def setUp(self): FakeLDAP.clearTree() try: transaction.begin() except AttributeError: # Zope 2.7 get_transaction().begin() self.connection = Zope2.DB.open() self.root = self.connection.root()["Application"] self.root._setObject("luftest", Folder("luftest")) self.folder = self.root.luftest manage_addLDAPUserFolder(self.folder) luf = self.folder.acl_users host, port = dg("server").split(":") luf.manage_addServer(host, port=port) luf.manage_edit( dg("title"), dg("login_attr"), dg("uid_attr"), dg("users_base"), dg("users_scope"), dg("roles"), dg("groups_base"), dg("groups_scope"), dg("binduid"), dg("bindpwd"), binduid_usage=dg("binduid_usage"), rdn_attr=dg("rdn_attr"), local_groups=dg("local_groups"), implicit_mapping=dg("implicit_mapping"), encryption=dg("encryption"), read_only=dg("read_only"), ) FakeLDAP.addTreeItems(dg("users_base")) FakeLDAP.addTreeItems(dg("groups_base"))
def add_ldap_user_folder(app): from Products.LDAPUserFolder import manage_addLDAPUserFolder dg = ldap_config.defaults.get manage_addLDAPUserFolder(app) luf = app.acl_users host, port = dg('server').split(':') luf.manage_addServer(host, port=port) luf.manage_edit(dg('title'), dg('login_attr'), dg('uid_attr'), dg('users_base'), dg('users_scope'), dg('roles'), dg('groups_base'), dg('groups_scope'), dg('binduid'), dg('bindpwd'), binduid_usage = dg('binduid_usage'), rdn_attr = dg('rdn_attr'), local_groups = dg('local_groups'), implicit_mapping = dg('implicit_mapping'), encryption = dg('encryption'), read_only = dg('read_only')) luf.manage_deleteLDAPSchemaItems(luf._ldapschema.keys()) # clear the schema
def setUp(self): from dataflake.fakeldap import TREE self.db = TREE self.db.clear() transaction.begin() self.app = self.root = ZopeTestCase.app() self.root._setObject('luftest', Folder('luftest')) self.folder = self.root.luftest manage_addLDAPUserFolder(self.folder) luf = self.folder.acl_users host, port = dg('server').split(':') luf.manage_addServer(host, port=port) luf.manage_edit(dg('title'), dg('login_attr'), dg('uid_attr'), dg('users_base'), dg('users_scope'), dg('roles'), dg('groups_base'), dg('groups_scope'), dg('binduid'), dg('bindpwd'), binduid_usage=dg('binduid_usage'), rdn_attr=dg('rdn_attr'), local_groups=dg('local_groups'), implicit_mapping=dg('implicit_mapping'), encryption=dg('encryption'), read_only=dg('read_only')) self.db.addTreeItems(dg('users_base')) self.db.addTreeItems(dg('groups_base'))
def setUp(self): from dataflake.fakeldap import TREE self.db = TREE self.db.clear() transaction.begin() self.app = self.root = ZopeTestCase.app() self.root._setObject('luftest', Folder('luftest')) self.folder = self.root.luftest manage_addLDAPUserFolder(self.folder) luf = self.folder.acl_users host, port = dg('server').split(':') luf.manage_addServer(host, port=port) luf.manage_edit( dg('title') , dg('login_attr') , dg('uid_attr') , dg('users_base') , dg('users_scope') , dg('roles') , dg('groups_base') , dg('groups_scope') , dg('binduid') , dg('bindpwd') , binduid_usage = dg('binduid_usage') , rdn_attr = dg('rdn_attr') , local_groups = dg('local_groups') , implicit_mapping = dg('implicit_mapping') , encryption = dg('encryption') , read_only = dg('read_only') ) self.db.addTreeItems(dg('users_base')) self.db.addTreeItems(dg('groups_base'))
