup.objects.get_or_create(group=group)
group.user_set.clear()
# Find members and posix members for group and subgoups
members = ldap_info['members']
posix_members = ldap_info['posix_members']
# @TODO: Deprecate recursive_import_members as it may not be useful.
if import_members:
if recursive_import_members:
for sub_ldap_info in connection.find_groups(ldap_info['dn'],
find_by_dn=True):
members += sub_ldap_info['members']
posix_members += sub_ldap_info['posix_members']
for member in members:
LOG.debug("Importing user %s" % smart_str(member))
group.user_set.add(
*(_import_ldap_users(connection, member, import_by_dn=True)
or []))
# Sync users
if sync_users:
for member in members:
user_info = connection.find_users(member, find_by_dn=True)
if len(user_info) > 1:
LOG.warn('Found multiple users for member %s.' % member)
else:
for ldap_info in user_info:
try:
user = ldap_access.get_ldap_user(
username=ldap_info['username'])
group.user_set.add(user)
except User.DoesNotExist:
pass
# Import/fetch posix users and groups
# Posix members
if posix_members:
if import_members:
for posix_member in posix_members:
LOG.debug("Importing user %s" % str(posix_member))
# posixGroup class defines 'memberUid' to be login names,
# which are defined by 'uid'.
user_info = connection.find_users(
posix_member,
search_attr='uid',
user_name_attr=desktop.conf.LDAP.USERS.USER_NAME_ATTR.
get(),
find_by_dn=False)
users = _import_ldap_users_info(connection,
user_info,
import_by_dn=False)
if users:
LOG.debug(
"Adding member %s represented as users (should be a single user) %s to group %s"
% (str(posix_member), str(users), str(group.name)))
group.user_set.add(*users)
if sync_users:
for posix_member in posix_members:
user_info = connection.find_users(
posix_member,
search_attr='uid',
user_name_attr=desktop.conf.LDAP.USERS.USER_NAME_ATTR.
get(),
find_by_dn=False)
if len(user_info) > 1:
LOG.warn('Found multiple users for member %s.' %
posix_member)
else:
for ldap_info in user_info:
try:
user = ldap_access.get_ldap_user(
username=ldap_info['username'])
group.user_set.add(user)
except User.DoesNotExist:
pass
group.save()
groups.append(group)
return groups
def _import_ldap_suboordinate_groups(connection, groupname_pattern, import_members=False, recursive_import_members=False, sync_users=True, import_by_dn=False):
"""
Import a group from LDAP. If import_members is true, this will also import any
LDAP users that exist within the group. This will use suboordinate group logic.
A suboordinate group is a group that is a subentry of another group.
e.g. CN=subtest,CN=test,OU=groups,DC=exampe,DC=COM is a suboordinate group of
CN=test,OU=groups,DC=exampe,DC=COM
"""
if import_by_dn:
scope = ldap.SCOPE_BASE
else:
scope = ldap.SCOPE_SUBTREE
group_info = connection.find_groups(groupname_pattern, find_by_dn=import_by_dn, scope=scope)
if not group_info:
LOG.warn("Could not get LDAP details for group pattern %s" % groupname_pattern)
return None
groups = []
for ldap_info in group_info:
group, created = Group.objects.get_or_create(name=ldap_info['name'])
if not created and not LdapGroup.objects.filter(group=group).exists():
# This is a Hue group, and shouldn't be overwritten
LOG.warn(_('There was a naming conflict while importing group %(groupname)s in pattern %(groupname_pattern)s') % {
'groupname': ldap_info['name'],
'groupname_pattern': groupname_pattern
})
return None
LdapGroup.objects.get_or_create(group=group)
group.user_set.clear()
# Find members and posix members for group and subgoups
members = ldap_info['members']
posix_members = ldap_info['posix_members']
