def wrapper(self): props = layer['props'] root = LDAPNode('dc=my-domain,dc=com', props) container = root['ou=defaults'] = LDAPNode() container.attrs['objectClass'] = ['organizationalUnit'] root() try: fn(self, props) finally: container.clear() container() del root['ou=defaults'] root()
def children(self, baseDN): node = LDAPNode(baseDN, self.props) ret = list() # XXX: related search filters for users and groups container? for dn in node.search(): ret.append({"dn": dn}) return json.dumps(ret)
def container_exists(self): try: return LDAPNode(self.container_dn, self.server_settings.ldap_props).exists except Exception: logger.error(format_traceback()) return False
def test_no_member_uid_attribute_yet(self, ugm): # Test case where group object does not have 'memberUid' attribute # set yet. node = LDAPNode( u'cn=group0,ou=groups,ou=posixGroups,dc=my-domain,dc=com', props=self.layer['props']) del node.attrs['memberUid'] node() group = ugm.groups['group0'] self.assertEqual(group.items(), []) group.add('uid0') group() node = LDAPNode( u'cn=group0,ou=groups,ou=posixGroups,dc=my-domain,dc=com', props=self.layer['props']) self.assertEqual(node.attrs['memberUid'], ['uid0'])
def test_inexistent_member_reference(self, ugm): # Test case where group contains reference to inexistent member. node = LDAPNode( u'cn=group0,ou=groups,ou=posixGroups,dc=my-domain,dc=com', props=self.layer['props']) node.attrs['memberUid'] = ['uid0', 'inexistent'] node() group = ugm.groups['group0'] self.assertEqual(group.keys(), ['uid0']) node.attrs['memberUid'] = ['uid0'] node()
def create_container(self): """Create LDAP container by dn. Currently this only supports ou container type. XXX: Do we need to support c and dc? XXX: Should we create parents as well if missing? """ dn = self.container_dn if not dn: raise LDAPContainerError( _('no_container_dn_defined', default='No container DN defined.')) if not dn.startswith('ou='): raise LDAPContainerError( _('expected_ou_as_rdn', default="Expected 'ou' as RDN Attribute.")) props = self.server_settings.ldap_props try: parent_dn = ','.join(explode_dn(dn)[1:]) except Exception: raise LDAPContainerError(_('invalid_dn', default='Invalid DN.')) rdn = explode_dn(dn)[0] parent = LDAPNode(parent_dn, props) if not parent.exists: raise LDAPContainerError( _('parent_not_found', default="Parent not found. Can't continue.")) parent[rdn] = LDAPNode() parent[rdn].attrs['objectClass'] = ['organizationalUnit'] parent() self.invalidate() message = _('created_principal_container', default="Created ${rdn}", mapping={'rdn': rdn}) return message
def node_attributes(self): dn = self.request["dn"] base = self.request["base"] if base == "users": users = ILDAPUsersConfig(self.plugin) baseDN = users.baseDN else: groups = ILDAPGroupsConfig(self.plugin) baseDN = groups.baseDN root = LDAPNode(baseDN, self.props) node = root.node_by_dn(safe_unicode(dn), strict=True) ret = dict() for key, val in node.attrs.items(): try: if not node.attrs.is_binary(key): ret[safe_unicode(key)] = safe_unicode(val) else: ret[safe_unicode( key)] = "(Binary Data with {0} Bytes)".format(len(val)) except UnicodeDecodeError: ret[safe_encode(key)] = "! (UnicodeDecodeError)" except Exception: ret[safe_encode(key)] = "! (Unknown Exception)" return json.dumps(ret)
def node_attributes(self): rdn = self.request['rdn'] base = self.request['base'] if base == 'users': users = ILDAPUsersConfig(self.plugin) baseDN = users.baseDN else: groups = ILDAPGroupsConfig(self.plugin) baseDN = groups.baseDN root = LDAPNode(baseDN, self.props) node = root[rdn] ret = dict() for key, val in node.attrs.items(): try: if not node.attrs.is_binary(key): ret[safe_encode(key)] = safe_encode(val) else: ret[safe_encode(key)] = \ '(Binary Data with {0} Bytes)'.format(len(val)) except UnicodeDecodeError: ret[safe_encode(key)] = '! (UnicodeDecodeError)' except Exception: ret[safe_encode(key)] = '! (Unknown Exception)' return json.dumps(ret)
def children(self, baseDN): node = LDAPNode(baseDN, self.props) ret = list() for key in node: ret.append({'rdn': key}) return json.dumps(ret)
def test_roles(self): # Role Management. Create container for roles. props = layer['props'] node = LDAPNode('dc=my-domain,dc=com', props) node['ou=roles'] = LDAPNode() node['ou=roles'].attrs['objectClass'] = ['organizationalUnit'] node() ucfg = layer['ucfg'] gcfg = layer['gcfg'] rcfg = RolesConfig(baseDN='ou=roles,dc=my-domain,dc=com', attrmap=odict((('rdn', 'cn'), ('id', 'cn'))), scope=SUBTREE, queryFilter='(objectClass=posixGroup)', objectClasses=['posixGroup'], defaults={}, strict=False) ugm = Ugm(props=props, ucfg=ucfg, gcfg=gcfg, rcfg=rcfg) user = ugm.users['uid1'] self.assertEqual(ugm.roles(user), []) ugm.add_role('viewer', user) self.assertEqual(ugm.roles(user), ['viewer']) self.assertEqual(user.roles, ['viewer']) user = ugm.users['uid2'] user.add_role('viewer') user.add_role('editor') self.assertEqual(sorted(user.roles), ['editor', 'viewer']) ugm.roles_storage() ugm.remove_role('viewer', user) user.remove_role('editor') self.assertEqual(user.roles, []) ugm.roles_storage() group = ugm.groups['group1'] self.assertEqual(ugm.roles(group), []) ugm.add_role('viewer', group) self.assertEqual(ugm.roles(group), ['viewer']) self.assertEqual(group.roles, ['viewer']) group = ugm.groups['group0'] group.add_role('viewer') group.add_role('editor') self.assertEqual(group.roles, ['viewer', 'editor']) ugm.roles_storage() err = self.expect_error(ValueError, group.add_role, 'editor') self.assertEqual(str(err), "Principal already has role 'editor'") ugm.remove_role('viewer', group) self.assertEqual(ugm.roles_storage.keys(), [u'viewer', u'editor']) group.remove_role('editor') self.assertEqual(ugm.roles_storage.keys(), [u'viewer']) self.assertEqual(ugm.roles_storage.storage.keys(), ['viewer']) self.expect_error(KeyError, ugm.roles_storage.__getitem__, 'editor') err = self.expect_error(ValueError, group.remove_role, 'editor') self.assertEqual(str(err), "Role not exists 'editor'") err = self.expect_error(ValueError, group.remove_role, 'viewer') self.assertEqual(str(err), "Principal does not has role 'viewer'") ugm.roles_storage() node = LDAPNode('dc=my-domain,dc=com', props) node['ou=roles'].clear() node['ou=roles']() del node['ou=roles'] node()