def genericPluginCreation(self, klass, id, title, login_attr, uid_attr, users_base, users_scope, roles, groups_base, groups_scope, binduid, bindpwd, binduid_usage=1, rdn_attr='cn', local_groups=0, use_ssl=0, encryption='SHA', read_only=0, LDAP_server=None, obj_classes='pilotPerson,uidObject', REQUEST=None): # Make sure we really are working in our container (the # PluggableAuthService object) self = self.this() # First we create the plugin plugin = klass(id, title) self._setObject(id, plugin) plugin = getattr(aq_base(self), id) # And then we have to create an LDAPUserFolder inside it manage_addLDAPUserFolder(plugin) luf=getattr(aq_base(plugin), "acl_users") # Figure out the LDAP port number to use if LDAP_server is not None: host_elems = LDAP_server.split(':') host = host_elems[0] if len(host_elems) > 1: port = host_elems[1] else: if use_ssl: port = '636' else: port = '389' luf.manage_addServer(host, port=port, use_ssl=use_ssl, op_timeout=10) # clean out the __allow_groups__ bit because it is not needed here # and potentially harmful plugin_base = aq_base(plugin) if hasattr(plugin_base, '__allow_groups__'): del plugin_base.__allow_groups__ # Configure the LDAPUserFolder luf.manage_edit(title, login_attr, uid_attr, users_base, users_scope, roles, groups_base, groups_scope, binduid, bindpwd, binduid_usage=binduid_usage, rdn_attr=rdn_attr, local_groups=local_groups, encryption=encryption, read_only=read_only, obj_classes=obj_classes, REQUEST=None) return luf
def testAlternateLUFInstantiation(self): from Products.LDAPUserFolder import manage_addLDAPUserFolder ae = self.assertEqual self.folder._delObject('acl_users') manage_addLDAPUserFolder(self.folder) acl = self.folder.acl_users host, port = ag('server').split(':') acl.manage_addServer(host, port=port) acl.manage_edit(title=ag('title'), login_attr=ag('login_attr'), uid_attr=ag('uid_attr'), users_base=ag('users_base'), users_scope=ag('users_scope'), roles=ag('roles'), groups_base=ag('groups_base'), groups_scope=ag('groups_scope'), binduid=ag('binduid'), bindpwd=ag('bindpwd'), binduid_usage=ag('binduid_usage'), rdn_attr=ag('rdn_attr'), local_groups=ag('local_groups'), implicit_mapping=ag('implicit_mapping'), encryption=ag('encryption'), read_only=ag('read_only'), extra_user_filter=ag('extra_user_filter')) acl = self.folder.acl_users ae(acl.getProperty('title'), ag('title')) ae(acl.getProperty('_login_attr'), ag('login_attr')) ae(acl.getProperty('_uid_attr'), ag('uid_attr')) ae(acl.getProperty('users_base'), ag('users_base')) ae(acl.getProperty('users_scope'), ag('users_scope')) ae(acl.getProperty('_roles'), [x.strip() for x in ag('roles').split(',')]) ae(acl.getProperty('groups_base'), ag('groups_base')) ae(acl.getProperty('groups_scope'), ag('groups_scope')) ae(acl.getProperty('_binduid'), ag('binduid')) ae(acl.getProperty('_bindpwd'), ag('bindpwd')) ae(acl.getProperty('_binduid_usage'), ag('binduid_usage')) ae(acl.getProperty('_rdnattr'), ag('rdn_attr')) ae(acl.getProperty('_local_groups'), not not ag('local_groups')) ae(acl.getProperty('_implicit_mapping'), not not ag('implicit_mapping')) ae(acl.getProperty('_pwd_encryption'), ag('encryption')) ae(acl.getProperty('_extra_user_filter'), ag('extra_user_filter')) ae(acl.getProperty('read_only'), not not ag('read_only'))
def testAlternateLUFInstantiation(self): from Products.LDAPUserFolder import manage_addLDAPUserFolder ae = self.assertEqual self.folder._delObject('acl_users') manage_addLDAPUserFolder(self.folder) acl = self.folder.acl_users host, port = ag('server').split(':') acl.manage_addServer(host, port=port) acl.manage_edit( title = ag('title') , login_attr = ag('login_attr') , uid_attr = ag('uid_attr') , users_base = ag('users_base') , users_scope = ag('users_scope') , roles= ag('roles') , groups_base = ag('groups_base') , groups_scope = ag('groups_scope') , binduid = ag('binduid') , bindpwd = ag('bindpwd') , binduid_usage = ag('binduid_usage') , rdn_attr = ag('rdn_attr') , local_groups = ag('local_groups') , implicit_mapping = ag('implicit_mapping') , encryption = ag('encryption') , read_only = ag('read_only') , extra_user_filter = ag('extra_user_filter') ) acl = self.folder.acl_users ae(acl.getProperty('title'), ag('title')) ae(acl.getProperty('_login_attr'), ag('login_attr')) ae(acl.getProperty('_uid_attr'), ag('uid_attr')) ae(acl.getProperty('users_base'), ag('users_base')) ae(acl.getProperty('users_scope'), ag('users_scope')) ae(acl.getProperty('_roles'), [x.strip() for x in ag('roles').split(',')]) ae(acl.getProperty('groups_base'), ag('groups_base')) ae(acl.getProperty('groups_scope'), ag('groups_scope')) ae(acl.getProperty('_binduid'), ag('binduid')) ae(acl.getProperty('_bindpwd'), ag('bindpwd')) ae(acl.getProperty('_binduid_usage'), ag('binduid_usage')) ae(acl.getProperty('_rdnattr'), ag('rdn_attr')) ae(acl.getProperty('_local_groups'), not not ag('local_groups')) ae(acl.getProperty('_implicit_mapping'), not not ag('implicit_mapping')) ae(acl.getProperty('_pwd_encryption'), ag('encryption')) ae(acl.getProperty('_extra_user_filter'), ag('extra_user_filter')) ae(acl.getProperty('read_only'), not not ag('read_only'))
def testAlternateLUFInstantiation(self): ae = self.assertEqual self.folder._delObject("acl_users") manage_addLDAPUserFolder(self.folder) acl = self.folder.acl_users host, port = ag("server").split(":") acl.manage_addServer(host, port=port) acl.manage_edit( title=ag("title"), login_attr=ag("login_attr"), uid_attr=ag("uid_attr"), users_base=ag("users_base"), users_scope=ag("users_scope"), roles=ag("roles"), groups_base=ag("groups_base"), groups_scope=ag("groups_scope"), binduid=ag("binduid"), bindpwd=ag("bindpwd"), binduid_usage=ag("binduid_usage"), rdn_attr=ag("rdn_attr"), local_groups=ag("local_groups"), implicit_mapping=ag("implicit_mapping"), encryption=ag("encryption"), read_only=ag("read_only"), extra_user_filter=ag("extra_user_filter"), ) acl = self.folder.acl_users ae(acl.getProperty("title"), ag("title")) ae(acl.getProperty("_login_attr"), ag("login_attr")) ae(acl.getProperty("_uid_attr"), ag("uid_attr")) ae(acl.getProperty("users_base"), ag("users_base")) ae(acl.getProperty("users_scope"), ag("users_scope")) ae(acl.getProperty("_roles"), [x.strip() for x in ag("roles").split(",")]) ae(acl.getProperty("groups_base"), ag("groups_base")) ae(acl.getProperty("groups_scope"), ag("groups_scope")) ae(acl.getProperty("_binduid"), ag("binduid")) ae(acl.getProperty("_bindpwd"), ag("bindpwd")) ae(acl.getProperty("_binduid_usage"), ag("binduid_usage")) ae(acl.getProperty("_rdnattr"), ag("rdn_attr")) ae(acl.getProperty("_local_groups"), not not ag("local_groups")) ae(acl.getProperty("_implicit_mapping"), not not ag("implicit_mapping")) ae(acl.getProperty("_pwd_encryption"), ag("encryption")) ae(acl.getProperty("_extra_user_filter"), ag("extra_user_filter")) ae(acl.getProperty("read_only"), not not ag("read_only"))
def manage_addLDAPMultiPlugin( self, id, title, LDAP_server, login_attr , uid_attr, users_base, users_scope, roles , groups_base, groups_scope, binduid, bindpwd , binduid_usage=1, rdn_attr='cn', local_groups=0 , use_ssl=0 , encryption='SHA', read_only=0 , REQUEST=None ): """ Factory method to instantiate a LDAPMultiPlugin """ # Make sure we really are working in our container (the # PluggableAuthService object) self = self.this() # Value needs massaging, there's some magic transcending a simple true # or false expeced by the LDAP delegate :( if use_ssl: use_ssl = 1 else: use_ssl = 0 # Instantiate the folderish adapter object lmp = LDAPMultiPlugin(id, title=title) self._setObject(id, lmp) lmp = getattr(aq_base(self), id) lmp_base = aq_base(lmp) # Put the "real" LDAPUserFolder inside it manage_addLDAPUserFolder(lmp) luf = getattr(lmp_base, 'acl_users') host_elems = LDAP_server.split(':') host = host_elems[0] if len(host_elems) > 1: port = host_elems[1] else: if use_ssl: port = '636' else: port = '389' luf.manage_addServer(host, port=port, use_ssl=use_ssl) luf.manage_edit( title , login_attr , uid_attr , users_base , users_scope , roles , groups_base , groups_scope , binduid , bindpwd , binduid_usage=binduid_usage , rdn_attr=rdn_attr , local_groups=local_groups , encryption=encryption , read_only=read_only , REQUEST=None ) # clean out the __allow_groups__ bit because it is not needed here # and potentially harmful lmp_base = aq_base(lmp) if hasattr(lmp_base, '__allow_groups__'): del lmp_base.__allow_groups__ if REQUEST is not None: REQUEST.RESPONSE.redirect('%s/manage_main' % self.absolute_url())
def manage_addActiveDirectoryMultiPlugin(self, id, title, LDAP_server, login_attr, uid_attr, users_base, users_scope, roles, groups_base, groups_scope, binduid, bindpwd, binduid_usage=1, rdn_attr='cn', local_groups=0, use_ssl=0, encryption='SHA', read_only=0, REQUEST=None): """ Factory method to instantiate a ActiveDirectoryMultiPlugin """ # Make sure we really are working in our container (the # PluggableAuthService object) self = self.this() # Value needs massaging, there's some magic transcending a simple true # or false expeced by the LDAP delegate :( if use_ssl: use_ssl = 1 else: use_ssl = 0 # Instantiate the folderish adapter object lmp = ActiveDirectoryMultiPlugin(id, title=title) self._setObject(id, lmp) lmp = getattr(aq_base(self), id) lmp_base = aq_base(lmp) # Put the "real" LDAPUserFolder inside it manage_addLDAPUserFolder(lmp) luf = getattr(lmp_base, 'acl_users') host_elems = LDAP_server.split(':') host = host_elems[0] if len(host_elems) > 1: port = host_elems[1] else: if use_ssl: port = '636' else: port = '389' luf.manage_addServer(host, port=port, use_ssl=use_ssl) luf.manage_edit(title, login_attr, uid_attr, users_base, users_scope, roles, groups_base, groups_scope, binduid, bindpwd, binduid_usage=binduid_usage, rdn_attr=rdn_attr, local_groups=local_groups, encryption=encryption, read_only=read_only, REQUEST=None) # clean out the __allow_groups__ bit because it is not needed here # and potentially harmful if hasattr(lmp_base, '__allow_groups__'): del lmp_base.__allow_groups__ uf = lmp.acl_users uf._ldapschema = { 'cn': { 'ldap_name': 'cn', 'friendly_name': 'Canonical Name', 'multivalued': '', 'public_name': '' }, 'sn': { 'ldap_name': 'sn', 'friendly_name': 'Last Name', 'multivalued': '', 'public_name': 'last_name' } } uf.manage_addLDAPSchemaItem('dn', 'Distinguished Name', public_name='dn') uf.manage_addLDAPSchemaItem('sAMAccountName', 'Windows Login Name', public_name='windows_login_name') uf.manage_addLDAPSchemaItem('objectGUID', 'AD Object GUID', public_name='objectGUID') uf.manage_addLDAPSchemaItem('givenName', 'First Name', public_name='first_name') uf.manage_addLDAPSchemaItem('sn', 'Last Name', public_name='last_name') uf.manage_addLDAPSchemaItem('memberOf', 'Group DNs', public_name='memberOf', multivalued=True) if REQUEST is not None: REQUEST.RESPONSE.redirect('%s/manage_main' % self.absolute_url())