# @TODO: Deprecate recursive_import_members as it may not be useful.
if import_members:
if recursive_import_members:
for sub_ldap_info in connection.find_groups(ldap_info['dn'], find_by_dn=True):
members += sub_ldap_info['members']
posix_members += sub_ldap_info['posix_members']
for member in members:
LOG.debug("Importing user %s" % smart_str(member))
group.user_set.add( *( _import_ldap_users(connection, member, import_by_dn=True) or [] ) )
# Sync users
if sync_users:
for member in members:
user_info = connection.find_users(member, find_by_dn=True)
if len(user_info) > 1:
LOG.warn('Found multiple users for member %s.' % member)
else:
for ldap_info in user_info:
try:
user = ldap_access.get_ldap_user(username=ldap_info['username'])
group.user_set.add(user)
except User.DoesNotExist:
pass
# Import/fetch posix users and groups
# Posix members
if posix_members:
if import_members:
for posix_member in posix_members:
LOG.debug("Importing user %s" % str(posix_member))
# posixGroup class defines 'memberUid' to be login names,
# which are defined by 'uid'.
user_info = connection.find_users(posix_member, search_attr='uid', user_name_attr=desktop.conf.LDAP.USERS.USER_NAME_ATTR.get(), find_by_dn=False)
users = _import_ldap_users_info(connection, user_info, import_by_dn=False)
if users:
LOG.debug("Adding member %s represented as users (should be a single user) %s to group %s" % (str(posix_member), str(users), str(group.name)))
group.user_set.add(*users)
if sync_users:
for posix_member in posix_members:
user_info = connection.find_users(posix_member, search_attr='uid', user_name_attr=desktop.conf.LDAP.USERS.USER_NAME_ATTR.get(), find_by_dn=False)
if len(user_info) > 1:
LOG.warn('Found multiple users for member %s.' % posix_member)
else:
for ldap_info in user_info:
try:
user = ldap_access.get_ldap_user(username=ldap_info['username'])
group.user_set.add(user)
except User.DoesNotExist:
pass
group.save()
groups.append(group)
return groups
try:
users_info = connection.find_users_of_group(ldap_info['dn'])
except LdapSearchException, e:
LOG.warn("Failed to find LDAP users of group: %s" % e)
try:
groups_info = connection.find_groups_of_group(ldap_info['dn'])
except LdapSearchException, e:
LOG.warn("Failed to find LDAP groups of group: %s" % e)
posix_members = ldap_info['posix_members']
for user_info in users_info:
LOG.debug("Synchronizing user %s with group %s" % (smart_str(user_info['dn']), smart_str(group.name)))
try:
user = ldap_access.get_ldap_user(username=user_info['username'])
group.user_set.add(user)
except User.DoesNotExist:
LOG.warn("Synchronizing user %s with group %s failed. User does not exist." % (smart_str(user_info['dn']), smart_str(group.name)))
for group_info in groups_info:
LOG.debug("Synchronizing group %s" % smart_str(group_info['dn']))
try:
group = Group.objects.get(name=group_info['name'])
_sync_ldap_members(connection, group, group_info, count+1, max_count, failed_users=failed_users)
except Group.DoesNotExist:
LOG.warn("Synchronizing group %s failed. Group does not exist." % smart_str(group.name))
for posix_member in posix_members:
LOG.debug("Synchronizing posix user %s with group %s" % (smart_str(posix_member), smart_str(group.name)))
def _import_ldap_groups(groupname_pattern,
import_members=False,
recursive_import_members=False,
sync_users=True,
import_by_dn=False):
"""
Import a group from LDAP. If import_members is true, this will also import any
LDAP users that exist within the group.
