Example #1
0
def search_on_roles(roles):
    conn = None
    userList = []
    search_filter = '(&(objectClass=' + USER_OC_NAME + ')'
    if len(roles) > 1:
        search_filter += '(|'
        end_filter = '))'
    else:
        end_filter = ')'
    for role in roles:
        search_filter += '(' + ROLES + '=' + role + ')'
    search_filter += end_filter
    try:
        conn = ldaphelper.open()
        entries = conn.search_s(CONTAINER_DN,
                                scope=ldap.SCOPE_SUBTREE,
                                filterstr=search_filter,
                                attrlist=SEARCH_ATTRS)
        for dn, attrs in entries:
            userList.append(__unload(dn, attrs))
    except Exception as e:
        raise RbacError(msg='User Search Roles error=' + str(e),
                        id=global_ids.URLE_SEARCH_FAILED)
    finally:
        if conn:
            ldaphelper.close(conn)
    return userList
Example #2
0
def get_members_constraint(entity):
    conn = None
    mList = []
    search_filter = '(&(objectClass=' + ROLE_OC_NAME + ')'
    search_filter += '(' + ROLE_NAME + '=' + entity.name + '))'
    try:
        conn = ldaphelper.open()
        # TODO: use sizelimit=1
        entries = conn.search_s(__CONTAINER_DN,
                                scope=ldap.SCOPE_SUBTREE,
                                filterstr=search_filter,
                                attrlist=[MEMBER, global_ids.CONSTRAINT])

        if not entries:
            raise NotFound(msg="Role not found, name=" + entity.name,
                           id=global_ids.ROLE_NOT_FOUND)
        elif len(entries) > 1:
            raise NotUnique(msg="Role not unique, name=" + entity.name,
                            id=global_ids.ROLE_SEARCH_FAILED)

        dn, attrs = entries[0]

        member_dns = ldaphelper.get_list(attrs.get(MEMBER, []))
        constraint = Constraint(
            ldaphelper.get_attr_val(attrs.get(global_ids.CONSTRAINT, [])))
        mList = __convert_list(member_dns)
    except Exception as e:  # FIXME: change to LDAPError
        raise RbacError(msg='Get members search error=' + str(e),
                        id=global_ids.ROLE_OCCUPANT_SEARCH_FAILED)
    finally:
        if conn:
            ldaphelper.close(conn)
    return [mList, constraint]
Example #3
0
def search(entity):
    conn = None
    permList = []
    search_filter = '(&(objectClass=' + PERM_OC_NAME + ')'
    if entity.obj_name:
        search_filter += '(' + OBJ_NM + '=' + entity.obj_name + ')'
    if entity.op_name:
        search_filter += '(' + OP_NM + '=' + entity.op_name + ')'
    if entity.obj_id:
        search_filter += '(' + OBJ_ID + '=' + entity.obj_id + ')'
    search_filter += ')'
    try:
        conn = ldaphelper.open()
        entries = conn.search_s(__CONTAINER_DN,
                                scope=ldap.SCOPE_SUBTREE,
                                filterstr=search_filter,
                                attrlist=SEARCH_ATTRS)
        for dn, attrs in entries:
            permList.append(__unload(dn, attrs))
    except Exception as e:
        raise RbacError(msg='Perm search error=' + str(e),
                        id=global_ids.PERM_SEARCH_FAILED)
    finally:
        if conn:
            ldaphelper.close(conn)
    return permList
Example #4
0
def search(entity):
    conn = None
    roleList = []
    search_filter = '(&(objectClass=' + ROLE_OC_NAME + ')'
    search_filter += '(' + ROLE_NAME + '=' + entity.name + '))'
    try:
        conn = ldaphelper.open()
        entries = conn.search_s(__CONTAINER_DN,
                                scope=ldap.SCOPE_SUBTREE,
                                filterstr=search_filter,
                                attrlist=SEARCH_ATTRS)
        for dn, attrs in entries:
            roleList.append(__unload(dn, attrs))
    except Exception as e:
        raise RbacError(msg='Role search error=' + str(e),
                        id=global_ids.ROLE_SEARCH_FAILED)
    finally:
        if conn:
            ldaphelper.close(conn)
    return roleList
Example #5
0
def search(entity):
    conn = None
    userList = []
    search_filter = '(&(objectClass=' + USER_OC_NAME + ')'
    if entity.uid:
        search_filter += '(' + global_ids.UID + '=' + entity.uid + ')'
    if entity.ou:
        search_filter += '(' + global_ids.OU + '=' + entity.ou + ')'
    search_filter += ')'
    try:
        conn = ldaphelper.open()
        entries = conn.search_s(CONTAINER_DN,
                                scope=ldap.SCOPE_SUBTREE,
                                filterstr=search_filter,
                                attrlist=SEARCH_ATTRS)
        for dn, attrs in entries:
            userList.append(__unload(dn, attrs))
    except Exception as e:
        raise RbacError(msg='User Search error=' + str(e))
    finally:
        if conn:
            ldaphelper.close(conn)
    return userList