def get_all_filtered(self, hints, query=None): if self.ldap_filter: query = (query or '') + self.ldap_filter query = self.filter_query(hints, query) return [ common_ldap.filter_entity(group) for group in self.get_all(query, hints) ]
def filter_attributes(self, user): # make sure inactive users are disabled if 'sapObjectStatus' in user: if user['sapObjectStatus'] != STATUS_ACTIVE: user['enabled'] = False if 'camObjectStatus' in user: if user['camObjectStatus'] != CAM_STATUS_ACTIVE: user['enabled'] = False if 'ccObjectStatus' in user: if user['ccObjectStatus'] != STATUS_ACTIVE: user['enabled'] = False # keep CAM from messing with temporary T-users elif re.match(T_REGEX, user['name']): user['enabled'] = True else: # special case for fresh priovisioned CAM users: we transiently enable them to allow a initial login # the following pasword update will take care of setting the ccObjectStatus if not user['enabled'] and user[ 'camObjectStatus'] == CAM_STATUS_ACTIVE: user['enabled'] = True user.pop('sAMAccountName', None) user.pop('sapObjectStatus', None) user.pop('ccObjectStatus', None) user.pop('camObjectStatus', None) # evaluate password_expires_at if 'password_expires_at' in user: if user['password_expires_at'] == '0' or user[ 'password_expires_at'] == '9223372036854775807': user['password_expires_at'] = None else: # convert pwdLastSet to unix epoch ts = (int(user['password_expires_at']) / 10000000) - 11644473600 # TODO: this is over simplified and actually potentially dynamic (AD policy based) # add max 180 days AD policy based password age ts += 15552000 user['password_expires_at'] = datetime.datetime.fromtimestamp( ts) if 'userAccountControl' in user: do_not_expire = int(user['userAccountControl'] ) & 0x10000 # AD PASSWORD_NEVER_EXPIRES bit if do_not_expire: user['password_expires_at'] = None user.pop('userAccountControl', None) if 'password_failures' in user: if user['password_failures'] == '0': user.pop('password_failures', None) return base.filter_user(common_ldap.filter_entity(user))
def get_all_filtered(self, hints, query=None): if self.ldap_filter: query = (query or '') + self.ldap_filter query = self.filter_query(hints, query) return [common_ldap.filter_entity(group) for group in self.get_all(query, hints)]
def get_filtered_by_name(self, group_name): group = self.get_by_name(group_name) return common_ldap.filter_entity(group)
def get_filtered(self, group_id): group = self.get(group_id) return common_ldap.filter_entity(group)
def filter_attributes(self, user): return base.filter_user(common_ldap.filter_entity(user))
def update_group(self, group_id, group): msg = _DEPRECATION_MSG % "update_group" versionutils.report_deprecated_feature(LOG, msg) self.group.check_allow_update() return common_ldap.filter_entity(self.group.update(group_id, group))
def _update_group(self, group_id, group): msg = _DEPRECATION_MSG % "update_group" versionutils.report_deprecated_feature(LOG, msg) return common_ldap.filter_entity(self.group.update(group_id, group))
def create_group(self, group_id, group): msg = _DEPRECATION_MSG % "create_group" versionutils.report_deprecated_feature(LOG, msg) self.group.check_allow_create() return common_ldap.filter_entity(self.group.create(group))
def _create_group(self, group_id, group): msg = _DEPRECATION_MSG % "create_group" versionutils.report_deprecated_feature(LOG, msg) return common_ldap.filter_entity(self.group.create(group))