"""
conn = ldap_access.get_connection()
if import_by_dn:
scope = ldap.SCOPE_BASE
else:
scope = ldap.SCOPE_SUBTREE
group_info = conn.find_groups(groupname_pattern,
find_by_dn=import_by_dn,
scope=scope)
if not group_info:
LOG.warn("Could not get LDAP details for group pattern %s" %
groupname_pattern)
return None
groups = []
for ldap_info in group_info:
group, created = Group.objects.get_or_create(name=ldap_info['name'])
if not created and not LdapGroup.objects.filter(group=group).exists():
# This is a Hue group, and shouldn't be overwritten
LOG.warn(
_('There was a naming conflict while importing group %(groupname)s in pattern %(groupname_pattern)s'
) % {
'groupname': ldap_info['name'],
'groupname_pattern': groupname_pattern
})
return None
LdapGroup.objects.get_or_create(group=group)
group.user_set.clear()
# Find members and posix members for group and subgoups
members = ldap_info['members']
posix_members = ldap_info['posix_members']
if recursive_import_members:
sub_group_info = conn.find_groups(ldap_info['dn'], find_by_dn=True)
for sub_ldap_info in sub_group_info:
members.extend(sub_ldap_info['members'])
posix_members.extend(sub_ldap_info['posix_members'])
# Import/fetch users
for member in members:
users = []
if import_members:
LOG.debug("Importing user %s" % str(member))
users = _import_ldap_users(member, import_by_dn=True)
elif sync_users:
user_info = conn.find_users(member, find_by_dn=True)
if len(user_info) > 1:
LOG.warn('Found multiple users for member %s.' % member)
else:
for ldap_info in user_info:
try:
user = ldap_access.get_ldap_user(
username=ldap_info['username'])
users.append(user)
except User.DoesNotExist:
pass
if users:
LOG.debug(
"Adding member %s represented as users (should be a single user) %s to group %s"
% (str(member), str(users), str(group.name)))
group.user_set.add(*users)
# Import/fetch posix users
for posix_member in posix_members:
users = []
if import_members:
LOG.debug("Importing user %s" % str(posix_member))
# posixGroup class defines 'memberUid' to be login names,
# which are defined by 'uid'.
user_info = conn.find_users(posix_member,
search_attr='uid',
user_name_attr=desktop.conf.LDAP.
USERS.USER_NAME_ATTR.get(),
find_by_dn=False)
users = _import_ldap_users_info(user_info, import_by_dn=False)
elif sync_users:
user_info = conn.find_users(posix_member,
search_attr='uid',
user_name_attr=desktop.conf.LDAP.
USERS.USER_NAME_ATTR.get(),
find_by_dn=False)
if len(user_info) > 1:
LOG.warn('Found multiple users for member %s.' % member)
else:
for ldap_info in user_info:
try:
user = ldap_access.get_ldap_user(
username=ldap_info['username'])
users.append(user)
except User.DoesNotExist:
pass
if users:
LOG.debug(
"Adding member %s represented as users (should be a single user) %s to group %s"
% (str(posix_member), str(users), str(group.name)))
group.user_set.add(*users)
group.save()
groups.append(group)
return groups
try:
users_info = connection.find_users_of_group(ldap_info['dn'])
except LdapSearchException, e:
LOG.warn("Failed to find LDAP users of group: %s" % e)
try:
groups_info = connection.find_groups_of_group(ldap_info['dn'])
except LdapSearchException, e:
LOG.warn("Failed to find LDAP groups of group: %s" % e)
posix_members = ldap_info['posix_members']
for user_info in users_info:
LOG.debug("Synchronizing user %s with group %s" % (smart_str(user_info['dn']), smart_str(group.name)))
try:
user = ldap_access.get_ldap_user(username=user_info['username'])
group.user_set.add(user)
except User.DoesNotExist:
LOG.warn("Synchronizing user %s with group %s failed. User does not exist." % (smart_str(user_info['dn']), smart_str(group.name)))
for group_info in groups_info:
LOG.debug("Synchronizing group %s" % smart_str(group_info['dn']))
try:
group = Group.objects.get(name=group_info['name'])
_sync_ldap_members(connection, group, group_info, count+1, max_count, failed_users=failed_users)
except Group.DoesNotExist:
LOG.warn("Synchronizing group %s failed. Group does not exist." % smart_str(group.name))
for posix_member in posix_members:
LOG.debug("Synchronizing posix user %s with group %s" % (smart_str(posix_member), smart_str(group.name)))
def _import_ldap_groups(groupname_pattern, import_members=False, recursive_import_members=False, sync_users=True, import_by_dn=False):
"""
Import a group from LDAP. If import_members is true, this will also import any
LDAP users that exist within the group.
