def reset_password(self, password_stub):
email = self.cleaned_data['email']
challenge = self.cleaned_data['challenge']
password_full = password_stub + challenge
try:
protocol = '' # protocol for logging what is happing
protocol += 'initialize & bind; '
l = util.ldap_connection()
protocol += 'find user by mail; '
users = l.search_s(settings.LDAP_USERGP, ldap.SCOPE_SUBTREE,
'(&(mail=%s))' % (email))
if (len(users) <= 0):
raise util.LdapException("No user with this email found")
# reset only the first account
cn = users[0][0]
login = users[0][1]['uid'][0]
protocol += 'change modify password'
l.modify_s(users[0][0], [(ldap.MOD_REPLACE, 'userPassword',
str(util.hash_password(password_full)))])
# release binding
protocol += 'release binding; '
l.unbind_s()
return login
except ldap.LDAPError, e:
raise util.LdapException("%s: %s" % (e, protocol))
def reset_password(self, password_stub):
email = self.cleaned_data['email']
challenge = self.cleaned_data['challenge']
password_full = password_stub + challenge
try:
protocol = '' # protocol for logging what is happing
protocol += 'initialize & bind; '
l = util.ldap_connection()
protocol += 'find user by mail; '
users = l.search_s(settings.LDAP_USERGP, ldap.SCOPE_SUBTREE, '(&(mail=%s))' % (email))
if (len(users) <= 0):
raise util.LdapException("No user with this email found")
# reset only the first account
cn = users[0][0]
login = users[0][1]['uid'][0]
protocol += 'change modify password'
l.modify_s(users[0][0], [(ldap.MOD_REPLACE, 'userPassword', str(util.hash_password(password_full)))])
# release binding
protocol += 'release binding; '
l.unbind_s()
return login
except ldap.LDAPError, e:
raise util.LdapException("%s: %s" % (e, protocol))
def as_ldap(self):
"""
Returns a hash with LDAP entries for using with ldap.add(...) / ldap.modify(...):
{
'user' : ... # used for putting into the user section (add)
'automount' : ... # used for putting into the automount section (add)
'exedient' : ... # used for changing the expedient ACL (modify)
}
"""
uid = settings.LDAP_UID_START + self.id
gid = settings.LDAP_GID_START + self.id
info_dict = { 'safe_name' : self.safe_name, 'uid' : uid, 'gid' : gid, 'island' : self.island } # used for string replacements
home = settings.LDAP_HOME % info_dict
mount_info = settings.LDAP_MOUNT_INFO % info_dict
password = util.hash_password(self.password)
return {
'user' : [
('objectClass', ['top', 'posixAccount', 'inetOrgPerson', 'ldapPublicKey']),
('uid', str(self.safe_name)),
('sn', str(self.safe_name)),
('uidNumber', str(uid)),
('gidNumber', str(gid)),
('homeDirectory', str(home)),
('givenName', str(self.name)),
('o', str(self.organization)),
('mail', str(self.email)),
('userPassword', str(password)),
('loginShell', str(settings.LDAP_LOGIN_SHELL)),
('sshPublicKey', str(self.public_key)),
('description', str(self.island))],
'automount' : [
('objectClass', 'automount'),
('automountInformation', str(mount_info))],
'expedient' : [
(ldap.MOD_ADD, 'uniqueMember', str("uid=%s,%s" % (self.safe_name, settings.LDAP_USERGP)))]
}
def authenticate(self): l = util.ldap_connection() user = l.search_s(settings.LDAP_USERGP, ldap.SCOPE_SUBTREE, '(&(cn=%s)(userPassword=%s))' % (self.cleaned_data['login'], util.hash_password(self.cleaned_data['password']))) l.unbind_s() if user and (len(user) > 0): return True else: return False
