def import_users(self): """Imports users from all the configured LDAP plugins into OGDS. """ session = create_session() # Set all SQL users inactive first - the ones still contained in the LDAP # will be set active again below (in the same transaction). for user in session.query(User): user.active = 0 for plugin in self._ldap_plugins(): ldap_userfolder = plugin._getLDAPUserFolder() uid_attr = self._get_uid_attr(ldap_userfolder) ldap_util = ILDAPSearch(ldap_userfolder) ldap_users = ldap_util.get_users() for ldap_user in ldap_users: dn, info = ldap_user # Ignore users without an UID in LDAP if not uid_attr in info: continue userid = info[uid_attr] # Skip users with uid longer than SQL 'userid' column # FIXME: Increase size of SQL column to 64 if len(userid) > 30: continue if not self.user_exists(userid): # Create the new user user = User(userid) session.add(user) else: # Get the existing user user = session.query(User).filter_by(userid=userid).first() # Iterate over all SQL columns and update their values columns = User.__table__.columns for col in columns: if col.name == 'userid': # We already set the userid when creating the user # object, and it may not be called the same in LDAP as # in our SQL model continue value = info.get(col.name) # We can't store sequences in SQL columns. So if we do get a multi-valued field # to be stored directly in OGDS, we treat it as a multi-line string and join it. if isinstance(value, list) or isinstance(value, tuple): value = ' '.join([str(v) for v in value]) setattr(user, col.name, value) # Set the user active user.active = 1 logger.info("Imported user '%s'..." % userid) session.flush()
def import_users(self): """Imports users from all the configured LDAP plugins into OGDS. """ session = create_session() # Set all SQL users inactive first - the ones still contained in the LDAP # will be set active again below (in the same transaction). for user in session.query(User): user.active = 0 for plugin in self._ldap_plugins(): ldap_userfolder = plugin._getLDAPUserFolder() uid_attr = self._get_uid_attr(ldap_userfolder) ldap_util = ILDAPSearch(ldap_userfolder) ldap_users = ldap_util.get_users() for ldap_user in ldap_users: dn, info = ldap_user # Ignore users without an UID in LDAP if not uid_attr in info: continue userid = info[uid_attr] # Skip users with uid longer than SQL 'userid' column # FIXME: Increase size of SQL column to 64 if len(userid) > 30: continue if not self.user_exists(userid): # Create the new user user = User(userid) session.add(user) else: # Get the existing user user = session.query(User).filter_by(userid=userid).first() # Iterate over all SQL columns and update their values columns = User.__table__.columns for col in columns: if col.name == 'userid': # We already set the userid when creating the user # object, and it may not be called the same in LDAP as # in our SQL model continue value = info.get(col.name) # We can't store sequences in SQL columns. So if we do get a multi-valued field # to be stored directly in OGDS, we treat it as a multi-line string and join it. if isinstance(value, list) or isinstance(value, tuple): value = ' '.join([str(v) for v in value]) setattr(user, col.name, value) # Set the user active user.active = 1 logger.info("Imported user '%s'..." % userid) session.flush()
def migrate(self): # Add a temp secretary id column to meetings new_secretary_id = Column('new_secretary_id', String(USER_ID_LENGTH), ForeignKey(User.userid)) self.op.add_column('meetings', new_secretary_id) # Populate temp secretary column - user if match else new inactive user meetings_table = table( 'meetings', column('id'), column('secretary_id'), column('new_secretary_id'), ) meetings = self.connection.execute(meetings_table.select()).fetchall() for meeting in meetings: if meeting.secretary_id: member = Member.query.get(meeting.secretary_id) if member: user = User.query.filter( User.firstname == member.firstname, User.lastname == member.lastname).first() if not user: # We have to create an inactive user for the member userid = uuid4().hex user = User(userid) user.active = False user.firstname = member.firstname user.lastname = member.lastname user.email = member.email self.session.add(user) self.session.flush() self.execute(meetings_table.update().values( new_secretary_id=user.userid).where( meetings_table.columns.id == meeting.id)) # Drop old secretary column self.op.drop_column('meetings', 'secretary_id') # Rename temp secretary column self.op.alter_column('meetings', 'new_secretary_id', new_column_name='secretary_id')
