def _get_identity(self, identifier): with ldap_context(self.ldap_settings): user_dn, user_data = get_user_by_id(identifier, self._attributes) if not user_dn: return None return IdentityInfo(self, identifier=user_data[self.ldap_settings['uid']][0], **to_unicode(user_data))
def get_group(self, name): with ldap_context(self.ldap_settings): group_dn, group_data = get_group_by_id(name, [self.ldap_settings['gid']]) if not group_dn: return None group_name = to_unicode(group_data[self.ldap_settings['gid']][0]) return self.group_class(self, group_name, group_dn)
def get_members(self): with ldap_context(self.ldap_settings): group_dns = self._iter_group() group_dn = next(group_dns) while group_dn: user_filter = build_user_search_filter({self.ldap_settings['member_of_attr']: {group_dn}}, exact=True) for _, user_data in self.provider._search_users(user_filter): yield IdentityInfo(self.provider, identifier=user_data[self.ldap_settings['uid']][0], **to_unicode(user_data)) group_filter = build_group_search_filter({self.ldap_settings['member_of_attr']: {group_dn}}, exact=True) subgroups = list(self.provider._search_groups(group_filter)) group_dn = group_dns.send(subgroups)
def search_groups(self, name, exact=False): with ldap_context(self.ldap_settings): search_filter = build_group_search_filter( {self.ldap_settings['gid']: {name}}, exact=exact) if not search_filter: raise GroupRetrievalFailed( "Unable to generate search filter from criteria", provider=self) for group_dn, group_data in self._search_groups(search_filter): group_name = to_unicode( group_data[self.ldap_settings['gid']][0]) yield self.group_class(self, group_name, group_dn)
def search_identities(self, criteria, exact=False): with ldap_context(self.ldap_settings): search_filter = build_user_search_filter(criteria, self.settings['mapping'], exact=exact) if not search_filter: raise IdentityRetrievalFailed( "Unable to generate search filter from criteria") for _, user_data in self._search_users(search_filter): yield IdentityInfo( self, identifier=user_data[self.ldap_settings['uid']][0], **to_unicode(user_data))
def __init__(self, *args, **kwargs): super(LDAPIdentityProvider, self).__init__(*args, **kwargs) self.set_defaults() self.ldap_settings.setdefault('gid', 'cn') self.ldap_settings.setdefault('group_filter', '(objectClass=groupOfNames)') self.ldap_settings.setdefault('member_of_attr', 'memberOf') self.ldap_settings.setdefault('ad_group_style', False) self.settings['mapping'] = to_unicode(self.settings['mapping']) self._attributes = list( convert_app_data(self.settings['mapping'], {}, self.settings['identity_info_keys']).values()) self._attributes.append(self.ldap_settings['uid'])
def set_defaults(self): self.ldap_settings.setdefault('timeout', 30) self.ldap_settings.setdefault('verify_cert', True) self.ldap_settings.setdefault('cert_file', certifi.where() if certifi else None) self.ldap_settings.setdefault('starttls', False) self.ldap_settings.setdefault('page_size', 1000) self.ldap_settings.setdefault('uid', 'uid') self.ldap_settings.setdefault('user_filter', '(objectClass=person)') if not self.ldap_settings['cert_file'] and self.ldap_settings[ 'verify_cert']: warn( "You should install certifi or provide a certificate file in order to verify the LDAP certificate." ) # Convert LDAP settings to text in case someone gave us bytes self.settings['ldap'] = to_unicode(self.settings['ldap'])
def get_members(self): with ldap_context(self.ldap_settings): group_dns = self._iter_group() group_dn = next(group_dns) while group_dn: user_filter = build_user_search_filter( {self.ldap_settings['member_of_attr']: {group_dn}}, exact=True) for _, user_data in self.provider._search_users(user_filter): yield IdentityInfo( self.provider, identifier=user_data[self.ldap_settings['uid']][0], **to_unicode(user_data)) group_filter = build_group_search_filter( {self.ldap_settings['member_of_attr']: {group_dn}}, exact=True) subgroups = list(self.provider._search_groups(group_filter)) group_dn = group_dns.send(subgroups)
def get_identity_groups(self, identifier): groups = set() with ldap_context(self.ldap_settings): user_dn, user_data = get_user_by_id(identifier, self._attributes) if not user_dn: return set() if self.ldap_settings['ad_group_style']: for sid in get_token_groups_from_user_dn(user_dn): search_filter = build_group_search_filter( {'objectSid': {sid}}, exact=True) for group_dn, group_data in self._search_groups( search_filter): group_name = to_unicode( group_data[self.ldap_settings['gid']][0]) groups.add(self.group_class(self, group_name, group_dn)) else: # OpenLDAP does not have a way to get all groups for a user including nested ones raise NotImplementedError( 'Only available for active directory') return groups
def test_to_unicode(data, expected): assert to_unicode(data) == expected
def search_identities(self, criteria, exact=False): with ldap_context(self.ldap_settings): search_filter = build_user_search_filter(criteria, self.settings['mapping'], exact=exact) if not search_filter: raise IdentityRetrievalFailed("Unable to generate search filter from criteria") for _, user_data in self._search_users(search_filter): yield IdentityInfo(self, identifier=user_data[self.ldap_settings['uid']][0], **to_unicode(user_data))