def in_allowed_groups(username):
uid = escape(username)
groups = ' '.join('(cn={group})'.format(group=g) for g in settings.ALLOWED_LOGIN_GROUPS)
query = '(& (memberUid={uid}) (| {groups}))'
query = query.format_map(locals())
results = ldapsearch(query)
return bool(results)
def is_ldap_user(username):
"""
Checks LDAP to ensure a user name exists.
"""
q = escape(username)
search = '(uid={q})'.format(q=q)
return bool(ldapsearch(search))
def in_allowed_groups(username):
uid = escape(username)
groups = ' '.join('(cn={group})'.format(group=g)
for g in settings.ALLOWED_LOGIN_GROUPS)
query = '(& (memberUid={uid}) (| {groups}))'
query = query.format_map(locals())
results = ldapsearch(query)
return bool(results)
def get_groups(self, username):
"""
Method to get the groups the user is involved in.
Calls an LDAP search.
Returns a list of groups.
"""
results = ldap.ldapsearch("(& (memberUid=" + ldap.escape(username) + ") (cn=*))")
groups = [result[1]['cn'][0] for result in results]
return groups
def get_or_init_user(self, username):
username = escape(username)
query = "(cn=" + username + ")"
results = ldapsearch(query, using='groups')
# create a backdoor for people in the arc group
ldap_query = "(& (memberuid=" + username + ") (cn=arc))"
ldap_results = ldapsearch(ldap_query)
# Get the list of groups that the user belongs too.
memberOf = results[0][1]['memberOf']
# Add the username as a list for the uid dictionary key.
results[0][1]['uid'] = [username]
user_info = parse_profile(results[0][1])
first_name = user_info['first_name']
last_name = user_info['last_name']
email = user_info['email']
staff = False
student = False
if re.search("(CN=ITS_LAB_Students_GG)", str(memberOf)):
student = True
if re.search("(CN=ITS_CAVS_Staff_GG)", str(memberOf)):
staff = True
if re.search("(CN=TLC_GG)", str(memberOf)):
staff = True
if ldap_results:
staff = True
if student or staff:
User = get_user_model()
user = User.objects.filter(username=username).first()
if user is None:
user = User(first_name=first_name, last_name=last_name, email=email, username=username)
# Always need to reset the users permissions, to stay up to date with
# group changes.
user.is_active = True
user.is_staff = staff
user.save()
return user
else:
return None
def check_ldap(username):
"""
Checks LDAP to ensure a user name exists.
"""
q = escape(username)
search = '(uid={q}*)'.format(q=q)
results = ldapsearch(search)
if results:
return True
else:
return False
def get_or_create_user(self, cas_data, **overrides):
user = super().get_or_create_user(cas_data, **overrides)
# Reset on every login in case the user's groups have changed;
# below we will set these flags as appropriate.
user.is_active = False
user.is_staff = False
user.is_superuser = False
username = cas_data['username']
uid = escape(username)
query = '(cn={uid})'.format(uid=uid)
results = ldapsearch(query, using='groups')
# Get the list of groups the user is in.
member_of = [] if not results else results[0]['member_of']
groups = [g['name'].lower() for g in member_of]
if 'its_lab_students_gg' in groups:
user.is_active = True
if 'its_cavs_staff_gg' in groups:
user.is_active = True
user.is_staff = True
if 'tlc_gg' in groups:
user.is_active = True
user.is_staff = True
# Automatically add WDT staff as staff & superusers in this app
query = '(& (memberuid={uid}) (cn=wdt))'.format(uid=uid)
results = ldapsearch(query)
if results:
user.is_active = True
user.is_staff = True
user.is_superuser = True
staff_group, _ = Group.objects.get_or_create(name='staff')
if user.is_staff:
user.groups.add(staff_group)
else:
user.groups.remove(staff_group)
user.save()
return user
def get_or_init_user(self, username):
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
# user will have an "unusable" password
user = User.objects.create_user(username, '')
user.save()
# get the user's first and last name
results = ldap.ldapsearch("(& (uid=" + ldap.escape(username) + ") (cn=*))")
info = ldap.parse_profile(results[0][1])
user.first_name = info['first_name']
user.last_name = info['last_name']
user.email = info['email']
user.save()
return user
def autocomplete(request):
"""
Does an LDAP search and returns a JSON array of objects
"""
q = escape(request.GET.get('query', ""))
if len(q) < 3:
return JsonResponse([], safe=False)
# only return a handful of results
MAX_RESULTS = 5
search = '(uid={q}*)'.format(q=q)
results = ldapsearch(search, size_limit=MAX_RESULTS)
# I don't think LDAP guarantees the sort order, so we have to sort ourselves
results.sort(key=lambda o: o[1]['uid'][0])
output = []
for result in results[:MAX_RESULTS]:
output.append(parse_profile(result[1]))
return JsonResponse(output, safe=False)
def check_ldap(username):
"""Check LDAP to ensure a user name exists."""
q = escape(username)
search = '(uid={q}*)'.format(q=q)
results = ldapsearch(search)
return bool(results)
def check_ldap(username):
"""Check LDAP to ensure a user name exists."""
q = escape(username)
search = '(uid={q}*)'.format(q=q)
results = ldapsearch(search)
return bool(results)
def get_profile(self, username):
results = ldap.ldapsearch("(uid=" + ldap.escape(username) + ")")
dn, entry = results[0]
profile = ldap.parse_profile(entry)
return profile
