def validate(self, value):
if value is None:
return
verrors = ValidationErrors()
if not dn.is_dn(value):
verrors.add(self.name, "Invalid LDAP DN specified.")
verrors.check()
return super().validate(value)
def get(self, selector=[], dn=None, json=False):
"""Create a test user with uid=test_user_UID rdn
:param uid: User id
:type uid: int
:param gid: Group id
:type gid: int
:returns: DSLdapObject of the created entry
"""
# Normalise escaped characters
if is_dn(selector):
selector = dn2str(str2dn(selector))
return super(MappingTrees, self).get(selector, dn, json)
def _get_dn_arg(args, msg=None):
dn_arg = _get_arg(args, msg)
if not is_dn(dn_arg):
raise ValueError(f"{dn_arg} is not a valid DN")
return dn_arg
def create_dsrc(inst, log, args):
"""Create the .dsrc file
[instance]
uri = ldaps://hostname:port
basedn = dc=example,dc=com
binddn = uid=user,....
saslmech = [EXTERNAL|PLAIN]
tls_cacertdir = /path/to/cacertdir
tls_cert = /path/to/user.crt
tls_key = /path/to/user.key
tls_reqcert = [never, hard, allow]
starttls = [true, false]
pwdfile = /path/to/file
"""
dsrc_file = f'{expanduser("~")}/.dsrc'
config = configparser.ConfigParser()
config.read(dsrc_file)
# Verify this section does not already exist
instances = config.sections()
if inst.serverid in instances:
raise ValueError(
"There is already a configuration section for this instance!")
# Process and validate the args
config[inst.serverid] = {}
if args.uri is not None:
if not isLDAPUrl(args.uri):
raise ValueError("The uri is not a valid LDAP URL!")
if args.uri.startswith("ldapi"):
# We must use EXTERNAL saslmech for LDAPI
args.saslmech = "EXTERNAL"
config[inst.serverid]['uri'] = args.uri
if args.basedn is not None:
if not is_dn(args.basedn):
raise ValueError("The basedn is not a valid DN!")
config[inst.serverid]['basedn'] = args.basedn
if args.binddn is not None:
if not is_dn(args.binddn):
raise ValueError("The binddn is not a valid DN!")
config[inst.serverid]['binddn'] = args.binddn
if args.saslmech is not None:
if args.saslmech not in ['EXTERNAL', 'PLAIN']:
raise ValueError("The saslmech must be EXTERNAL or PLAIN!")
config[inst.serverid]['saslmech'] = args.saslmech
if args.tls_cacertdir is not None:
if not path.exists(args.tls_cacertdir):
raise ValueError('--tls-cacertdir directory does not exist!')
config[inst.serverid]['tls_cacertdir'] = args.tls_cacertdir
if args.tls_cert is not None:
if not path.exists(args.tls_cert):
raise ValueError('--tls-cert does not point to an existing file!')
config[inst.serverid]['tls_cert'] = args.tls_cert
if args.tls_key is not None:
if not path.exists(args.tls_key):
raise ValueError('--tls-key does not point to an existing file!')
config[inst.serverid]['tls_key'] = args.tls_key
if args.tls_reqcert is not None:
if args.tls_reqcert not in ['never', 'hard', 'allow']:
raise ValueError(
'--tls-reqcert value is invalid (must be either "never", "allow", or "hard")!'
)
config[inst.serverid]['tls_reqcert'] = args.tls_reqcert
if args.starttls:
config[inst.serverid]['starttls'] = 'true'
if args.pwdfile is not None:
if not path.exists(args.pwdfile):
raise ValueError('--pwdfile does not exist!')
config[inst.serverid]['pwdfile'] = args.pwdfile
if len(config[inst.serverid]) == 0:
# No args set
raise ValueError(
"You must set at least one argument for the new dsrc file!")
