def modUser(user):
check = False
try:
# Open a connection
con = ldap.initialize(settings.AUTH_LDAP_SERVER_URI)
# Bind/authenticate with a user with apropriate rights to add objects
con.simple_bind_s(settings.AUTH_LDAP_BIND_DN,str(settings.AUTH_LDAP_BIND_PASSWORD))
# The dn of our new entry/object
dn="uid="+user.getUid()+","+str(settings.AUTH_LDAP_BASE_USER_DN)
userOld=getUser(user.getUid())
# A dict to help build the "body" of the object
# TODO: clean this
attrs = {}
attrs['cn'] = [str(user.getFirstname()).encode('utf-8')]
attrs['mail'] = [str(user.getMail()).encode('utf-8')]
attrs['sn'] = [str(user.getLastname()).encode('utf-8')]
attrs['userpassword'] = [str(lsm.encrypt(user.getPassword())).encode('utf-8')]
oldValue = {'cn': [str(userOld.getFirstname()).encode('utf-8')]}
newValue = {'cn': [str(user.getFirstname()).encode('utf-8')]}
# Convert our dict to nice syntax for the add-function using modlist-module
ldif = modlist.modifyModlist(oldValue,newValue)
con.modify_s(dn,ldif)
oldValue = {'mail': [str(userOld.getMail()).encode('utf-8')]}
newValue = {'mail': [str(user.getMail()).encode('utf-8')]}
# Convert our dict to nice syntax for the add-function using modlist-module
ldif = modlist.modifyModlist(oldValue,newValue)
con.modify_s(dn,ldif)
oldValue = {'sn': [str(userOld.getLastname()).encode('utf-8')]}
newValue = {'sn': [str(user.getLastname()).encode('utf-8')]}
# Convert our dict to nice syntax for the add-function using modlist-module
ldif = modlist.modifyModlist(oldValue,newValue)
con.modify_s(dn,ldif)
if user.getPassword():
oldValue = {'userpassword': [str(userOld.getPassword()).encode('utf-8')]}
newValue = {'userpassword': [str(lsm.encrypt(user.getPassword())).encode('utf-8')]}
# Convert our dict to nice syntax for the add-function using modlist-module
ldif = modlist.modifyModlist(oldValue,newValue)
con.modify_s(dn,ldif)
# Do the actual synchronous add-operation to the ldapserver
#print('add_s')
#print(type(dn))
#print(type(ldif))
# Its nice to the server to disconnect and free resources when done
con.unbind_s()
check = True
except ldap.LDAPError:
#except Exception:
traceback.print_exc(file=sys.stdout)
return check
def change_pass(email, old, new_password):
"""Change LDAP password method
Function to change the password of the LDAP user. It requires the
username, the old password and a new password. It binds to the ldap
server and then performs the operation by storing the encrypted
password in the ldap database.
Parameters
----------
email: str
Username of the ldap user
old: str
Old password
new_password: str
New password
Returns
-------
bool: True if successfully changed the password, False if not.
"""
conn = get_ldap_connection()
try:
# Reset Password
password_value_old = {"userPassword": ldap_md5.encrypt(str(old))}
password_value_new = {
"userPassword": ldap_md5.encrypt(str(new_password))
}
conn.simple_bind_s("cn=" + email + ",ou=users," + baseDN, old)
ldif = modlist.modifyModlist(password_value_old,
password_value_new)
conn.modify_s("cn=" + email + ",ou=users," + baseDN, ldif)
conn.unbind()
return True
except Exception as e:
return False
def addUserToLdap(user):
check = False
try:
# Open a connection
con = ldap.initialize(settings.AUTH_LDAP_SERVER_URI)
# Bind/authenticate with a user with apropriate rights to add objects
con.simple_bind_s(settings.AUTH_LDAP_BIND_DN, str(settings.AUTH_LDAP_BIND_PASSWORD))
# The dn of our new entry/object
dn = "uid=" + user.getUid() + "," + str(settings.AUTH_LDAP_BASE_USER_DN)
# A dict to help build the "body" of the object
# TODO: clean this
attrs = {}
attrs["objectclass"] = [
str("inetOrgPerson").encode("utf-8"),
str("top").encode("utf-8"),
str("person").encode("utf-8"),
str("shadowAccount").encode("utf-8"),
str("posixAccount").encode("utf-8"),
]
attrs["cn"] = [str(user.getFirstname()).encode("utf-8")]
attrs["displayname"] = [str(user.getDisplayname()).encode("utf-8")]
attrs["mail"] = [str(user.getMail()).encode("utf-8")]
attrs["sn"] = [str(user.getLastname()).encode("utf-8")]
attrs["uid"] = [str(user.getUid()).encode("utf-8")]
attrs["userpassword"] = [str(lsm.encrypt(user.getPassword())).encode("utf-8")]
# necessary for posixAccount
attrs["gidNumber"] = [str(1000).encode("utf-8")]
attrs["homeDirectory"] = [str("/home/").encode("utf-8") + str(user.getUid()).encode("utf-8")]
# TODO generate uniq uidNumber
# TODO check if its uniq
attrs["uidNumber"] = [str(1000).encode("utf-8")]
# print(attrs)
# Convert our dict to nice syntax for the add-function using modlist-module
ldif = modlist.addModlist(attrs)
# Do the actual synchronous add-operation to the ldapserver
# print('add_s')
# print(type(dn))
# print(type(ldif))
con.add_s(dn, ldif)
# Its nice to the server to disconnect and free resources when done
con.unbind_s()
check = True
except ldap.LDAPError:
# except Exception:
traceback.print_exc(file=sys.stdout)
return check