"""
conn = ldap_access.get_connection()
if import_by_dn:
scope = ldap.SCOPE_BASE
else:
scope = ldap.SCOPE_SUBTREE
group_info = conn.find_groups(groupname_pattern, find_by_dn=import_by_dn, scope=scope)
if not group_info:
LOG.warn("Could not get LDAP details for group pattern %s" % groupname_pattern)
return None
groups = []
for ldap_info in group_info:
group, created = Group.objects.get_or_create(name=ldap_info['name'])
if not created and not LdapGroup.objects.filter(group=group).exists():
# This is a Hue group, and shouldn't be overwritten
LOG.warn(_('There was a naming conflict while importing group %(groupname)s in pattern %(groupname_pattern)s') % {
'groupname': ldap_info['name'],
'groupname_pattern': groupname_pattern
})
return None
LdapGroup.objects.get_or_create(group=group)
group.user_set.clear()
# Find members and posix members for group and subgoups
members = ldap_info['members']
posix_members = ldap_info['posix_members']
if recursive_import_members:
sub_group_info = conn.find_groups(ldap_info['dn'], find_by_dn=True)
for sub_ldap_info in sub_group_info:
members.extend(sub_ldap_info['members'])
posix_members.extend(sub_ldap_info['posix_members'])
# Import/fetch users
for member in members:
users = []
if import_members:
LOG.debug("Importing user %s" % str(member))
users = _import_ldap_users(member, import_by_dn=True)
elif sync_users:
user_info = conn.find_users(member, find_by_dn=True)
if len(user_info) > 1:
LOG.warn('Found multiple users for member %s.' % member)
else:
for ldap_info in user_info:
try:
user = ldap_access.get_ldap_user(username=ldap_info['username'])
users.append(user)
except User.DoesNotExist:
pass
if users:
LOG.debug("Adding member %s represented as users (should be a single user) %s to group %s" % (str(member), str(users), str(group.name)))
group.user_set.add(*users)
# Import/fetch posix users
for posix_member in posix_members:
users = []
if import_members:
LOG.debug("Importing user %s" % str(posix_member))
# posixGroup class defines 'memberUid' to be login names,
# which are defined by 'uid'.
user_info = conn.find_users(posix_member, search_attr='uid', user_name_attr=desktop.conf.LDAP.USERS.USER_NAME_ATTR.get(), find_by_dn=False)
users = _import_ldap_users_info(user_info, import_by_dn=False)
elif sync_users:
user_info = conn.find_users(posix_member, search_attr='uid', user_name_attr=desktop.conf.LDAP.USERS.USER_NAME_ATTR.get(), find_by_dn=False)
if len(user_info) > 1:
LOG.warn('Found multiple users for member %s.' % member)
else:
for ldap_info in user_info:
try:
user = ldap_access.get_ldap_user(username=ldap_info['username'])
users.append(user)
except User.DoesNotExist:
pass
if users:
LOG.debug("Adding member %s represented as users (should be a single user) %s to group %s" % (str(posix_member), str(users), str(group.name)))
group.user_set.add(*users)
group.save()
groups.append(group)
return groups
def _import_ldap_suboordinate_groups(connection, groupname_pattern, import_members=False, recursive_import_members=False,
sync_users=True, import_by_dn=False):
"""
Import a group from LDAP. If import_members is true, this will also import any
LDAP users that exist within the group. This will use suboordinate group logic.
A suboordinate group is a group that is a subentry of another group.
e.g. CN=subtest,CN=test,OU=groups,DC=exampe,DC=COM is a suboordinate group of
CN=test,OU=groups,DC=exampe,DC=COM
"""
if import_by_dn:
scope = ldap.SCOPE_BASE
else:
scope = ldap.SCOPE_SUBTREE
group_info = connection.find_groups(groupname_pattern, find_by_dn=import_by_dn, scope=scope)
if not group_info:
LOG.warn("Could not get LDAP details for group pattern %s" % groupname_pattern)
return None
groups = []
for ldap_info in group_info:
group, created = Group.objects.get_or_create(name=ldap_info['name'])
if not created and not LdapGroup.objects.filter(group=group).exists():
# This is a Hue group, and shouldn't be overwritten
LOG.warn(_('There was a naming conflict while importing group %(groupname)s in pattern %(groupname_pattern)s') % {
'groupname': ldap_info['name'],
'groupname_pattern': groupname_pattern
})
return None
LdapGroup.objects.get_or_create(group=group)
group.user_set.clear()
# Find members and posix members for group and subgoups
members = ldap_info['members']
posix_members = ldap_info['posix_members']
