def _load_user_attrs(self): if self.dn is not None: search = LDAPSearch(self.dn, ldap.SCOPE_BASE) results = search.execute(self.connection) if results is not None and len(results) > 0: self._user_attrs = results[0][1]
def _load_user_attrs(self): if self.dn is not None: search = LDAPSearch(self.dn, ldap.SCOPE_BASE, attrlist=self.settings.USER_ATTRLIST) results = search.execute(self.connection) if results is not None and len(results) > 0: self._user_attrs = results[0][1]
def _load_user_attrs(self): if self.dn is not None: search = LDAPSearch(self.dn, self.ldap.SCOPE_BASE) results = search.execute(self.connection) if results is not None and len(results) > 0: self._user_attrs = results[0][1]
def update_user_foreign_keys(sender, instance=None, created=False, user=None, ldap_user=None, **kwargs): backend = panopticum.ldap.PanopticumLDAPBackend() for model_field_name, val in backend.settings.FOREIGNKEY_USER_ATTR_MAP.items( ): model_search_field = "name" create = True # handle custom settings like: #"manager": { # "searchField": "dn", # "ldapFieldName": "manager", # "create": False, # doesn't create object if it not exist #} if isinstance(val, dict): ldap_field_name = val['ldapFieldName'] model_search_field = val.get("searchField", model_search_field) create = val.get("create", create) else: ldap_field_name = val if ldap_field_name not in ldap_user.attrs.data: continue ldap_value = ldap_user.attrs.data[ldap_field_name][0] if not ldap_value: continue # get model from models.Field object field_model = getattr(backend.get_user_model(), model_field_name).field.related_model if not field_model: continue if create: if issubclass(field_model, backend.get_user_model()) \ and not backend.get_user_model().objects.filter(**{model_search_field:ldap_value}).exists(): # make raw request to LDAP for getting raw LDAP attrs search = LDAPSearch(ldap_value, ldap.SCOPE_BASE) related_ldap_attrs = search.execute( ldap_user._get_connection())[0][1] field_model_instance, _ = backend.update_user( related_ldap_attrs) else: # Example: models.User.get_or_create('dn=...') field_model_instance = field_model.objects.get_or_create( **{model_search_field: ldap_value})[0] else: try: field_model_instance = field_model.objects.get( **{model_search_field: ldap_value}) except ObjectDoesNotExist: continue # Example: loggedin_user.manager = models.User(dn="cn=John.Doe,ou=users,dn=example,dn=com") setattr(user, model_field_name, field_model_instance)
def handle(self, *args, **options): os_environ_dict = dict(os.environ) environ = settings_backend.get_settings_environ(os_environ_dict) ldap_enabled = environ.get('LS2_LDAP_ENABLED', False) if ldap_enabled == False: raise CommandError("LDAP is not enabled") server_uri = environ.get('LS2_LDAP_SERVER_URI') if server_uri == None: raise CommandError("LDAP server URI info missing") self.stdout.write( self.style.SUCCESS(f'Attempting to connect to {server_uri}')) ##ignore cert errors for now ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) ldap.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF) l = ldap.initialize(server_uri, trace_level=0) self.stdout.write(self.style.SUCCESS(f'Server initialization success')) bind_dn = environ.get('LS2_LDAP_BIND_DN') bind_password = environ.get('LS2_LDAP_BIND_PASSWORD') if bind_dn == None or bind_password == None: raise CommandError("LDAP bind user info missing") self.stdout.write( self.style.SUCCESS(f'Attempting to bind with DN {bind_dn}')) r = l.simple_bind_s(bind_dn, bind_password) self.stdout.write(self.style.SUCCESS(f'Bind Successful')) ldap_search_base_dn = environ.get('LS2_LDAP_SEARCH_BASE_DN') ldap_search_scope = ldap.SCOPE_SUBTREE ldap_search_filter_template = environ.get('LS2_LDAP_SEARCH_FILTER') user = options['username'] password = getpass.getpass() self.stdout.write( f'Attempting to search for {user} in \"{ldap_search_base_dn}\"') self.stdout.write(f'Filter {filter}') ldap_search = LDAPSearch(ldap_search_base_dn, ldap.SCOPE_SUBTREE, ldap_search_filter_template) results = ldap_search.execute(l, {'user': user}) if results is not None and len(results) == 1: pass else: raise CommandError("NOT FOUND") user_dn = results[0][0] l.simple_bind_s(user_dn, password) self.stdout.write('Test Successful')
