コード例 #1
0
    def get_schema(self,
                   ldap_obj_class_name_or_oid,
                   reload=False,
                   do_reload=False):  #pylint: disable=redefined-builtin
        """Get attributes as provided by schema

        - we only do this once when it is requested
        - we cache the result as this should not change in a single run
        - unless the reload flag is set :-D

        @type ldap_obj_class_name_or_oid: LDAP class name or OID to get the schema from
                                         (passed to ldap.schema.subentry.SubSchema)
        @type reload: deprecated argument, do not use anymore, use do_reload
        @type do_reload: boolean indicating if the schema should be returned form the cache or reloaded from the LDAP
                      server.

        @returns: dictionary containing details about the schema
                  there is an entry for each attribute with the following keys
                  - ['oid'] gives the corresponding oid for the attribute
                  - ['single'] gives True for a single-value attribute, False otherwise

        @raise: LDAPError when the schema cannot be fetched for the given object class
        """
        if reload:
            logging.warning(
                'usage of reload is deprecated, use do_reload instead')
            do_reload = reload

        if self.ldap is None:
            self.bind()

        if not do_reload and ldap_obj_class_name_or_oid in self.schema:
            return self.schema[ldap_obj_class_name_or_oid]

        self.schema[ldap_obj_class_name_or_oid] = {}

        try:
            # returns ('cn=Subschema', <ldap.schema.subentry.SubSchema instance at 0x1986878>)
            schematype, schema = ldap.schema.subentry.urlfetch(
                self.ldap.ldap_url.unparse())
        except ldap.LDAPError:
            self.log.raiseException("Failed to fetch schema")

        attributes = {}

        if schematype == 'cn=Subschema':
            try:
                # this returns a list of dicts
                for x in schema.attribute_types([ldap_obj_class_name_or_oid]):
                    attributes.update(x)
            except Exception:
                self.log.raiseException(
                    "Failed to retrieve attributes from schematype %s and ldap_obj_class_name_or_oid %s"
                    % (schematype, ldap_obj_class_name_or_oid))
        else:
            self.log.error('Unknown returned schematype %s' % schematype)

        if len(attributes) == 0:
            self.log.error(
                "No attributes from schematype %s and ldap_obj_class_name_or_oid %s"
                % (schematype, ldap_obj_class_name_or_oid))
            return None

        for attr in attributes.values():
            oid = attr.oid
            single = attr.single_value == 1
            name = attr.names[0]
            if len(attr.names) > 1:
                # what with multiple names?
                self.log.error(
                    "Multiple names associated with attr, only using first one. From %s: oid %s names %s"
                    % (ldap_obj_class_name_or_oid, oid, attr.names))

            self.schema[ldap_obj_class_name_or_oid][name] = {}
            self.schema[ldap_obj_class_name_or_oid][name]['single'] = single
            self.schema[ldap_obj_class_name_or_oid][name]['oid'] = oid

        return self.schema[ldap_obj_class_name_or_oid]
コード例 #2
0
ファイル: utils.py プロジェクト: boegel/vsc-ldap
    def get_schema(self, ldap_obj_class_name_or_oid, reload=False):
        """Get attributes as provided by schema

        - we only do this once when it is requested
        - we cache the result as this should not change in a single run
        - unless the reload flag is set :-D

        @type ldap_obj_class_name_or_oid: LDAP class name or OID to get the schema from
                                         (passed to ldap.schema.subentry.SubSchema)
        @type reload: boolean indicating if the schema should be returned form the cache or reloaded from the LDAP
                      server.

        @returns: dictionary containing details about the schema
                  there is an entry for each attribute with the following keys
                  - ['oid'] gives the corresponding oid for the attribute
                  - ['single'] gives True for a single-value attribute, False otherwise

        @raise: LDAPError when the schema cannot be fetched for the given object class
        """
        if self.ldap is None:
            self.bind()

        if not reload and ldap_obj_class_name_or_oid in self.schema:
            return self.schema[ldap_obj_class_name_or_oid]

        self.schema[ldap_obj_class_name_or_oid] = {}

        try:
            # returns ('cn=Subschema', <ldap.schema.subentry.SubSchema instance at 0x1986878>)
            schematype, schema = ldap.schema.subentry.urlfetch(self.ldap.ldap_url.unparse())
        except ldap.LDAPError:
            self.log.raiseException("Failed to fetch schema from url %s" % (self.ldap.ldap_url))

