def process_request(self, request):
user = request.user
server = None
# Used by tests only
if request.method == "GET":
server = request.GET.get('server')
if not user or not user.is_authenticated:
return
if not User.objects.filter(username=user.username, userprofile__creation_method=UserProfile.CreationMethod.EXTERNAL.name).exists():
LOG.warn("User %s is not an Ldap user" % user.username)
return
# Cache should be cleared when user logs out.
if self.USER_CACHE_NAME not in request.session:
if LDAP.LDAP_SERVERS.get():
connection = ldap_access.get_connection_from_server(next(LDAP.LDAP_SERVERS.__iter__()))
else:
connection = ldap_access.get_connection_from_server()
import_ldap_users(connection, user.username, sync_groups=True, import_by_dn=False, server=server)
request.session[self.USER_CACHE_NAME] = True
request.session.modified = True
def check_ldap_access_groups(self, server, username):
#Avoid circular import from is_admin
from useradmin.views import get_find_groups_filter
allowed_group = False
if LDAP.LOGIN_GROUPS.get() and LDAP.LOGIN_GROUPS.get() != ['']:
login_groups = LDAP.LOGIN_GROUPS.get()
connection = ldap_access.get_connection_from_server(server)
try:
user_info = connection.find_users(username, find_by_dn=False)
except Exception as e:
LOG.warn("Failed to find LDAP user: %s" % e)
if not user_info:
LOG.warn(
"Could not get LDAP details for users with pattern %s" %
username)
return False
ldap_info = user_info[0]
group_ldap_info = connection.find_groups(
"*", group_filter=get_find_groups_filter(ldap_info, server))
for group in group_ldap_info:
if group['name'] in login_groups:
return True
else:
#Login groups not set default to True
allowed_group = True
return allowed_group
def import_groups(self, server, user):
connection = ldap_access.get_connection_from_server(server)
import_ldap_users(connection,
user.username,
sync_groups=True,
import_by_dn=False,
server=server)
def import_groups(self, server, user):
connection = ldap_access.get_connection_from_server(server)
#Avoid circular import from is_admin
from useradmin.views import import_ldap_users
import_ldap_users(connection,
user.username,
sync_groups=True,
import_by_dn=False,
server=server)
def handle(self, user=None, **options):
if user is None:
raise CommandError(_("A username must be provided."))
import_by_dn = options['dn']
sync_groups = options['sync_groups']
server = options['server']
connection = ldap_access.get_connection_from_server(server)
import_ldap_users(connection, user, sync_groups, import_by_dn)
def handle(self, user=None, **options):
if user is None:
raise CommandError(_("A username must be provided."))
import_by_dn = options['dn']
sync_groups = options['sync_groups']
server = options['server']
connection = ldap_access.get_connection_from_server(server)
import_ldap_users(connection, user, sync_groups, import_by_dn)
def handle(self, group=None, **options):
if group is None:
raise CommandError(_("A group name must be provided."))
import_members = options['import_members']
import_by_dn = options['dn']
import_members_recursive = options['import_members_recursive']
sync_users = options['sync_users']
server = options['server']
connection = ldap_access.get_connection_from_server(server)
import_ldap_groups(connection, group, import_members, import_members_recursive, sync_users, import_by_dn)
def check_ldap_access_groups(self, server, username):
#Avoid circular import from is_admin
from useradmin.views import get_find_groups_filter
allowed_group = False
if desktop.conf.LDAP.LOGIN_GROUPS.get() and desktop.conf.LDAP.LOGIN_GROUPS.get() != ['']:
login_groups = desktop.conf.LDAP.LOGIN_GROUPS.get()
connection = ldap_access.get_connection_from_server(server)
try:
user_info = connection.find_users(username, find_by_dn=False)
except Exception, e:
LOG.warn("Failed to find LDAP user: %s" % e)
if not user_info:
LOG.warn("Could not get LDAP details for users with pattern %s" % username)
return False
ldap_info = user_info[0]
group_ldap_info = connection.find_groups("*", group_filter=get_find_groups_filter(ldap_info, server))
for group in group_ldap_info:
if group['name'] in login_groups:
return True
def check_ldap_access_groups(self, server, username):
allowed_group = False
if desktop.conf.LDAP.LOGIN_GROUPS.get(
) and desktop.conf.LDAP.LOGIN_GROUPS.get() != ['']:
login_groups = desktop.conf.LDAP.LOGIN_GROUPS.get()
connection = ldap_access.get_connection_from_server(server)
try:
user_info = connection.find_users(username, find_by_dn=False)
except LdapSearchException, e:
LOG.warn("Failed to find LDAP user: %s" % e)
if not user_info:
LOG.warn(
"Could not get LDAP details for users with pattern %s" %
username_pattern)
return None
ldap_info = user_info[0]
group_ldap_info = connection.find_groups(
"*", group_filter=get_find_groups_filter(ldap_info))
for group in group_ldap_info:
if group['name'] in login_groups:
allowed_group = True
def import_groups(self, server, user): connection = ldap_access.get_connection_from_server(server) import_ldap_users(connection, user.username, sync_groups=True, import_by_dn=False)
def handle(self, **options):
server = options['server']
connection = ldap_access.get_connection_from_server(server)
sync_ldap_users_and_groups(connection)
def import_groups(self, server, user): connection = ldap_access.get_connection_from_server(server) #Avoid circular import from is_admin from useradmin.views import import_ldap_users import_ldap_users(connection, user.username, sync_groups=True, import_by_dn=False, server=server)
def handle(self, **options):
server = options['server']
connection = ldap_access.get_connection_from_server(server)
sync_ldap_users_and_groups(connection)