def node_attributes(self): dn = self.request["dn"] base = self.request["base"] if base == "users": users = ILDAPUsersConfig(self.plugin) baseDN = users.baseDN else: groups = ILDAPGroupsConfig(self.plugin) baseDN = groups.baseDN root = LDAPNode(baseDN, self.props) node = root.node_by_dn(safe_unicode(dn), strict=True) ret = dict() for key, val in node.attrs.items(): try: if not node.attrs.is_binary(key): ret[safe_unicode(key)] = safe_unicode(val) else: ret[safe_unicode(key)] = "(Binary Data with {0} Bytes)".format( len(val) ) except UnicodeDecodeError: ret[safe_encode(key)] = "! (UnicodeDecodeError)" except Exception: ret[safe_encode(key)] = "! (Unknown Exception)" return json.dumps(ret)
def children(self, baseDN): node = LDAPNode(baseDN, self.props) ret = list() # XXX: related search filters for users and groups container? for dn in node.search(): ret.append({"dn": dn}) return json.dumps(ret)
def create_container(self): dn = decode_dn(self.request.params.get('dn', '')) localizer = get_localizer(self.request) if not dn: message = localizer.translate( _('no_container_dn_defined', 'No container DN defined.')) raise Exception(message) if not dn.startswith('ou='): message = localizer.translate( _('expected_ou_as_rdn', "Expected 'ou' as RDN Attribute.")) raise Exception(message) props = self.model.parent['ugm_server'].ldap_props try: parent_dn = ','.join(explode_dn(dn)[1:]) except Exception: message = localizer.translate(_('invalid_dn', 'Invalid DN.')) raise Exception(message) rdn = explode_dn(dn)[0] node = LDAPNode(parent_dn, props) if node is None: message = localizer.translate( _('parent_not_found', "Parent not found. Can't continue.")) raise Exception(message) node[rdn] = LDAPNode() node[rdn].attrs['objectClass'] = ['organizationalUnit'] node() self.model.invalidate() message = localizer.translate( _('created_principal_container', default="Created ${rdn}", mapping={'rdn': rdn})) return message
def test_inexistent_member_reference(self, ugm): # Test case where group contains reference to inexistent member. node = LDAPNode( u'cn=group0,ou=groups,ou=posixGroups,dc=my-domain,dc=com', props=self.layer['props']) node.attrs['memberUid'] = ['uid0', 'inexistent'] node() group = ugm.groups['group0'] self.assertEqual(group.keys(), ['uid0']) node.attrs['memberUid'] = ['uid0'] node()
def wrapper(self): props = layer['props'] root = LDAPNode('dc=my-domain,dc=com', props) container = root['ou=defaults'] = LDAPNode() container.attrs['objectClass'] = ['organizationalUnit'] root() try: fn(self, props) finally: container.clear() container() del root['ou=defaults'] root()
def test_inexistent_member_reference(self, ugm): # Test case where group contains reference to inexistent member. node = LDAPNode( u'cn=group0,ou=groups,ou=posixGroups,dc=my-domain,dc=com', props=self.layer['props'] ) node.attrs['memberUid'] = ['uid0', 'inexistent'] node() group = ugm.groups['group0'] self.assertEqual(group.keys(), ['uid0']) node.attrs['memberUid'] = ['uid0'] node()
def container_exists(self): try: return LDAPNode(self.container_dn, self.server_settings.ldap_props).exists except Exception: logger.error(format_traceback()) return False
def prepare_roles(self): props = ugm_server(root).ldap_props node = LDAPNode('dc=my-domain,dc=com', props) node['ou=roles'] = LDAPNode() node['ou=roles'].attrs['objectClass'] = ['organizationalUnit'] node() rcfg = RolesConfig( baseDN='ou=roles,dc=my-domain,dc=com', attrmap=odict([('id', 'cn'), ('rdn', 'cn')]), scope=ONELEVEL, queryFilter='(objectClass=groupOfNames)', objectClasses=['groupOfNames'], defaults={}, ) roles = ugm_roles(root) roles._ldap_rcfg = rcfg
