def get_members_constraint(entity):
conn = None
mList = []
search_filter = '(&(objectClass=' + ROLE_OC_NAME + ')'
search_filter += '(' + ROLE_NAME + '=' + entity.name + '))'
try:
conn = ldaphelper.open()
# TODO: use sizelimit=1
entries = conn.search_s(__CONTAINER_DN,
scope=ldap.SCOPE_SUBTREE,
filterstr=search_filter,
attrlist=[MEMBER, global_ids.CONSTRAINT])
if not entries:
raise NotFound(msg="Role not found, name=" + entity.name,
id=global_ids.ROLE_NOT_FOUND)
elif len(entries) > 1:
raise NotUnique(msg="Role not unique, name=" + entity.name,
id=global_ids.ROLE_SEARCH_FAILED)
dn, attrs = entries[0]
member_dns = ldaphelper.get_list(attrs.get(MEMBER, []))
constraint = Constraint(
ldaphelper.get_attr_val(attrs.get(global_ids.CONSTRAINT, [])))
mList = __convert_list(member_dns)
except Exception as e: # FIXME: change to LDAPError
raise RbacError(msg='Get members search error=' + str(e),
id=global_ids.ROLE_OCCUPANT_SEARCH_FAILED)
finally:
if conn:
ldaphelper.close(conn)
return [mList, constraint]
def __unload(dn, attrs):
entity = Role()
entity.dn = dn
attrs = CIDict(attrs)
entity.internal_id = ldaphelper.get_attr_val(
attrs.get(global_ids.INTERNAL_ID, []))
entity.name = ldaphelper.get_attr_val(attrs.get(ROLE_NAME, []))
entity.description = ldaphelper.get_one_attr_val(
attrs.get(global_ids.DESC, []))
# Get the multi-occurring attrs:
entity.props = ldaphelper.get_list(attrs.get(global_ids.PROPS, []))
entity.members = ldaphelper.get_list(attrs.get(MEMBER, []))
# unload raw constraint:
entity.constraint = Constraint(
ldaphelper.get_attr_val(attrs.get(global_ids.CONSTRAINT, [])))
return entity
def __unload(dn, attrs):
entity = Perm()
entity.dn = dn
attrs = CIDict(attrs)
entity.internal_id = ldaphelper.get_attr_val(
attrs.get(global_ids.INTERNAL_ID, []))
entity.obj_id = ldaphelper.get_attr_val(attrs.get(OBJ_ID, []))
entity.obj_name = ldaphelper.get_attr_val(attrs.get(OBJ_NM, []))
entity.op_name = ldaphelper.get_attr_val(attrs.get(OP_NM, []))
entity.abstract_name = ldaphelper.get_attr_val(attrs.get(PERM_NAME, []))
entity.type = ldaphelper.get_attr_val(attrs.get(TYPE, []))
entity.description = ldaphelper.get_one_attr_val(
attrs.get(global_ids.DESC, []))
# Get the multi-occurring attrs:
entity.users = ldaphelper.get_list(attrs.get(USERS, []))
entity.roles = ldaphelper.get_list(attrs.get(ROLES, []))
entity.props = ldaphelper.get_list(attrs.get(global_ids.PROPS, []))
return entity
def __unload_obj(dn, attrs):
entity = PermObj()
attrs = CIDict(attrs)
entity.dn = dn
entity.internal_id = ldaphelper.get_attr_val(
attrs.get(global_ids.INTERNAL_ID, []))
entity.obj_name = ldaphelper.get_attr_val(attrs.get(OBJ_NM, []))
entity.type = ldaphelper.get_attr_val(attrs.get(TYPE, []))
entity.description = ldaphelper.get_one_attr_val(
attrs.get(global_ids.DESC, []))
entity.ou = ldaphelper.get_one_attr_val(attrs.get(global_ids.OU, []))
entity.props = ldaphelper.get_list(attrs.get(global_ids.PROPS, []))
return entity
def __unload(dn, attrs):
entity = User()
entity.dn = dn
attrs = CIDict(attrs)
entity.uid = ldaphelper.get_one_attr_val(attrs.get(global_ids.UID, []))
entity.ou = ldaphelper.get_one_attr_val(attrs.get(global_ids.OU, []))
entity.internal_id = ldaphelper.get_attr_val(
attrs.get(global_ids.INTERNAL_ID, []))
entity.pw_policy = ldaphelper.get_attr_val(attrs.get(PW_POLICY, []))
entity.cn = ldaphelper.get_one_attr_val(attrs.get(global_ids.CN, []))
entity.sn = ldaphelper.get_one_attr_val(attrs.get(global_ids.SN, []))
entity.description = ldaphelper.get_one_attr_val(
attrs.get(global_ids.DESC, []))
entity.display_name = ldaphelper.get_attr_val(attrs.get(DISPLAY_NAME, []))
entity.employee_type = ldaphelper.get_one_attr_val(
attrs.get(EMPLOYEE_TYPE, []))
entity.title = ldaphelper.get_one_attr_val(attrs.get(TITLE, []))
entity.reset = ldaphelper.get_bool(attrs.get(IS_RESET, []))
entity.system = ldaphelper.get_bool(attrs.get(IS_SYSTEM, []))
entity.department_number = ldaphelper.get_one_attr_val(
attrs.get(DEPT_NUM, []))
entity.l = ldaphelper.get_one_attr_val(attrs.get(LOCATION, []))
entity.physical_delivery_office_name = ldaphelper.get_one_attr_val(
attrs.get(PHYSICAL_OFFICE_NM, []))
entity.postal_code = ldaphelper.get_one_attr_val(attrs.get(
POSTAL_CODE, []))
entity.room_number = ldaphelper.get_one_attr_val(attrs.get(RM_NUM, []))
# Get the attr as object:
entity.locked_time = ldaphelper.get_attr_object(attrs.get(LOCKED_TIME, []))
# Get the multi-occurring attrs:
entity.props = ldaphelper.get_list(attrs.get(global_ids.PROPS, []))
entity.phones = ldaphelper.get_list(attrs.get(TELEPHONE_NUMBER, []))
entity.mobiles = ldaphelper.get_list(attrs.get(MOBILE, []))
entity.emails = ldaphelper.get_list(attrs.get(MAIL, []))
entity.roles = ldaphelper.get_list(attrs.get(ROLES, []))
# unload raw user constraint:
entity.constraint = Constraint(
ldaphelper.get_attr_val(attrs.get(global_ids.CONSTRAINT, [])))
# now, unload raw user-role constraints:
rcsRaw = ldaphelper.get_list(attrs.get(ROLE_CONSTRAINTS, []))
if rcsRaw is not None:
entity.role_constraints = []
for rcRaw in rcsRaw:
entity.role_constraints.append(Constraint(rcRaw))
return entity