        attributes = {}

        if schematype == 'cn=Subschema':
            try:
                # this returns a list of dicts
                for x in schema.attribute_types([ldap_obj_class_name_or_oid]):
                    attributes.update(x)
            except Exception:
                self.log.raiseException("Failed to retrieve attributes from schematype %s and ldap_obj_class_name_or_oid %s"
                                        % (schematype, ldap_obj_class_name_or_oid))
        else:
            self.log.error('Unknown returned schematype %s' % schematype)

        if len(attributes) == 0:
            self.log.error("No attributes from schematype %s and ldap_obj_class_name_or_oid %s"
                           % (schematype, ldap_obj_class_name_or_oid))
            return None

        for attr in attributes.values():
            oid = attr.oid
            single = attr.single_value == 1
            name = attr.names[0]
            if len(attr.names) > 1:
                # what with multiple names?
                self.log.error("Multiple names associated with attr, only using first one. From %s: oid %s names %s"
                               % (ldap_obj_class_name_or_oid, oid, attr.names))

            self.schema[ldap_obj_class_name_or_oid][name] = {}
            self.schema[ldap_obj_class_name_or_oid][name]['single'] = single
            self.schema[ldap_obj_class_name_or_oid][name]['oid'] = oid

        return self.schema[ldap_obj_class_name_or_oid]
コード例 #3
0
ファイル: schema.py プロジェクト: cajus/python3-ldap
    print(attr_type,str(se_orig))
print('*** Testing object class inetOrgPerson ***')

drink = schema.get_obj(ldap.schema.AttributeType,'favouriteDrink')
if not drink is None:
  print('*** drink ***')
  print('drink.names',repr(drink.names))
  print('drink.collective',repr(drink.collective))

inetOrgPerson = schema.get_obj(ldap.schema.ObjectClass,'inetOrgPerson')
if not inetOrgPerson is None:
  print(inetOrgPerson.must,inetOrgPerson.may)

print('*** person,organizationalPerson,inetOrgPerson ***')
try:
  print(schema.attribute_types()
    ['person','organizationalPerson','inetOrgPerson']
  )
  print(schema.attribute_types()
    ['person','organizationalPerson','inetOrgPerson'],
    attr_type_filter = [
      ('no_user_mod',[0]),
      ('usage',range(2)),
    ]  
  )
except KeyError as e:
  print('***KeyError',str(e))


schema.ldap_entry()

print(str(schema.get_obj(ldap.schema.MatchingRule,'2.5.13.0')))
コード例 #4
0
ファイル: schema.py プロジェクト: shobull/hue
for attr_type, schema_class in ldap.schema.SCHEMA_CLASS_MAPPING.items():
    print "*" * 20, attr_type, "*" * 20
    for element_id in schema.listall(schema_class):
        se_orig = schema.get_obj(schema_class, element_id)
        se_reverse = schema_reverse.get_obj(schema_class, element_id)
        #    assert str(se_orig)==str(se_reverse)
        print attr_type, str(se_orig)
print "*** Testing object class inetOrgPerson ***"

inetOrgPerson = schema.get_obj(ldap.schema.ObjectClass, "inetOrgPerson")
if not inetOrgPerson is None:
    print inetOrgPerson.must, inetOrgPerson.may

print "*** person,organizationalPerson,inetOrgPerson ***"
try:
    print schema.attribute_types(["person", "organizationalPerson", "inetOrgPerson"])
    print schema.attribute_types(
        ["person", "organizationalPerson", "inetOrgPerson"],
        attr_type_filter=[("no_user_mod", [0]), ("usage", range(2))],
    )
except KeyError, e:
    print "***KeyError", str(e)

drink = schema.get_obj(ldap.schema.AttributeType, "favouriteDrink")
if not drink is None:
    print "*** drink ***"
    print "drink.names", repr(drink.names)
    print "drink.collective", repr(drink.collective)


schema.ldap_entry()
コード例 #5
0
ファイル: schema.py プロジェクト: shubhkr1023/python-ldap-1
        print(attr_type, str(se_orig))
print('*** Testing object class inetOrgPerson ***')

drink = schema.get_obj(ldap.schema.AttributeType, 'favouriteDrink')
if not drink is None:
    print('*** drink ***')
    print('drink.names', repr(drink.names))
    print('drink.collective', repr(drink.collective))

inetOrgPerson = schema.get_obj(ldap.schema.ObjectClass, 'inetOrgPerson')
if not inetOrgPerson is None:
    print(inetOrgPerson.must, inetOrgPerson.may)