# Print a preview of the config
log.info(f'Updating "{dsrc_file}" with:\n')
log.info(f' [{inst.serverid}]')
for k, v in config[inst.serverid].items():
log.info(f' {k} = {v}')
# Perform confirmation?
if not args.do_it:
while 1:
val = input(f'\nUpdate "{dsrc_file}" ? [yes]: ').rstrip().lower()
if val == '' or val == 'y' or val == 'yes':
break
if val == 'n' or val == 'no':
return
# Now write the file
with open(dsrc_file, 'w') as configfile:
config.write(configfile)
log.info(f'Successfully updated: {dsrc_file}')
def modify_dsrc(inst, log, args):
"""Modify the instance config
"""
dsrc_file = f'{expanduser("~")}/.dsrc'
if path.exists(dsrc_file):
config = configparser.ConfigParser()
config.read(dsrc_file)
# Verify we have a section to modify
instances = config.sections()
if inst.serverid not in instances:
raise ValueError(
"There is no configuration section for this instance to modify!"
)
# Process and validate the args
if args.uri is not None:
if not isLDAPUrl(args.uri):
raise ValueError("The uri is not a valid LDAP URL!")
if args.uri.startswith("ldapi"):
# We must use EXTERNAL saslmech for LDAPI
args.saslmech = "EXTERNAL"
if args.uri == '':
del config[inst.serverid]['uri']
else:
config[inst.serverid]['uri'] = args.uri
if args.basedn is not None:
if not is_dn(args.basedn):
raise ValueError("The basedn is not a valid DN!")
if args.basedn == '':
del config[inst.serverid]['basedn']
else:
config[inst.serverid]['basedn'] = args.basedn
if args.binddn is not None:
if not is_dn(args.binddn):
raise ValueError("The binddn is not a valid DN!")
if args.binddn == '':
del config[inst.serverid]['binddn']
else:
config[inst.serverid]['binddn'] = args.binddn
if args.saslmech is not None:
if args.saslmech not in ['EXTERNAL', 'PLAIN']:
raise ValueError("The saslmech must be EXTERNAL or PLAIN!")
if args.saslmech == '':
del config[inst.serverid]['saslmech']
else:
config[inst.serverid]['saslmech'] = args.saslmech
if args.tls_cacertdir is not None:
if not path.exists(args.tls_cacertdir):
raise ValueError('--tls-cacertdir directory does not exist!')
if args.tls_cacertdir == '':
del config[inst.serverid]['tls_cacertdir']
else:
config[inst.serverid]['tls_cacertdir'] = args.tls_cacertdir
if args.tls_cert is not None:
if not path.exists(args.tls_cert):
raise ValueError(
'--tls-cert does not point to an existing file!')
if args.tls_cert == '':
del config[inst.serverid]['tls_cert']
else:
config[inst.serverid]['tls_cert'] = args.tls_cert
if args.tls_key is not None:
if not path.exists(args.tls_key):
raise ValueError(
'--tls-key does not point to an existing file!')
if args.tls_key == '':
del config[inst.serverid]['tls_key']
else:
config[inst.serverid]['tls_key'] = args.tls_key
if args.tls_reqcert is not None:
if args.tls_reqcert not in ['never', 'hard', 'allow']:
raise ValueError(
'--tls-reqcert value is invalid (must be either "never", "allow", or "hard")!'
)
if args.tls_reqcert == '':
del config[inst.serverid]['tls_reqcert']
else:
config[inst.serverid]['tls_reqcert'] = args.tls_reqcert
if args.starttls:
config[inst.serverid]['starttls'] = 'true'
if args.cancel_starttls:
config[inst.serverid]['starttls'] = 'false'
if args.pwdfile is not None:
if not path.exists(args.pwdfile):
raise ValueError('--pwdfile does not exist!')
if args.pwdfile == '':
del config[inst.serverid]['pwdfile']
else:
config[inst.serverid]['pwdfile'] = args.pwdfile
# Okay now rewrite the file
with open(dsrc_file, 'w') as configfile:
config.write(configfile)
log.info(f'Successfully updated: {dsrc_file}')
else:
raise ValueError(f'There is no .dsrc file "{dsrc_file}" to update!')