def fetch_users(): """ Copy some behavior from django-auth-ldap login. Unfortunately django-auth-ldap library allow populate users only by username. But user LDAP structure can contain user foreign key with different value, for example DN instead username. For example LDAP attrs: { "cn=John.Doe,ou=users,dn=example,dn=com", "company": "Some company", "manager": "cn=big.boss,ou=users,dn=example,dn=com", ... } At this example will be all ok if "manager" = "big.boss". Also "CN" ca be different with "username". For resolving "manager" field we should make request to LDAP by CN, get LDAP attrs, and create manager django user from LDAP attrs. """ updated = 0 added = 0 backend = PanopticumLDAPBackend() if backend.settings.REQUIRE_GROUP: filterstr = f'(&(objectClass=USER)(memberOf={backend.settings.REQUIRE_GROUP}))' else: filterstr = f'(objectClass=USER)' search = LDAPSearch(backend.settings.USER_SEARCH.base_dn, backend.settings.USER_SEARCH.scope, filterstr) # define connection to LDAP connection = backend.ldap.initialize(backend.settings.SERVER_URI, bytes_mode=False) if backend.settings.BIND_DN: connection.simple_bind_s(backend.settings.BIND_DN, backend.settings.BIND_PASSWORD) for opt, value in backend.settings.CONNECTION_OPTIONS.items(): connection.set_option(opt, value) if backend.settings.START_TLS: logger.debug("Initiating TLS") connection.start_tls_s() ldap_attrs = search.execute(connection) logger.info(f'Found {len(ldap_attrs)} entries') for ldap_attr in ldap_attrs: logger.debug( f"process {ldap_attr[1].data[backend.settings.USER_SEARCH_FIELD.lower()]}" ) user, built = backend.update_user(ldap_attr[1]) if built: added += 1 logger.info(f'Add {user.username}') else: updated += 1 logger.info(f'Update {user.username}') logger.info(f'added {added} users') logger.info(f'updated {updated} users')
def import_all_users(self): ldap_backend = LDAPBackend() ldap_user = _LDAPUser(ldap_backend, username="") ldap_search = LDAPSearch(self.search_dn, ldap.SCOPE_SUBTREE, filterstr=self.filter, attrlist=[self.username_attribute]) results = ldap_search.execute(connection=ldap_user.connection) for result in results: if self.simple_search: search_term = result[1][self.username_attribute][0] else: search_term = result[0].split(',')[0].split('=')[1] ldap_backend.populate_user(search_term)
def handle(self, *args, **options): ldap_backend = LDAPBackend() dummy_user = _LDAPUser(ldap_backend, username="******") user_search = LDAPSearch(settings.AUTH_LDAP_USER_DN, ldap.SCOPE_SUBTREE, "(uid=*)") user_data = user_search.execute(dummy_user.connection) list_of_current_ldap_users = self.process_user_list(user_data) known_users = self.filter_django_users(User.objects.all()) num_deleted_users = 0 num_imported_users = 0 for user in known_users: if user.username in list_of_current_ldap_users: index = list_of_current_ldap_users.index(user.username) list_of_current_ldap_users.pop(index) else: if not user.is_superuser: user.delete() num_deleted_users += 1 # if there are any usernames left, we need to add new users to the database for username in list_of_current_ldap_users: django_user = ldap_backend.populate_user(username) if django_user is None: self.stderr.write( self.style.ERROR( f"Could not create user with username {username}")) continue ldap_backend.update_mail_addresses(django_user) ldap_backend.set_groups_of_user(django_user) num_imported_users += 1 self.stdout.write(self.style.SUCCESS("Import Complete")) self.stdout.write( self.style.SUCCESS( f"Imported {num_imported_users} users into the database.")) self.stdout.write( self.style.SUCCESS( f"Deleted {num_deleted_users} users from the database."))
def _load_user_attrs(self): search = LDAPSearch(self.dn, self.ldap.SCOPE_BASE) results = search.execute(self.connection) self._user_attrs = results[0][1]
def main(): os_environ_dict = dict(os.environ) environ = settings_backend.get_settings_environ(os_environ_dict) ldap_enabled = environ.get('LS2_LDAP_ENABLED', False) if ldap_enabled == False: sys.exit("LDAP is not enabled") server_uri = environ.get('LS2_LDAP_SERVER_URI') print(f'Attempting to connect to {server_uri}') ##ignore cert errors for now ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) ldap.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF) l = ldap.initialize(server_uri, trace_level=0) print(l) print(f'Server initialization success') bind_dn = environ.get('LS2_LDAP_BIND_DN') bind_password = environ.get('LS2_LDAP_BIND_PASSWORD') if bind_dn == None or bind_password == None: sys.exit("LDAP bind user info missing") print(f'Attempting to bind with DN {bind_dn}') r = l.simple_bind_s(bind_dn, bind_password) print(f'Bind Successful') ldap_search_base_dn = environ.get('LS2_LDAP_SEARCH_BASE_DN') ldap_search_scope = ldap.SCOPE_SUBTREE ldap_search_filter_template = environ.get('LS2_LDAP_SEARCH_FILTER') user = input("Enter a username: "******"{ldap_search_base_dn}\"') # filter = ldap_search_filter_template % {'user': user} print(f'Filter {filter}') # result = l.search_s(ldap_search_base_dn,ldap_search_scope,filter)[0] # print(result[0]) # user_dn = result[0] # r = l.simple_bind_s(user_dn, password) # print('Test Successful') ldap_search = LDAPSearch(ldap_search_base_dn, ldap.SCOPE_SUBTREE, ldap_search_filter_template) print(ldap_search) results = ldap_search.execute(l, {'user': user}) if results is not None and len(results) == 1: # print(results[0]) pass else: print("NOT FOUND") user_dn = results[0][0] l.simple_bind_s(user_dn, password) print('Test Successful')