print('*** person,organizationalPerson,inetOrgPerson ***')
try:
    print(schema.attribute_types()['person', 'organizationalPerson',
                                   'inetOrgPerson'])
    print(schema.attribute_types()['person', 'organizationalPerson',
                                   'inetOrgPerson'],
          attr_type_filter=[
              ('no_user_mod', [0]),
              ('usage', range(2)),
          ])
except KeyError as e:
    print('***KeyError', str(e))

schema.ldap_entry()

print(str(schema.get_obj(ldap.schema.MatchingRule, '2.5.13.0')))
print(str(schema.get_obj(ldap.schema.MatchingRuleUse, '2.5.13.0')))

print(str(schema.get_obj(ldap.schema.AttributeType, 'name')))
コード例 #6
0
ファイル: schema.py プロジェクト: houseofsuns/python-ldap
print('*** Testing object class inetOrgPerson ***')

drink = schema.get_obj(ldap.schema.AttributeType, 'favouriteDrink')
if not drink is None:
    print('*** drink ***')
    print('drink.names', repr(drink.names))
    print('drink.collective', repr(drink.collective))

inetOrgPerson = schema.get_obj(ldap.schema.ObjectClass, 'inetOrgPerson')
if not inetOrgPerson is None:
    print(inetOrgPerson.must, inetOrgPerson.may)

print('*** person,organizationalPerson,inetOrgPerson ***')
try:
    print(
        schema.attribute_types(
            ['person', 'organizationalPerson', 'inetOrgPerson']))
    print(
        schema.attribute_types(
            ['person', 'organizationalPerson', 'inetOrgPerson'],
            attr_type_filter=[
                ('no_user_mod', [0]),
                ('usage', range(2)),
            ]))
except KeyError as e:
    print('***KeyError', str(e))

schema.ldap_entry()

print(str(schema.get_obj(ldap.schema.MatchingRule, '2.5.13.0')))
print(str(schema.get_obj(ldap.schema.MatchingRuleUse, '2.5.13.0')))
コード例 #7
0
ファイル: schema.py プロジェクト: oflebbe/python-ldap
  print('*'*20,attr_type,'*'*20)
  for element_id in schema.listall(schema_class):
    se_orig = schema.get_obj(schema_class,element_id)
    se_reverse = schema_reverse.get_obj(schema_class,element_id)
#    assert str(se_orig)==str(se_reverse)
    print(attr_type,str(se_orig))
print('*** Testing object class inetOrgPerson ***')

inetOrgPerson = schema.get_obj(ldap.schema.ObjectClass,'inetOrgPerson')
if not inetOrgPerson is None:
  print(inetOrgPerson.must,inetOrgPerson.may)

print('*** person,organizationalPerson,inetOrgPerson ***')
try:
  print(schema.attribute_types(
    ['person','organizationalPerson','inetOrgPerson']
  ))
  print(schema.attribute_types(
    ['person','organizationalPerson','inetOrgPerson'],
    attr_type_filter = [
      ('no_user_mod',[0]),
      ('usage',list(range(2))),
    ]  
  ))
except KeyError as e:
  print('***KeyError',str(e))

drink = schema.get_obj(ldap.schema.AttributeType,'favouriteDrink')
if not drink is None:
  print('*** drink ***')
  print('drink.names',repr(drink.names))
コード例 #8
0
import sys, pprint, ldap, ldap.schema

schema_attrs = ldap.schema.SCHEMA_ATTRS

ldap.set_option(ldap.OPT_DEBUG_LEVEL, 0)

ldap._trace_level = 0

subschemasubentry_dn, schema = ldap.schema.urlfetch(sys.argv[-1])

if subschemasubentry_dn is None:
    print 'No sub schema sub entry found!'
    sys.exit(1)

oc_list = [
    'person',
    'organizationalPerson',
    'inetOrgPerson',
]
struct_oc = schema.get_structural_oc(oc_list)
#print str(schema.get_obj(ldap.schema.ObjectClass,struct_oc))
pprint.pprint(schema.get_applicable_aux_classes(struct_oc))
pprint.pprint(schema.attribute_types(oc_list))
コード例 #9
0
ファイル: schema.py プロジェクト: P79N6A/hue-from-scratch
  print '*'*20,attr_type,'*'*20
  for element_id in schema.listall(schema_class):
    se_orig = schema.get_obj(schema_class,element_id)
    se_reverse = schema_reverse.get_obj(schema_class,element_id)
#    assert str(se_orig)==str(se_reverse)
    print attr_type,str(se_orig)
print '*** Testing object class inetOrgPerson ***'