def migrate(self): # Add a temp secretary id column to meetings new_secretary_id = Column('new_secretary_id', String(USER_ID_LENGTH), ForeignKey(User.userid)) self.op.add_column('meetings', new_secretary_id) # Populate temp secretary column - user if match else new inactive user meetings_table = table( 'meetings', column('id'), column('secretary_id'), column('new_secretary_id'), ) meetings = self.connection.execute(meetings_table.select()).fetchall() for meeting in meetings: if meeting.secretary_id: member = Member.query.get(meeting.secretary_id) if member: user = User.query.filter(User.firstname == member.firstname, User.lastname == member.lastname).first() if not user: # We have to create an inactive user for the member userid = uuid4().hex user = User(userid) user.active = False user.firstname = member.firstname user.lastname = member.lastname user.email = member.email self.session.add(user) self.session.flush() self.execute( meetings_table.update() .values(new_secretary_id=user.userid) .where(meetings_table.columns.id == meeting.id) ) # Drop old secretary column self.op.drop_column('meetings', 'secretary_id') # Rename temp secretary column self.op.alter_column('meetings', 'new_secretary_id', new_column_name='secretary_id')
def __call__(self): form = self.request.form session = create_session() policy_id = form['policy'] client_registry = getUtility(IClientConfigurationRegistry) config = client_registry.get_policy(policy_id) # drop sql tables if form.get('first', False) and config.get('purge_sql', False): self.drop_sql_tables(session) ext_profiles = list(EXTENSION_PROFILES) if config.get('base_profile', None): ext_profiles.append(config.get('base_profile')) # create plone site site = addPloneSite( self.context, form['client_id'], title=form['title'], profile_id=_DEFAULT_PROFILE, extension_ids=ext_profiles, setup_content=False, default_language=config.get('language', 'de-ch'), ) # ldap stool = getToolByName(site, 'portal_setup') if form.get('ldap', False): stool = getToolByName(site, 'portal_setup') stool.runAllImportStepsFromProfile('profile-%s' % form.get('ldap')) # Configure credentials from JSON file at # ~/.opengever/ldap/{hostname}.json configure_ldap_credentials(site) acl_users = getToolByName(site, 'acl_users') plugins = acl_users.plugins # disable source_groups when using ldap for ptype in plugins.listPluginTypeInfo(): try: plugins.deactivatePlugin(ptype['interface'], 'source_groups') except KeyError: pass # deactivate recursive groups for ptype in plugins.listPluginTypeInfo(): try: plugins.deactivatePlugin(ptype['interface'], 'recursive_groups') except KeyError: pass # move ldap up plugins.movePluginsUp(IPropertiesPlugin, ('ldap',)) plugins.movePluginsUp(IPropertiesPlugin, ('ldap',)) plugins.movePluginsUp(IPropertiesPlugin, ('ldap',)) if form.get('first', False) and form.get('import_users', False): print '===== SYNC LDAP ====' class Object(object): pass # Import LDAP users and groups options = Object() options.site_root = '/' + form['client_id'] options.update_syncstamp = False sync_ldap.run_import(self.context, options) if form.get('configsql'): # register the client in the ogds # is the client already configured? -> delete it clients = session.query(Client).filter_by( client_id=form['client_id']).all() if clients: session.delete(clients[0]) # groups must exist users_groups = session.query(Group).filter_by( groupid=form['group']) inbox_groups = session.query(Group).filter_by( groupid=form['inbox_group']) try: users_group = users_groups[0] except IndexError: raise SetupError("User group '%s' could not be found." % form['group']) try: inbox_group = inbox_groups[0] except IndexError: raise SetupError("Inbox group '%s' could not be found." % form['inbox_group']) active = bool(form.get('active', False)) client = Client(form['client_id'], enabled=active, title=form['title'], ip_address=form['ip_address'], site_url=form['site_url'], public_url=form['public_url'], ) client.users_group = users_group client.inbox_group = inbox_group session.add(client) # create the admin user in the ogds if he not exist # and add it to the specified user_group # so we avoid a constraintError in the choice fields if session.query(User).filter_by(userid=ADMIN_USER_ID).count() == 0: og_admin_user = User(ADMIN_USER_ID, firstname='OG', lastname='Administrator', active=True) session.add(og_admin_user) else: og_admin_user = session.query(User).filter_by( userid=ADMIN_USER_ID).first() og_admin_user.active = True users_group = session.query(Group).filter_by( groupid=form['group']).first() if og_admin_user not in users_group.users: users_group.users.append(og_admin_user) # set the client id in the registry client_id = form['client_id'].decode('utf-8') registry = getUtility(IRegistry) proxy = registry.forInterface(IClientConfiguration) proxy.client_id = form['client_id'].decode('utf-8') # set the mail domain in the registry registry = getUtility(IRegistry) proxy = registry.forInterface(IMailSettings) proxy.mail_domain = form['mail_domain'].decode('utf-8') mail_from_address = self.get_mail_from_address() site.manage_changeProperties({'email_from_address': mail_from_address, 'email_from_name': client_id}) # set global Member role for the client users group site.acl_users.portal_role_manager.assignRoleToPrincipal( 'Member', form['group']) # set global Member role for readers group if form['reader_group']: site.acl_users.portal_role_manager.assignRoleToPrincipal( 'Member', form['reader_group']) # set Role Manager role for rolemanager group if form['rolemanager_group']: site.acl_users.portal_role_manager.assignRoleToPrincipal( 'Role Manager', form['rolemanager_group']) # provide the repository root for opengever.setup:default repository_root = config.get('repository_root', None) if repository_root: self.request.set('repository_root', repository_root) # import the defaul generic setup profiles if needed stool = getToolByName(site, 'portal_setup') for profile in config.get('additional_profiles', ()): stool.runAllImportStepsFromProfile('profile-%s' % profile) # set the site title site.manage_changeProperties(title=form['title']) # REALLY set the language - the plone4 addPloneSite is really # buggy with languages. langCP = getAdapter(site, ILanguageSelectionSchema) langCP.default_language = 'de-ch' # the og_admin_user is not longer used so we set him to inactive og_admin_user.active = False return 'ok'
def import_users(self): """Imports users from all the configured LDAP plugins into OGDS. """ session = create_session() # Set all SQL users inactive first - the ones still contained in the # LDAP will be set active again below (in the same transaction). for user in session.query(User): user.active = False for plugin in self._ldap_plugins(): ldap_userfolder = plugin._getLDAPUserFolder() uid_attr = self._get_uid_attr(ldap_userfolder) ldap_util = ILDAPSearch(ldap_userfolder) logger.info(u'Users base: %s' % ldap_userfolder.users_base) logger.info(u'User filter: %s' % ldap_util.get_user_filter()) ldap_users = ldap_util.get_users() for ldap_user in ldap_users: dn, info = ldap_user # Ignore users without an UID in LDAP if uid_attr not in info: continue userid = info[uid_attr] userid = userid.decode('utf-8') # Skip users with uid longer than SQL 'userid' column if len(userid) > USER_ID_LENGTH: logger.warn(u"Skipping user '{}' - " u"userid too long!".format(userid)) continue if not self.user_exists(userid): # Create the new user user = User(userid) session.add(user) else: # Get the existing user try: user = self.get_sql_user(userid) except MultipleResultsFound: # Duplicate user with slightly different spelling # (casing, whitespace, ...) that may not be considered # different by the SQL backend's unique constraint. # We therefore enforce uniqueness ourselves. logger.warn( u"Skipping duplicate user '{}'!".format(userid)) continue # Iterate over all SQL columns and update their values columns = User.