def searchUsers(self, pattern):
try:
con = self.__connection()
res = []
for r in con.search_ext_s(
base=self._ldapBase,
scope=ldap.SCOPE_SUBTREE,
filterstr='(&(objectClass=%s)(%s=%s*))' %
(self._userClass, self._userIdAttr, pattern),
sizelimit=LDAP_RESULT_LIMIT):
if r[0] is not None: # Must have a dn, we do not accept references to other
dct = {k.lower(): v for k, v in r[1].iteritems()}
logger.debug('R: {0}'.format(dct))
usrId = dct.get(self._userIdAttr.lower(), '')
usrId = type(usrId) == list and usrId[0] or usrId
res.append({
'id': usrId,
'name': self.__getUserRealName(dct)
})
logger.debug(res)
return res
except Exception:
logger.exception("Exception: ")
raise AuthenticatorException(
_('Too many results, be more specific'))
def getGroups(self, username, groupsManager):
'''
Looks for the real groups to which the specified user belongs
Updates groups manager with valid groups
Remember to override it in derived authentication if needed (external auths will need this, for internal authenticators this is never used)
'''
user = self.__getUser(username)
if user is None:
raise AuthenticatorException(_('Username not found'))
groupsManager.validate(self.__getGroups(user))
def createGroup(self, groupData):
'''
We must override this method in authenticators not based on external sources (i.e. database users, text file users, etc..)
External sources already has its own groups and, at most, it can check if it exists on external source before accepting it
Groups are only used in case of internal users (non external sources) that must know to witch groups this user belongs to
@params groupData: a dict that has, at least, name, comments and active
@return: Raises an exception it things don't goes fine
'''
res = self.__getGroup(groupData['name'])
if res is None:
raise AuthenticatorException(_('Group not found'))
def createUser(self, usrData):
'''
Groups are only used in case of internal users (non external sources) that must know to witch groups this user belongs to
@param usrData: Contains data received from user directly, that is, a dictionary with at least: name, realName, comments, state & password
@return: Raises an exception (AuthException) it things didn't went fine
'''
res = self.__getUser(usrData['name'])
if res is None:
raise AuthenticatorException(_('Username not found'))
# Fills back realName field
usrData['real_name'] = self.__getUserRealName(res)
def createUser(self, usrData):
'''
We must override this method in authenticators not based on external sources (i.e. database users, text file users, etc..)
External sources already has the user cause they are managed externally, so, it can at most test if the users exists on external source
before accepting it.
Groups are only used in case of internal users (non external sources) that must know to witch groups this user belongs to
@param usrData: Contains data received from user directly, that is, a dictionary with at least: name, real_name, comments, state & password
@return: Raises an exception (AuthException) it things didn't went fine
'''
res = self.__getUser(usrData['name'])
if res is None:
raise AuthenticatorException(_('Username not found'))
# Fills back realName field
usrData['real_name'] = self.__getUserRealName(res)
def searchGroups(self, pattern):
try:
con = self.__connection()
res = []
for r in con.search_ext_s(base=self._ldapBase, scope=ldap.SCOPE_SUBTREE, filterstr='(&(objectClass=%s)(%s=%s*))' % (self._groupClass, self._groupIdAttr, pattern), sizelimit=LDAP_RESULT_LIMIT):
grpId = r[1].get(self._groupIdAttr, '')
grpId = type(grpId) == list and grpId[0] or grpId
res.append({
'id': grpId,
'name': grpId
})
return res
except Exception:
logger.exception("Exception: ")
raise AuthenticatorException(_('Too many results, be more specific'))
def searchGroups(self, pattern):
try:
res = []
for r in ldaputil.getAsDict(
con=self.__connection(),
base=self._ldapBase,
ldapFilter='(&(objectClass={})({}={}*))'.format(
self._groupClass, self._groupIdAttr, pattern),
attrList=[self._groupIdAttr],
sizeLimit=LDAP_RESULT_LIMIT):
grpId = r[self._groupIdAttr][0]
res.append({'id': grpId, 'name': grpId})
return res
except Exception:
logger.exception("Exception: ")
raise AuthenticatorException(
_('Too many results, be more specific'))
def searchGroups(self, pattern):
try:
fld = self._groupIdAttr
res = []
for r in ldaputil.getAsDict(
con=self.__connection(),
base=self.__getLdapBase(),
ldapFilter='(&(objectClass=%s)(%s=%s*))' %
(self._groupClass, self._groupIdAttr, pattern),
attrList=[fld, 'memberOf', 'description'],
sizeLimit=LDAP_RESULT_LIMIT):
res.append({'id': r[fld][0], 'name': r['description'][0]})
return res
except Exception:
logger.exception("Exception: ")
raise AuthenticatorException(
_('Too many results, be more specific'))
def searchUsers(self, pattern):
try:
res = []
for r in ldaputil.getAsDict(
con=self.__connection(),
base=self._ldapBase,
ldapFilter='(&(objectClass={})({}={}*))'.format(
self._userClass, self._userIdAttr, pattern),
attrList=[self._userIdAttr],
sizeLimit=LDAP_RESULT_LIMIT):
res.append({
'id': r[self._userIdAttr][0], # Ignore @...
'name': self.__getUserRealName(r)
})
return res
except Exception:
logger.exception("Exception: ")
raise AuthenticatorException(
_('Too many results, be more specific'))
def searchUsers(self, pattern):
try:
res = []
for r in ldaputil.getAsDict(
con=self.__connection(),
base=self._ldapBase,
ldapFilter='(&(&(objectClass={})({}={}*)))'.format(self._userClass, self._userIdAttr, ldaputil.escape(pattern)),
attrList=None, # All attrs
sizeLimit=LDAP_RESULT_LIMIT
):
logger.debug('R: {0}'.format(r))
res.append({
'id': r.get(self._userIdAttr.lower(), '')[0],
'name': self.__getUserRealName(r)
})
logger.debug(res)
return res
except Exception:
logger.exception("Exception: ")
raise AuthenticatorException(_('Too many results, be more specific'))
