def populate(engine, ldap): """ Retrieve users from ldap directory and import them in local database """ session = DBSession() # retrieve managers from dedicated group managers = ldap.list_manager() # retrieve users searchFilter = '(&(objectClass=inetOrgPerson)(employeetype=Employee))' required = ['objectClass', 'employeeType', 'cn', 'givenName', 'sn', 'manager', 'mail', 'ou', 'uid', 'userPassword'] users = ldap._search(searchFilter, required) for user_dn, user_entry in users: user_data = ldap.parse_ldap_entry(user_dn, user_entry) if not user_data or not user_data.get('login'): continue login = user_data['login'].decode('utf-8') # check what type of user it is group = 'user' # if it's a manager he should be in manager group if user_data['dn'] in managers: group = 'manager' # if it's an admin he should be in admin group what = '(member=%s)' % user_data['dn'] if len(ldap._search_admin(what, None)) > 0: group = 'admin' user = User.by_login(session, login) if not user: user = User.create_from_ldap(session, user_data, group) else: # update user with ldap informations in case it changed user.email = user_data['email'].decode('utf-8') user.firstname = user_data['firstname'].decode('utf-8') user.lastname = user_data['lastname'].decode('utf-8') user.manager_dn = user_data['manager_dn'].decode('utf-8') user.dn = user_data['dn'].decode('utf-8') user.role = group session.add(user) session.commit()
def populate(engine, ldap): """ Retrieve users from ldap directory and import them in local database """ session = DBSession() # retrieve managers from dedicated group managers = ldap.list_manager() # retrieve users searchFilter = '(&(objectClass=inetOrgPerson)(employeetype=Employee))' required = ['objectClass', 'employeeType', 'cn', 'givenName', 'sn', 'manager', 'mail', 'ou', 'uid', 'userPassword'] users = ldap._search(searchFilter, required) for user_dn, user_entry in users: user_data = ldap.parse_ldap_entry(user_dn, user_entry) login = user_data['login'].decode('utf-8') # check what type of user it is group = u'user' # if it's a manager he should be in manager group if user_data['dn'] in managers: group = u'manager' # if it's an admin he should be in admin group what = '(member=%s)' % user_data['dn'] if len(ldap._search_admin(what, None)) > 0: group = u'admin' user = User.by_login(session, login) if not user: user = User.create_from_ldap(session, user_data, group) else: # update user with ldap informations in case it changed user.email = user_data['email'].decode('utf-8') user.firstname = user_data['firstname'].decode('utf-8') user.lastname = user_data['lastname'].decode('utf-8') user.manager_dn = user_data['manager_dn'].decode('utf-8') user.dn = user_data['dn'].decode('utf-8') user.role = group session.add(user) session.commit()