__table__.columns for col in columns: if col.name == 'userid': # We already set the userid when creating the user # object, and it may not be called the same in LDAP as # in our SQL model continue value = info.get(col.name) # We can't store sequences in SQL columns. So if we do get # a multi-valued field to be stored directly in OGDS, we # treat it as a multi-line string and join it. if isinstance(value, list) or isinstance(value, tuple): value = ' '.join([str(v) for v in value]) if isinstance(value, str): value = value.decode('utf-8') # Truncate purely descriptive user fields if necessary if isinstance(col.type, String): if value and len(value) > col.type.length: logger.warn(u"Truncating value %r for column %r " u"(user: %r)" % (value, col.name, userid)) value = value[:col.type.length] setattr(user, col.name, value) # Set the user active user.active = True logger.info(u"Imported user '{}'".format(userid)) session.flush()
def __call__(self): form = self.request.form session = create_session() policy_id = form['policy'] client_registry = getUtility(IClientConfigurationRegistry) config = client_registry.get_policy(policy_id) # drop sql tables if form.get('first', False) and config.get('purge_sql', False): self.drop_sql_tables(session) ext_profiles = list(EXTENSION_PROFILES) if config.get('base_profile', None): ext_profiles.append(config.get('base_profile')) # create plone site site = addPloneSite( self.context, form['client_id'], title=form['title'], profile_id=_DEFAULT_PROFILE, extension_ids=ext_profiles, setup_content=False, default_language=config.get('language', 'de-ch'), ) # ldap stool = getToolByName(site, 'portal_setup') if form.get('ldap', False): stool = getToolByName(site, 'portal_setup') stool.runAllImportStepsFromProfile('profile-%s' % form.get('ldap')) # Configure credentials from JSON file at # ~/.opengever/ldap/{hostname}.json configure_ldap_credentials(site) acl_users = getToolByName(site, 'acl_users') plugins = acl_users.plugins # disable source_groups when using ldap for ptype in plugins.listPluginTypeInfo(): try: plugins.deactivatePlugin(ptype['interface'], 'source_groups') except KeyError: pass # deactivate recursive groups for ptype in plugins.listPluginTypeInfo(): try: plugins.deactivatePlugin(ptype['interface'], 'recursive_groups') except KeyError: pass # move ldap up plugins.movePluginsUp(IPropertiesPlugin, ('ldap', )) plugins.movePluginsUp(IPropertiesPlugin, ('ldap', )) plugins.movePluginsUp(IPropertiesPlugin, ('ldap', )) if form.get('first', False) and form.get('import_users', False): print '===== SYNC LDAP ====' class Object(object): pass # Import LDAP users and groups options = Object() options.site_root = '/' + form['client_id'] options.update_syncstamp = False sync_ldap.run_import(self.context, options) if form.get('configsql'): # register the client in the ogds # is the client already configured? -> delete it clients = session.query(Client).filter_by( client_id=form['client_id']).all() if clients: session.delete(clients[0]) # groups must exist users_groups = session.query(Group).filter_by( groupid=form['group']) inbox_groups = session.query(Group).filter_by( groupid=form['inbox_group']) try: users_group = users_groups[0] except IndexError: raise SetupError("User group '%s' could not be found." % form['group']) try: inbox_group = inbox_groups[0] except IndexError: raise SetupError("Inbox group '%s' could not be found." % form['inbox_group']) active = bool(form.get('active', False)) client = Client( form['client_id'], enabled=active, title=form['title'], ip_address=form['ip_address'], site_url=form['site_url'], public_url=form['public_url'], ) client.users_group = users_group client.inbox_group = inbox_group session.add(client) # create the admin user in the ogds if he not exist # and add it to the specified user_group # so we avoid a constraintError in the choice fields if session.query(User).filter_by(userid=ADMIN_USER_ID).count() == 0: og_admin_user = User(ADMIN_USER_ID, firstname='OG', lastname='Administrator', active=True) session.add(og_admin_user) else: og_admin_user = session.query(User).filter_by( userid=ADMIN_USER_ID).first() og_admin_user.active = True users_group = session.query(Group).filter_by( groupid=form['group']).first() if og_admin_user not in users_group.users: users_group.users.append(og_admin_user) # set the client id in the registry client_id = form['client_id'].decode('utf-8') registry = getUtility(IRegistry) proxy = registry.forInterface(IClientConfiguration) proxy.client_id = form['client_id'].decode('utf-8') # set the mail domain in the registry registry = getUtility(IRegistry) proxy = registry.forInterface(IMailSettings) proxy.mail_domain = form['mail_domain'].decode('utf-8') mail_from_address = self.get_mail_from_address() site.manage_changeProperties({ 'email_from_address': mail_from_address, 'email_from_name': client_id }) # set global Member role for the client users group site.acl_users.portal_role_manager.assignRoleToPrincipal( 'Member', form['group']) # set global Member role for readers group if form['reader_group']: site.acl_users.portal_role_manager.assignRoleToPrincipal( 'Member', form['reader_group']) # set Role Manager role for rolemanager group if form['rolemanager_group']: site.acl_users.portal_role_manager.assignRoleToPrincipal( 'Role Manager', form['rolemanager_group']) # provide the repository root for opengever.setup:default repository_root = config.get('repository_root', None) if repository_root: self.request.set('repository_root', repository_root) # import the defaul generic setup profiles if needed stool = getToolByName(site, 'portal_setup') for profile in config.get('additional_profiles', ()): stool.runAllImportStepsFromProfile('profile-%s' % profile) # set the site title site.manage_changeProperties(title=form['title']) # REALLY set the language - the plone4 addPloneSite is really # buggy with languages. langCP = getAdapter(site, ILanguageSelectionSchema) langCP.default_language = 'de-ch' # the og_admin_user is not longer used so we set him to inactive og_admin_user.active = False return 'ok'
def import_users(self): """Imports users from all the configured LDAP plugins into OGDS. """ session = create_session() # Set all SQL users inactive first - the ones still contained in the # LDAP will be set active again below (in the same transaction). for user in session.query(User): user.active = False for plugin in self._ldap_plugins(): ldap_userfolder = plugin._getLDAPUserFolder() uid_attr = self._get_uid_attr(ldap_userfolder) ldap_util = ILDAPSearch(ldap_userfolder) logger.info(u"Users base: %s" % ldap_userfolder.users_base) logger.info(u"User filter: %s" % ldap_util.get_user_filter()) ldap_users = ldap_util.get_users() for ldap_user in ldap_users: dn, info = ldap_user # Ignore users without an UID in LDAP if uid_attr not in info: continue userid = info[uid_attr] userid = userid.decode("utf-8") # Skip users with uid longer than SQL 'userid' column if len(userid) > USER_ID_LENGTH: logger.warn(u"Skipping user '{}' - " u"userid too long!".format(userid)) continue if not self.user_exists(userid): # Create the new user user = User(userid) session.add(user) else: # Get the existing user try: user = self.get_sql_user(userid) except MultipleResultsFound: # Duplicate user with slightly different spelling # (casing, whitespace, ...) that may not be considered # different by the SQL backend's unique constraint. # We therefore enforce uniqueness ourselves. logger.warn(u"Skipping duplicate user '{}'!".format(userid)) continue # Iterate over all SQL columns and update their values columns = User.__table__.columns for col in columns: if col.name == "userid": # We already set the userid when creating the user # object, and it may not be called the same in LDAP as # in our SQL model continue value = info.get(col.name) # We can't store sequences in SQL columns. So if we do get # a multi-valued field to be stored directly in OGDS, we # treat it as a multi-line string and join it. if isinstance(value, list) or isinstance(value, tuple): value = " ".join([str(v) for v in value]) if isinstance(value, str): value = value.decode("utf-8") setattr(user, col.name, value) # Set the user active user.active = True logger.info(u"Imported user '{}'".format(userid)) session.flush()