def get_group_members(self, group_info):
if not self.is_ad:
members = []
member_attrs = list(set(GROUP_MEMBER_MAP.values()))
for member_attr in member_attrs:
if member_attr in group_info:
m = group_info.get(member_attr, [])
if isinstance(m, basestring):
m = [m]
members.extend(m)
return members
else:
group_dn = group_info['distinguishedName']
group_info['dn'] = group_dn
if self._cached_groups is None:
self._cached_groups = self.get_groups(use_lookup_base=True)
child_groups = self.get_children(group_dn)
child_groups.append(group_dn)
members = []
member_attrs = list(set(GROUP_MEMBER_MAP.values()))
for grp_dn in child_groups:
grp = [g for g in self._cached_groups if g[0] == grp_dn][0]
for member_attr in member_attrs:
if member_attr in grp[1]:
m = grp[1].get(member_attr, [])
if isinstance(m, basestring):
m = [m]
members.extend(m)
return list(set(members))
def get_group_members(self, group_info):
if not self.is_ad:
members = []
member_attrs = list(set(GROUP_MEMBER_MAP.values()))
for member_attr in member_attrs:
if member_attr in group_info:
m = group_info.get(member_attr, [])
if isinstance(m, basestring):
m = [m]
members.extend(m)
return members
else:
group_dn = group_info['distinguishedName']
group_info['dn'] = group_dn
if self._cached_groups is None:
self._cached_groups = self.get_groups()
child_groups = self.get_children(group_dn)
child_groups.append(group_dn)
members = []
member_attrs = list(set(GROUP_MEMBER_MAP.values()))
for grp_dn in child_groups:
grp = [g for g in self._cached_groups if g[0] == grp_dn][0]
for member_attr in member_attrs:
if member_attr in grp[1]:
m = grp[1].get(member_attr, [])
if isinstance(m, basestring):
m = [m]
members.extend(m)
return list(set(members))
def getGroupedUsers(self, groups=None):
""" Retrieve all users that in the groups i know about """
all_dns = {}
users = []
luf = self.getLUF()
possible_members = list(Set(GROUP_MEMBER_MAP.values()))
if groups is None:
groups = self.getGroups()
for group_id, group_dn in groups:
group_details = self.getGroupDetails(group_id)
for attribute_name, dn_list in group_details:
if attribute_name in possible_members:
for dn in dn_list:
all_dns[dn] = 1
for dn in all_dns.keys():
user = luf.getUserByDN(dn)
if user is not None:
users.append(user.__of__(self))
return tuple(users)
def getGroupedUsers(self, groups=None):
""" Retrieve all users that in the groups i know about """
all_dns = {}
users = []
luf = self.getLUF()
possible_members = list(Set(GROUP_MEMBER_MAP.values()))
if groups is None:
groups = self.getGroups()
for group_id, group_dn in groups:
group_details = self.getGroupDetails(group_id)
for attribute_name, dn_list in group_details:
if attribute_name in possible_members:
for dn in dn_list:
all_dns[dn] = 1
for dn in all_dns.keys():
user = luf.getUserByDN(dn)
if user is not None:
users.append(user.__of__(self))
return tuple(users)
def getGroupDetails(self, encoded_cn):
""" Return all group details """
result = []
cn = urllib.unquote(encoded_cn)
luf = self.getLUF()
res = luf._delegate.search(self.groups_base, self.groups_scope,
'(cn=%s)' % cn,
list(Set(GROUP_MEMBER_MAP.values())))
if res['exception']:
result = (('Exception', res['exception']), )
elif res['size'] > 0:
result = res['results'][0].items()
result.sort()
return tuple(result)
def getGroups(self, dn='*', attr=None):
""" return group records i know about """
group_list = []
if self.groups_base:
no_show = ('Anonymous', 'Authenticated', 'Shared')
if dn == '*':
group_classes = GROUP_MEMBER_MAP.keys()
filt_list = [
filter_format('(%s=%s)', ('objectClass', g))
for g in group_classes
]
group_filter = '(|%s)' % ''.join(filt_list)
else:
member_attrs = list(Set(GROUP_MEMBER_MAP.values()))
filt_list = [
filter_format('(%s=%s)', (m_attr, dn))
for m_attr in member_attrs
]
group_filter = '(|%s)' % ''.join(filt_list)
luf = self.getLUF()
res = luf._delegate.search(self.groups_base,
self.groups_scope,
group_filter,
attrs=['dn', 'cn'])
if res['size'] > 0:
resultset = res['results']
for i in range(res['size']):
dn = resultset[i].get('dn')
try:
cn = resultset[i].get('cn')[0]
except KeyError: # NDS oddity
cn = luf._delegate.explode_dn(dn, 1)[0]
if attr is None:
group_list.append((cn, dn))
elif attr == 'cn':
