def reset_password(self, password_stub):
email = self.cleaned_data['email']
challenge = self.cleaned_data['challenge']
password_full = password_stub + challenge
try:
protocol = '' # protocol for logging what is happing
protocol += 'initialize & bind; '
l = util.ldap_connection()
protocol += 'find user by mail; '
users = l.search_s(settings.LDAP_USERGP, ldap.SCOPE_SUBTREE,
'(&(mail=%s))' % (email))
if (len(users) <= 0):
raise util.LdapException("No user with this email found")
# reset only the first account
cn = users[0][0]
login = users[0][1]['uid'][0]
protocol += 'change modify password'
l.modify_s(users[0][0], [(ldap.MOD_REPLACE, 'userPassword',
str(util.hash_password(password_full)))])
# release binding
protocol += 'release binding; '
l.unbind_s()
return login
except ldap.LDAPError, e:
raise util.LdapException("%s: %s" % (e, protocol))
def transfer_to_ldap(self):
# calculate data needed
try:
protocol = '' # protocol for logging what is happing
# initialization & authentication
protocol += 'initialize & bind; '
l = util.ldap_connection()
# add to LDAP
ldap_data = self.as_ldap()
protocol += "add user %s; " % self.safe_name
l.add_s('cn=%s,%s' % (self.safe_name, settings.LDAP_USERGP), ldap_data['user']) # add user
protocol += 'add automount; '
l.add_s('cn=%s,%s' % (self.safe_name, settings.LDAP_MOUNTGP), ldap_data['automount']) # add mount info
protocol += 'add to expedient ACL; '
l.modify_s(settings.LDAP_EXPEDIENTGP, ldap_data['expedient']) # add expedient access
protocol += 'query VPN group; '
old_vpn = l.search_s(settings.LDAP_VPNGP, ldap.SCOPE_SUBTREE, "(cn=%s)" % (settings.LDAP_VPNCN), [])
protocol += "(cn=%s)" % (settings.LDAP_VPNCN)
protocol += " " + "cn=%s,%s" % (settings.LDAP_VPNCN, settings.LDAP_VPNGP)
new_vpn = []
new_vpn.append( ('objectClass', old_vpn[0][1]['objectClass']) )
new_vpn.append( ('cn', old_vpn[0][1]['cn']) )
new_vpn.append( ('nisNetgroupTriple', old_vpn[0][1]['nisNetgroupTriple'] + [str("(,%s,)" % self.safe_name)]) )
protocol += 'delete VPN group; '
l.delete_s("cn=%s,%s" % (settings.LDAP_VPNCN, settings.LDAP_VPNGP))
protocol += 'add modified VPN group; '
l.add_s(("cn=%s,%s" % (settings.LDAP_VPNCN, settings.LDAP_VPNGP)), new_vpn)
# release binding
protocol += 'release binding; '
l.unbind_s()
except ldap.LDAPError, e:
raise Registration.LdapException("%s: %s" % (e, protocol)) #[0]['desc'])
def authenticate(self): l = util.ldap_connection() user = l.search_s(settings.LDAP_USERGP, ldap.SCOPE_SUBTREE, '(&(cn=%s)(userPassword=%s))' % (self.cleaned_data['login'], util.hash_password(self.cleaned_data['password']))) l.unbind_s() if user and (len(user) > 0): return True else: return False
def clean(self):
super(Registration, self).clean()
# is user in BLOCKED_USERS
if self.safe_name in settings.BLOCKED_USERNAMES:
raise ValidationError('Name (%s) can not be chosen, please choose another name' % self.safe_name)
# user in LDAP already?
l = util.ldap_connection()
res = l.search_s(settings.LDAP_USERGP, ldap.SCOPE_SUBTREE, '(cn=%s)' % self.safe_name, [])
l.unbind_s()
if len(res) > 0:
raise ValidationError('Name (%s) already exists in LDAP, please choose another name' % self.safe_name)
def reset_password(self, password_stub):
email = self.cleaned_data['email']
challenge = self.cleaned_data['challenge']
password_full = password_stub + challenge
try:
protocol = '' # protocol for logging what is happing
protocol += 'initialize & bind; '
l = util.ldap_connection()
protocol += 'find user by mail; '
users = l.search_s(settings.LDAP_USERGP, ldap.SCOPE_SUBTREE, '(&(mail=%s))' % (email))
if (len(users) <= 0):
raise util.LdapException("No user with this email found")
# reset only the first account
cn = users[0][0]
login = users[0][1]['uid'][0]
protocol += 'change modify password'
l.modify_s(users[0][0], [(ldap.MOD_REPLACE, 'userPassword', str(util.hash_password(password_full)))])
# release binding
protocol += 'release binding; '
l.unbind_s()
return login
except ldap.LDAPError, e:
raise util.LdapException("%s: %s" % (e, protocol))
