def get_exec_from_dn(ldap_entry_dn):
"""
Walk up the reporting structure until we get to someone who is in
the Exec group. Return that someone.
This function can fail to return a result if someone in the tree is
in the process of leaving, i.e. they are recorded as a manager but
are no longer an active account.
"""
# Get the membership of the Exec group. Use the mailing list so that
# we get the full DNs, thus making it easier to check.
_, memb_result = shared_ldap.find_group("exec", ["uniqueMember"])
members = memb_result[0].uniqueMember.values
# Walk up the tree ...
searching = True
while searching:
result = shared_ldap.get_object(ldap_entry_dn, ["manager"])
if result is not None and result.manager.value is not None:
ldap_entry_dn = result.manager.value
if ldap_entry_dn in members:
mgr_email = shared_ldap.get_object(result.manager.value,
["mail"])
return mgr_email.mail.values[0]
# otherwise loop to that person
else:
# The intermediate manager is leaving.
searching = False
return None
def ok_to_proceed(email_address):
""" Enforce company policy rules. """
# Is the email address already present in LDAP?
check = shared_ldap.find_from_email(email_address)
if check is None:
check = shared_ldap.find_from_attribute("cn", email_address)
if check is not None:
response = ("Cannot fulfil this request because the email address is "
"already being used by %s" % check)
shared_sd.post_comment(response, True)
shared_sd.resolve_ticket(WONT_DO)
return False
check = shared_ldap.find_from_attribute("passwordSelfResetBackupMail",
email_address)
if check is not None:
dup_email = shared_ldap.get_object(check, ["mail"])
if dup_email.mail.values != []:
dup_email = dup_email.mail.values[0]
else:
# No email address so provide the DN instead
dup_email = check
response = ("Cannot fulfil this request because there is a Linaro "
"account associated with the email address (%s)" %
dup_email)
shared_sd.post_comment(response, True)
shared_sd.resolve_ticket(WONT_DO)
return False
org_unit = shared_ldap.find_best_ou_for_email(email_address)
if org_unit == "ou=staff,ou=accounts,dc=linaro,dc=org":
shared_sd.post_comment(
"Cannot fulfil this request because the email address is "
"reserved for Linaro staff.", True)
shared_sd.resolve_ticket(WONT_DO)
return False
# Who is asking for this account? If staff, they can create any account.
# If not, the OU must match.
reporter_ou = shared_ldap.find_best_ou_for_email(shared.globals.REPORTER)
if reporter_ou != "ou=staff,ou=accounts,dc=linaro,dc=org":
if org_unit == "ou=the-rest,ou=accounts,dc=linaro,dc=org":
shared_sd.post_comment(
"Only Linaro staff and Linaro Members can create additional accounts.",
True)
shared_sd.resolve_ticket(WONT_DO)
return False
if reporter_ou != org_unit:
shared_sd.post_comment(
"Cannot fulfil this request because you can "
"only create accounts/contacts for your own organisation.",
True)
shared_sd.resolve_ticket(WONT_DO)
return False
return True
def transition_leaver(account_dn, email_address):
""" Transition a leaver account back to a Member account. """
account = shared_ldap.get_object(
account_dn, ["passwordSelfResetBackupMail", "memberOf"])
if "passwordSelfResetBackupMail" not in account:
shared_sd.post_comment(
"Cannot transition '%s' because there isn't a private email "
"address stored in LDAP. Please provide it to IT Services." %
email_address, True)
return RESULT_STATE.Customer
clean_up_account(account)
return transition_account(account,
account["passwordSelfResetBackupMail"].value,
email_address)
def owner_and_display_name(owner):
""" Calculate the owner's email address and display name. """
this_owner = shared_ldap.get_object(
owner,
['displayName', 'mail', 'givenName', 'sn'])
if this_owner.displayName.value is not None:
display_name = this_owner.displayName.value
else:
if this_owner.sn.value is not None:
if this_owner.givenName.value is not None:
display_name = "%s %s" % (
this_owner.givenName.value,
this_owner.sn.value)
else:
display_name = this_owner.sn.value
else:
display_name = this_owner.mail.value
return (display_name, this_owner.mail.value)
def transition_member(account_dn, email_address):
""" Transition a Member account to be a Staff account. """
account = shared_ldap.get_object(account_dn,
["givenName", "sn", "memberOf"])
if "givenName" in account:
new_email = "*****@*****.**" % (account["givenName"].value,
account["sn"].value)
else:
new_email = "*****@*****.**" % account["sn"].value
new_email = new_email.lower()
check = shared_ldap.find_matching_objects("(mail=%s)" % new_email, ["cn"])
if check is not None:
shared_sd.post_comment(
"Can't transition %s because the calculated new email address (%s) "
"is in use already." % (email_address, new_email), True)
shared_sd.post_comment(check[0].entry_dn, False)
return RESULT_STATE.Customer
# Good to go ...
clean_up_account(account)
return transition_account(account, email_address, new_email)
def get_director(dept_team):
""" For a given dept/team, find the director. """
# If there isn't a | in the team name, duplicate the team name with a | in
# order to match against LDAP.
if "|" not in dept_team:
dept_team = "%s|%s" % (dept_team, dept_team)
# LDAP doesn't allow brackets in search filters so we have to replace them.
dept_team = dept_team.replace("(", "\\28")
dept_team = dept_team.replace(")", "\\29")
# Find someone with the specified dept_team combo.
result = shared_ldap.find_matching_objects(
"(departmentNumber=%s)" % dept_team, ['manager', 'title', 'mail'],
base="ou=staff,ou=accounts,dc=linaro,dc=org")
# That gets us a list but we only work on the first entry ...
result = result[0]
# Now walk up the manager attribute until we get to a Director.
while True:
if result == []:
return None
# Just work off the first result returned and we'll iterate ...
title = result.title.value
if title is not None:
title = title.lower()
# Nasty hack to cope with Landing Teams ...
if "director" in title or title == "vp developer services":
return result.mail.value
manager = result.manager.value
if manager is None:
# We've run out of staff structure
return None
# Walk up the tree
result = shared_ldap.get_object(manager, ['manager', 'title', 'mail'])