def create_container(self): dn = decode_dn(self.request.params.get('dn', '')) if not dn: raise Exception(u"No container DN defined.") if not dn.startswith('ou='): raise Exception(u"Expected 'ou' as RDN Attribute.") props = self.model.parent['ugm_server'].ldap_props try: parent_dn = ','.join(explode_dn(dn)[1:]) except Exception: raise Exception(u"Invalid DN.") rdn = explode_dn(dn)[0] node = LDAPNode(parent_dn, props) if node is None: raise Exception(u"Parent not found. Can't continue.") node[rdn] = LDAPNode() node[rdn].attrs['objectClass'] = ['organizationalUnit'] node() return u"Created '%s'" % rdn
def test_no_member_uid_attribute_yet(self, ugm): # Test case where group object does not have 'memberUid' attribute # set yet. node = LDAPNode( u'cn=group0,ou=groups,ou=posixGroups,dc=my-domain,dc=com', props=self.layer['props']) del node.attrs['memberUid'] node() group = ugm.groups['group0'] self.assertEqual(group.items(), []) group.add('uid0') group() node = LDAPNode( u'cn=group0,ou=groups,ou=posixGroups,dc=my-domain,dc=com', props=self.layer['props']) self.assertEqual(node.attrs['memberUid'], ['uid0'])
def node_attributes(self): dn = self.request["dn"] base = self.request["base"] if base == "users": users = ILDAPUsersConfig(self.plugin) baseDN = users.baseDN else: groups = ILDAPGroupsConfig(self.plugin) baseDN = groups.baseDN root = LDAPNode(baseDN, self.props) node = root.node_by_dn(safe_unicode(dn), strict=True) ret = dict() for key, val in node.attrs.items(): try: if not node.attrs.is_binary(key): ret[safe_unicode(key)] = safe_unicode(val) else: ret[safe_unicode( key)] = "(Binary Data with {0} Bytes)".format(len(val)) except UnicodeDecodeError: ret[safe_encode(key)] = "! (UnicodeDecodeError)" except Exception: ret[safe_encode(key)] = "! (Unknown Exception)" return json.dumps(ret)
def create_container(self): """Create LDAP container by dn. Currently this only supports ou container type. XXX: Do we need to support c and dc? XXX: Should we create parents as well if missing? """ dn = self.container_dn if not dn: raise LDAPContainerError( _('no_container_dn_defined', default='No container DN defined.')) if not dn.startswith('ou='): raise LDAPContainerError( _('expected_ou_as_rdn', default="Expected 'ou' as RDN Attribute.")) props = self.server_settings.ldap_props try: parent_dn = ','.join(explode_dn(dn)[1:]) except Exception: raise LDAPContainerError(_('invalid_dn', default='Invalid DN.')) rdn = explode_dn(dn)[0] parent = LDAPNode(parent_dn, props) if not parent.exists: raise LDAPContainerError( _('parent_not_found', default="Parent not found. Can't continue.")) parent[rdn] = LDAPNode() parent[rdn].attrs['objectClass'] = ['organizationalUnit'] parent() self.invalidate() message = _('created_principal_container', default="Created ${rdn}", mapping={'rdn': rdn}) return message
def node_attributes(self): rdn = self.request['rdn'] base = self.request['base'] if base == 'users': users = ILDAPUsersConfig(self.plugin) baseDN = users.baseDN else: groups = ILDAPGroupsConfig(self.plugin) baseDN = groups.baseDN root = LDAPNode(baseDN, self.props) node = root[rdn] ret = dict() for key, val in node.attrs.items(): try: if not node.attrs.is_binary(key): ret[safe_encode(key)] = safe_encode(val) else: ret[safe_encode(key)] = \ '(Binary Data with {0} Bytes)'.format(len(val)) except UnicodeDecodeError: ret[safe_encode(key)] = '! (UnicodeDecodeError)' except Exception: ret[safe_encode(key)] = '! (Unknown Exception)' return json.dumps(ret)
def test_roles(self): # Role Management. Create container for roles. props = layer['props'] node = LDAPNode('dc=my-domain,dc=com', props) node['ou=roles'] = LDAPNode() node['ou=roles'].attrs['objectClass'] = ['organizationalUnit'] node() ucfg = layer['ucfg'] gcfg = layer['gcfg'] rcfg = RolesConfig( baseDN='ou=roles,dc=my-domain,dc=com', attrmap=odict(( ('rdn', 'cn'), ('id', 'cn') )), scope=SUBTREE, queryFilter='(objectClass=posixGroup)', objectClasses=['posixGroup'], defaults={}, strict=False ) ugm = Ugm(props=props, ucfg=ucfg, gcfg=gcfg, rcfg=rcfg) user = ugm.users['uid1'] self.assertEqual(ugm.roles(user), []) ugm.add_role('viewer', user) self.assertEqual(ugm.roles(user), ['viewer']) self.assertEqual(user.roles, ['viewer']) user = ugm.users['uid2'] user.add_role('viewer') user.add_role('editor') self.assertEqual(sorted(user.roles), ['editor', 'viewer']) ugm.roles_storage() ugm.remove_role('viewer', user) user.remove_role('editor') self.assertEqual(user.roles, []) ugm.roles_storage() group = ugm.groups['group1'] self.assertEqual(ugm.roles(group), []) ugm.add_role('viewer', group) self.assertEqual(ugm.roles(group), ['viewer']) self.assertEqual(group.roles, ['viewer']) group = ugm.groups['group0'] group.add_role('viewer') group.add_role('editor') self.assertEqual(group.roles, ['viewer', 'editor']) ugm.roles_storage() err = self.expect_error( ValueError, group.add_role, 'editor' ) self.assertEqual(str(err), "Principal already has role 'editor'") ugm.remove_role('viewer', group) self.assertEqual(ugm.roles_storage.keys(), [u'viewer', u'editor']) group.remove_role('editor') self.assertEqual(ugm.roles_storage.keys(), [u'viewer']) self.assertEqual(ugm.roles_storage.storage.keys(), ['viewer']) self.expect_error(KeyError, ugm.roles_storage.__getitem__, 'editor') err = self.expect_error( ValueError, group.remove_role, 'editor' ) self.assertEqual(str(err), "Role not exists 'editor'") err = self.expect_error( ValueError, group.remove_role, 'viewer' ) self.assertEqual(str(err), "Principal does not has role 'viewer'") ugm.roles_storage() node = LDAPNode('dc=my-domain,dc=com', props) node['ou=roles'].clear() node['ou=roles']() del node['ou=roles'] node()
def test_roles(self): # Role Management. Create container for roles. props = layer['props'] node = LDAPNode('dc=my-domain,dc=com', props) node['ou=roles'] = LDAPNode() node['ou=roles'].attrs['objectClass'] = ['organizationalUnit'] node() ucfg = layer['ucfg'] gcfg = layer['gcfg'] rcfg = RolesConfig(baseDN='ou=roles,dc=my-domain,dc=com', attrmap=odict((('rdn', 'cn'), ('id', 'cn'))), scope=SUBTREE, queryFilter='(objectClass=posixGroup)', objectClasses=['posixGroup'], defaults={}, strict=False) ugm = Ugm(props=props, ucfg=ucfg, gcfg=gcfg, rcfg=rcfg) user = ugm.users['uid1'] self.assertEqual(ugm.roles(user), []) ugm.add_role('viewer', user) self.assertEqual(ugm.roles(user), ['viewer']) self.assertEqual(user.roles, ['viewer']) user = ugm.users['uid2'] user.add_role('viewer') user.add_role('editor') self.assertEqual(sorted(user.roles), ['editor', 'viewer']) ugm.roles_storage() ugm.remove_role('viewer', user) user.remove_role('editor') self.assertEqual(user.roles, []) ugm.roles_storage() group = ugm.groups['group1'] self.assertEqual(ugm.roles(group), []) ugm.add_role('viewer', group) self.assertEqual(ugm.roles(group), ['viewer']) self.assertEqual(group.roles, ['viewer']) group = ugm.groups['group0'] group.add_role('viewer') group.add_role('editor') self.assertEqual(group.roles, ['viewer', 'editor']) ugm.roles_storage() err = self.expect_error(ValueError, group.add_role, 'editor') self.assertEqual(str(err), "Principal already has role 'editor'") ugm.remove_role('viewer', group) self.assertEqual(ugm.roles_storage.keys(), [u'viewer', u'editor']) group.remove_role('editor') self.assertEqual(ugm.roles_storage.keys(), [u'viewer']) self.assertEqual(ugm.roles_storage.storage.keys(), ['viewer']) self.expect_error(KeyError, ugm.roles_storage.__getitem__, 'editor') err = self.expect_error(ValueError, group.remove_role, 'editor') self.assertEqual(str(err), "Role not exists 'editor'") err = self.expect_error(ValueError, group.remove_role, 'viewer') self.assertEqual(str(err), "Principal does not has role 'viewer'") ugm.roles_storage() node = LDAPNode('dc=my-domain,dc=com', props) node['ou=roles'].clear() node['ou=roles']() del node['ou=roles'] node()
def children(self, baseDN): node = LDAPNode(baseDN, self.props) ret = list() for key in node: ret.append({'rdn': key}) return json.dumps(ret)