def genericPluginCreation(self, klass, id, title, login_attr, uid_attr, users_base, users_scope, roles, groups_base, groups_scope, binduid, bindpwd, binduid_usage=1, rdn_attr='cn', local_groups=0, use_ssl=0, encryption='SHA', read_only=0, LDAP_server=None, obj_classes='pilotPerson,uidObject', REQUEST=None): # Make sure we really are working in our container (the # PluggableAuthService object) self = self.this() # First we create the plugin plugin = klass(id, title) self._setObject(id, plugin) plugin = getattr(aq_base(self), id) # And then we have to create an LDAPUserFolder inside it manage_addLDAPUserFolder(plugin) luf = getattr(aq_base(plugin), "acl_users") # Figure out the LDAP port number to use if LDAP_server is not None: host_elems = LDAP_server.split(':') host = host_elems[0] if len(host_elems) > 1: port = host_elems[1] else: if use_ssl: port = '636' else: port = '389' luf.manage_addServer(host, port=port, use_ssl=use_ssl, op_timeout=10) # clean out the __allow_groups__ bit because it is not needed here # and potentially harmful plugin_base = aq_base(plugin) if hasattr(plugin_base, '__allow_groups__'): del plugin_base.__allow_groups__ # Configure the LDAPUserFolder luf.manage_edit(title, login_attr, uid_attr, users_base, users_scope, roles, groups_base, groups_scope, binduid, bindpwd, binduid_usage=binduid_usage, rdn_attr=rdn_attr, local_groups=local_groups, encryption=encryption, read_only=read_only, obj_classes=obj_classes, REQUEST=None) return luf
def manage_addActiveDirectoryMultiPlugin( self, id, title, LDAP_server , login_attr , uid_attr, users_base, users_scope, roles , groups_base, groups_scope, binduid, bindpwd , binduid_usage=1, rdn_attr='cn', local_groups=0 , use_ssl=0 , encryption='SHA', read_only=0 , REQUEST=None ): """ Factory method to instantiate a ActiveDirectoryMultiPlugin """ # Make sure we really are working in our container (the # PluggableAuthService object) self = self.this() # Value needs massaging, there's some magic transcending a simple true # or false expeced by the LDAP delegate :( if use_ssl: use_ssl = 1 else: use_ssl = 0 # Instantiate the folderish adapter object lmp = ActiveDirectoryMultiPlugin(id, title=title) self._setObject(id, lmp) lmp = getattr(aq_base(self), id) lmp_base = aq_base(lmp) # Put the "real" LDAPUserFolder inside it manage_addLDAPUserFolder(lmp) luf = getattr(lmp_base, 'acl_users') host_elems = LDAP_server.split(':') host = host_elems[0] if len(host_elems) > 1: port = host_elems[1] else: if use_ssl: port = '636' else: port = '389' luf.manage_addServer(host, port=port, use_ssl=use_ssl) luf.manage_edit( title , login_attr , uid_attr , users_base , users_scope , roles , groups_base , groups_scope , binduid , bindpwd , binduid_usage=binduid_usage , rdn_attr=rdn_attr , local_groups=local_groups , encryption=encryption , read_only=read_only , REQUEST=None ) # clean out the __allow_groups__ bit because it is not needed here # and potentially harmful if hasattr(lmp_base, '__allow_groups__'): del lmp_base.__allow_groups__ uf = lmp.acl_users uf._ldapschema = { 'cn' : { 'ldap_name' : 'cn' , 'friendly_name' : 'Canonical Name' , 'multivalued' : '' , 'public_name' : '' } , 'sn' : { 'ldap_name' : 'sn' , 'friendly_name' : 'Last Name' , 'multivalued' : '' , 'public_name' : 'last_name' } } uf.manage_addLDAPSchemaItem('dn', 'Distinguished Name', public_name='dn') uf.manage_addLDAPSchemaItem('sAMAccountName', 'Windows Login Name', public_name='windows_login_name') uf.manage_addLDAPSchemaItem('objectGUID', 'AD Object GUID', public_name='objectGUID') uf.manage_addLDAPSchemaItem('givenName', 'First Name', public_name='first_name') uf.manage_addLDAPSchemaItem('sn', 'Last Name', public_name='last_name') uf.manage_addLDAPSchemaItem('memberOf', 'Group DNs', public_name='memberOf', multivalued=True) if REQUEST is not None: REQUEST.RESPONSE.redirect('%s/manage_main' % self.absolute_url())