def get_all_filtered(self, hints, query=None):
if self.ldap_filter:
query = (query or '') + self.ldap_filter
query = self.filter_query(hints, query)
return [
common_ldap.filter_entity(group)
for group in self.get_all(query, hints)
]
def filter_attributes(self, user):
# make sure inactive users are disabled
if 'sapObjectStatus' in user:
if user['sapObjectStatus'] != STATUS_ACTIVE:
user['enabled'] = False
if 'camObjectStatus' in user:
if user['camObjectStatus'] != CAM_STATUS_ACTIVE:
user['enabled'] = False
if 'ccObjectStatus' in user:
if user['ccObjectStatus'] != STATUS_ACTIVE:
user['enabled'] = False
# keep CAM from messing with temporary T-users
elif re.match(T_REGEX, user['name']):
user['enabled'] = True
else:
# special case for fresh priovisioned CAM users: we transiently enable them to allow a initial login
# the following pasword update will take care of setting the ccObjectStatus
if not user['enabled'] and user[
'camObjectStatus'] == CAM_STATUS_ACTIVE:
user['enabled'] = True
user.pop('sAMAccountName', None)
user.pop('sapObjectStatus', None)
user.pop('ccObjectStatus', None)
user.pop('camObjectStatus', None)
# evaluate password_expires_at
if 'password_expires_at' in user:
if user['password_expires_at'] == '0' or user[
'password_expires_at'] == '9223372036854775807':
user['password_expires_at'] = None
else:
# convert pwdLastSet to unix epoch
ts = (int(user['password_expires_at']) /
10000000) - 11644473600
# TODO: this is over simplified and actually potentially dynamic (AD policy based)
# add max 180 days AD policy based password age
ts += 15552000
user['password_expires_at'] = datetime.datetime.fromtimestamp(
ts)
if 'userAccountControl' in user:
do_not_expire = int(user['userAccountControl']
) & 0x10000 # AD PASSWORD_NEVER_EXPIRES bit
if do_not_expire:
user['password_expires_at'] = None
user.pop('userAccountControl', None)
if 'password_failures' in user:
if user['password_failures'] == '0':
user.pop('password_failures', None)
return base.filter_user(common_ldap.filter_entity(user))
def get_all_filtered(self, hints, query=None):
if self.ldap_filter:
query = (query or '') + self.ldap_filter
query = self.filter_query(hints, query)
return [common_ldap.filter_entity(group)
for group in self.get_all(query, hints)]
def get_filtered_by_name(self, group_name):
group = self.get_by_name(group_name)
return common_ldap.filter_entity(group)
def get_filtered(self, group_id):
group = self.get(group_id)
return common_ldap.filter_entity(group)
def filter_attributes(self, user):
return base.filter_user(common_ldap.filter_entity(user))
def update_group(self, group_id, group):
msg = _DEPRECATION_MSG % "update_group"
versionutils.report_deprecated_feature(LOG, msg)
self.group.check_allow_update()
return common_ldap.filter_entity(self.group.update(group_id, group))
def get_filtered_by_name(self, group_name):
group = self.get_by_name(group_name)
return common_ldap.filter_entity(group)
def get_filtered(self, group_id):
group = self.get(group_id)
return common_ldap.filter_entity(group)
def filter_attributes(self, user):
return base.filter_user(common_ldap.filter_entity(user))
def _update_group(self, group_id, group):
msg = _DEPRECATION_MSG % "update_group"
versionutils.report_deprecated_feature(LOG, msg)
return common_ldap.filter_entity(self.group.update(group_id, group))
def create_group(self, group_id, group):
msg = _DEPRECATION_MSG % "create_group"
versionutils.report_deprecated_feature(LOG, msg)
self.group.check_allow_create()
return common_ldap.filter_entity(self.group.create(group))
def _create_group(self, group_id, group):
msg = _DEPRECATION_MSG % "create_group"
versionutils.report_deprecated_feature(LOG, msg)
return common_ldap.filter_entity(self.group.create(group))