group_list.append(cn)
elif attr == 'dn':
group_list.append(dn)
return group_list
def getUsersByRole(self, acl_folder, groups=None):
""" Return all those users that are in a group """
all_dns = {}
res = []
res_append = res.append
member_attrs = GROUP_MEMBER_MAP.values()
if groups is None: return ()
for group_id, group_dn in groups:
dn = self.getRootDN(acl_folder)
scope = self.getGroupScope(acl_folder)
result = self.delegate.search(dn, scope, filter_format('(cn=%s)', (group_id,)), ['uniqueMember', 'member'])
for val in result['results']:
for dn in val['uniqueMember']:
info = self.delegate.search(base=dn, scope=ldap.SCOPE_BASE)
[ res_append(i) for i in info['results'] ]
return res
def getUsersByRole(self, acl_folder, groups=None):
""" Return all those users that are in a group """
all_dns = {}
res = []
res_append = res.append
member_attrs = GROUP_MEMBER_MAP.values()
if groups is None: return ()
for group_id, group_dn in groups:
dn = self.getRootDN(acl_folder)
scope = self.getGroupScope(acl_folder)
result = self.delegate.search(dn, scope, filter_format('(cn=%s)', (group_id,)), ['uniqueMember', 'member'])
for val in result['results']:
for dn in val['uniqueMember']:
info = self.delegate.search(base=dn, scope=ldap.SCOPE_BASE)
[ res_append(i) for i in info['results'] ]
return res
def getGroupDetails(self, encoded_cn):
""" Return all group details """
result = []
cn = urllib.unquote(encoded_cn)
luf = self.getLUF()
res = luf._delegate.search( self.groups_base
, self.groups_scope
, '(cn=%s)' % cn
, list(Set(GROUP_MEMBER_MAP.values()))
)
if res['exception']:
result = (('Exception', res['exception']),)
elif res['size'] > 0:
result = res['results'][0].items()
result.sort()
return tuple(result)
def getGroups(self, dn='*', attr=None):
""" return group records i know about """
group_list = []
if self.groups_base:
no_show = ('Anonymous', 'Authenticated', 'Shared')
if dn == '*':
group_classes = GROUP_MEMBER_MAP.keys()
filt_list = [ filter_format('(%s=%s)', ('objectClass', g))
for g in group_classes ]
group_filter = '(|%s)' % ''.join(filt_list)
else:
member_attrs = list(Set(GROUP_MEMBER_MAP.values()))
filt_list = [ filter_format('(%s=%s)', (m_attr, dn))
for m_attr in member_attrs ]
group_filter = '(|%s)' % ''.join(filt_list)
luf = self.getLUF()
res = luf._delegate.search( self.groups_base
, self.groups_scope
, group_filter
, attrs=['dn', 'cn']
)
if res['size'] > 0:
resultset = res['results']
for i in range(res['size']):
dn = resultset[i].get('dn')
try:
cn = resultset[i].get('cn')[0]
except KeyError: # NDS oddity
cn = luf._delegate.explode_dn(dn, 1)[0]
if attr is None:
group_list.append((cn, dn))
elif attr == 'cn':
group_list.append(cn)
elif attr == 'dn':
group_list.append(dn)
return group_list
def getUsersByRole(self, acl_folder, groups=None):
""" Return all those users that are in a group """
all_dns = {}
res = []
res_append = res.append
member_attrs = GROUP_MEMBER_MAP.values()
if groups is None:
return ()
for group_id, group_dn in groups:
dn = self.getRootDN(acl_folder)
scope = self.getGroupScope(acl_folder)
delegate = self.get_ldap_delegate()
result = delegate.search(dn, scope, filter_format("(cn=%s)", (group_id,)), ["uniqueMember", "member"])
for val in result["results"]:
for dn in val["uniqueMember"]:
p_username = self._user_id_from_dn(dn)
info = self.get_source_user_info(p_username)
res_append(info)
return res
def getUsersByRole(self, acl_folder, groups=None):
""" Return all those users that are in a group """
all_dns = {}
res = []
res_append = res.append
member_attrs = GROUP_MEMBER_MAP.values()
if groups is None: return ()
for group_id, group_dn in groups:
dn = self.getRootDN(acl_folder)
scope = self.getGroupScope(acl_folder)
delegate = self.get_ldap_delegate()
result = delegate.search(dn, scope,
filter_format('(cn=%s)', (group_id, )),
['uniqueMember', 'member'])
for val in result['results']:
for dn in val['uniqueMember']:
p_username = self._user_id_from_dn(dn)
info = self.get_source_user_info(p_username)
res_append(info)
return res
def getAdditionalRoles(self, user, already_added=()):
""" extend the user roles """
my_path = self.absolute_url(1)
add_role_dict = {}
if user is None:
return []
if self.recurse == 1:
self_path = self.getPhysicalPath()