# @TODO: Deprecate recursive_import_members as it may not be useful.
if import_members:
if recursive_import_members:
for sub_ldap_info in connection.find_groups(ldap_info['dn'], find_by_dn=True):
members += sub_ldap_info['members']
posix_members += sub_ldap_info['posix_members']
for member in members:
LOG.debug("Importing user %s" % smart_str(member))
group.user_set.add( *( _import_ldap_users(connection, member, import_by_dn=True) or [] ) )
# Sync users
if sync_users:
for member in members:
user_info = connection.find_users(member, find_by_dn=True)
if len(user_info) > 1:
LOG.warn('Found multiple users for member %s.' % member)
else:
for ldap_info in user_info:
try:
validate_username(ldap_info['username'])
user = ldap_access.get_ldap_user(username=ldap_info['username'])
group.user_set.add(user)
except (AssertionError, RuntimeError), e:
LOG.warn('Could not sync %s: %s' % (ldap_info['username'], e.message))
except User.DoesNotExist:
pass
def _import_ldap_suboordinate_groups(connection,
groupname_pattern,
import_members=False,
recursive_import_members=False,
sync_users=True,
import_by_dn=False):
"""
Import a group from LDAP. If import_members is true, this will also import any
LDAP users that exist within the group. This will use suboordinate group logic.
A suboordinate group is a group that is a subentry of another group.
e.g. CN=subtest,CN=test,OU=groups,DC=exampe,DC=COM is a suboordinate group of
CN=test,OU=groups,DC=exampe,DC=COM
"""
if import_by_dn:
scope = ldap.SCOPE_BASE
else:
scope = ldap.SCOPE_SUBTREE
group_info = connection.find_groups(groupname_pattern,
find_by_dn=import_by_dn,
scope=scope)
if not group_info:
LOG.warn("Could not get LDAP details for group pattern %s" %
groupname_pattern)
return None
groups = []
for ldap_info in group_info:
group, created = Group.objects.get_or_create(name=ldap_info['name'])
if not created and not LdapGroup.objects.filter(group=group).exists():
# This is a Hue group, and shouldn't be overwritten
LOG.warn(
_('There was a naming conflict while importing group %(groupname)s in pattern %(groupname_pattern)s'
) % {
'groupname': ldap_info['name'],
'groupname_pattern': groupname_pattern
})
return None
LdapGroup.objects.get_or_create(group=group)
group.user_set.clear()
# Find members and posix members for group and subgoups
members = ldap_info['members']
posix_members = ldap_info['posix_members']
# @TODO: Deprecate recursive_import_members as it may not be useful.
if import_members:
if recursive_import_members:
for sub_ldap_info in connection.find_groups(ldap_info['dn'],
find_by_dn=True):
members += sub_ldap_info['members']
posix_members += sub_ldap_info['posix_members']
for member in members:
LOG.debug("Importing user %s" % smart_str(member))
group.user_set.add(
*(_import_ldap_users(connection, member, import_by_dn=True)
or []))
# Sync users
if sync_users:
for member in members:
user_info = connection.find_users(member, find_by_dn=True)
if len(user_info) > 1:
LOG.warn('Found multiple users for member %s.' % member)
else:
for ldap_info in user_info:
try:
validate_username(ldap_info['username'])
user = ldap_access.get_ldap_user(
username=ldap_info['username'])
group.user_set.add(user)
except (AssertionError, RuntimeError), e:
LOG.warn('Could not sync %s: %s' %
(ldap_info['username'], e.message))
except User.DoesNotExist:
pass