other_satellites = self.superValues('LDAPUserSatellite')
other_satellites.reverse()
for sat in other_satellites:
if sat.getPhysicalPath() != self_path:
add_role_list = sat.getAdditionalRoles(user, already_added)
newly_added = {}
for add_role in add_role_list:
newly_added[add_role] = 1
for add_role in already_added:
newly_added[add_role] = 1
already_added = tuple(newly_added.keys())
luf = self.getLUF()
user_id = user.getId()
user_expiration = user._created + luf.getCacheTimeout('authenticated')
if (self._cache('users').has_key(user_id) and
self._cache('expiration').get(user_id, 0) >= user_expiration):
logger.debug('Used cached user "%s"' % user_id)
return self._cache('users').get(user_id)
if self.groups_base: # We were given a search base, so search there
user_dn = user.getUserDN()
member_attrs = list(Set(GROUP_MEMBER_MAP.values()))
filt_list = [
filter_format('(%s=%s)', (m_attr, user_dn))
for m_attr in member_attrs
]
group_filter = '(|%s)' % ''.join(filt_list)
res = luf._delegate.search(self.groups_base,
self.groups_scope,
group_filter,
attrs=['dn', 'cn'])
if res['size'] > 0:
resultset = res['results']
for i in range(res['size']):
dn = resultset[i].get('dn')
try:
cn = resultset[i].get('cn')[0]
except KeyError: # NDS oddity
cn = luf._delegate.explode_dn(dn, 1)[0]
add_role_dict[cn] = 1
for add_role in already_added:
add_role_dict[add_role] = 1
already_added = ()
if self.groups_map: # We have a group mapping, so map away
user_roles = list(user.getRoles())
roles = user_roles[:]
roles.extend(add_role_dict.keys())
roles.extend(list(user._getLDAPGroups()))
for role in roles:
mapped_roles = self.groups_map.get(role, [])
for mapped_role in mapped_roles:
if mapped_role and mapped_role not in user_roles:
add_role_dict[mapped_role] = 1
added_roles = add_role_dict.keys()
if added_roles:
add_roles = ', '.join(added_roles)
logger.debug('Added roles "%s" to user "%s"' %
(add_roles, user_id))
self._cacheRoles(user_id, added_roles, user_expiration)
return added_roles
def getAdditionalRoles(self, user, already_added=()):
""" extend the user roles """
my_path = self.absolute_url(1)
add_role_dict = {}
if user is None:
return []
if self.recurse == 1:
self_path = self.getPhysicalPath()
other_satellites = self.superValues('LDAPUserSatellite')
other_satellites.reverse()
for sat in other_satellites:
if sat.getPhysicalPath() != self_path:
add_role_list = sat.getAdditionalRoles(user, already_added)
newly_added = {}
for add_role in add_role_list:
newly_added[add_role] = 1
for add_role in already_added:
newly_added[add_role] = 1
already_added = tuple(newly_added.keys())
luf = self.getLUF()
user_id = user.getId()
user_expiration = user._created + luf.getCacheTimeout('authenticated')
if ( self._cache('users').has_key(user_id) and
self._cache('expiration').get(user_id, 0) >= user_expiration ):
logger.debug('Used cached user "%s"' % user_id)
return self._cache('users').get(user_id)
if self.groups_base: # We were given a search base, so search there
user_dn = user.getUserDN()
member_attrs = list(Set(GROUP_MEMBER_MAP.values()))
filt_list = [ filter_format('(%s=%s)', (m_attr, user_dn))
for m_attr in member_attrs ]
group_filter = '(|%s)' % ''.join(filt_list)
res = luf._delegate.search( self.groups_base
, self.groups_scope
, group_filter
, attrs = ['dn', 'cn']
)
if res['size'] > 0:
resultset = res['results']
for i in range(res['size']):
dn = resultset[i].get('dn')
try:
cn = resultset[i].get('cn')[0]
except KeyError: # NDS oddity
cn = luf._delegate.explode_dn(dn, 1)[0]
add_role_dict[cn] = 1
for add_role in already_added:
add_role_dict[add_role] = 1
already_added = ()
if self.groups_map: # We have a group mapping, so map away
user_roles = list(user.getRoles())
roles = user_roles[:]
roles.extend(add_role_dict.keys())
roles.extend(list(user._getLDAPGroups()))
for role in roles:
mapped_roles = self.groups_map.get(role, [])
for mapped_role in mapped_roles:
if mapped_role and mapped_role not in user_roles:
add_role_dict[mapped_role] = 1
added_roles = add_role_dict.keys()
if added_roles:
add_roles = ', '.join(added_roles)
logger.debug('Added roles "%s" to user "%s"' % (add_roles, user_id))
self._cacheRoles(user_id, added_roles, user_expiration)
return added_roles