inetOrgPerson = schema.get_obj(ldap.schema.ObjectClass,'inetOrgPerson')
if not inetOrgPerson is None:
  print inetOrgPerson.must,inetOrgPerson.may

print '*** person,organizationalPerson,inetOrgPerson ***'
try:
  print schema.attribute_types(
    ['person','organizationalPerson','inetOrgPerson']
  )
  print schema.attribute_types(
    ['person','organizationalPerson','inetOrgPerson'],
    attr_type_filter = [
      ('no_user_mod',[0]),
      ('usage',range(2)),
    ]  
  )
except KeyError,e:
  print '***KeyError',str(e)

drink = schema.get_obj(ldap.schema.AttributeType,'favouriteDrink')
if not drink is None:
  print '*** drink ***'
  print 'drink.names',repr(drink.names)
コード例 #10
0
ファイル: schema.py プロジェクト: Apothys/ServicePad
print '*** Testing object class inetOrgPerson ***'

drink = schema.get_obj(ldap.schema.AttributeType,'favouriteDrink')
if not drink is None:
  print '*** drink ***'
  print 'drink.names',repr(drink.names)
  print 'drink.collective',repr(drink.collective)

inetOrgPerson = schema.get_obj(ldap.schema.ObjectClass,'inetOrgPerson')
if not inetOrgPerson is None:
  print inetOrgPerson.must,inetOrgPerson.may

print '*** person,organizationalPerson,inetOrgPerson ***'
try:
  print schema.attribute_types(
    ['person','organizationalPerson','inetOrgPerson']
  )
  print schema.attribute_types(
    ['person','organizationalPerson','inetOrgPerson'],
    attr_type_filter = [
      ('no_user_mod',[0]),
      ('usage',range(2)),
    ]  
  )
except KeyError,e:
  print '***KeyError',str(e)


schema.ldap_entry()

print str(schema.get_obj(ldap.schema.MatchingRule,'2.5.13.0'))
コード例 #11
0
class LdapQuery(object):
    """Singleton class to interact with the LDAP server.

    This level is LDAP-schema aware. It knows about the dn for people, groups and projects.

    Allows searching for
        - users
        - groups
        - projects

    If distinct group types that are required that are identified, e.g., by specific names, subclass LdapQuery
    and/or use the post_filter arguments.
    """
    __metaclass__ = Singleton

    def __init__(self, configuration):
        """
        Initalisation.

        @type configuration: a SchemaConfiguration instance.

        If you initialise using None as the configuration, this will not fail
        if the singleton has already been created.
        """
        self.log = fancylogger.getLogger(name=self.__class__.__name__)
        self.configuration = configuration
        self.ldap = LdapConnection(configuration)

        self.ldap.connect()
        self.ldap.bind()

        self.schema = {}

    def _filter_search(self, base, multi_value_attributes, ldap_filter, attributes, post_filter):
        entries = self.ldap.search(ldap_filter, base, attributes)
        results = [self.__delist_ldap_return_value(e, multi_value_attributes, attributes) for e in entries]
        if post_filter:
            (attribute, regex) = post_filter
            results = [r for r in results if regex.match(r[attribute])]

        self.log.debug("_filter_search finds %d results" % (len(results)))
        return results

    def group_filter_search(self, ldap_filter, attributes=None, post_filter=None):
        """Perform an LDAP lookup in the group tree, based on the given filter.

        @type ldap_filter: string describing an LDAP filter or LdapFilter instance
        @type attributes: list of strings describing LDAP attributes. If this is
                          None (default), we return all retrieved attributes.
        @type post_filter: (attribute name, compiled regex), allows filtering the results
                           based on the specified attribute matching the givenregex. Note
                           that the attribute is matched, not searched.

        @returns: list of matching LDAP entries as dictionaries, limited to the requested attributes.

        @raise ldap.OTHER if the LDAP connection was not properly instantiated
        """
        if not self.ldap:
            self.log.error("LDAP search request (group_filter_search) failed: ldap not initialised")
            raise ldap.OTHER()

        # for groups, we use the following base
        self.log.info("group_filter_search: ldap_filter = %s, requested attributes = %s" % (ldap_filter, attributes))

        return self._filter_search(self.configuration.group_dn_base,
                                   self.configuration.group_multi_value_attributes,
                                   ldap_filter,
                                   attributes,
                                   post_filter)

    def group_search(self, cn, member_uid, attributes=None):
        """Perform an LDAP lookup in the group tree, looking for the entry with given cn and memberUid.

        @type cn: string representing the desired common name in the LDAP database
        @type member_uid: string representing the member's user id in the LDAP database?
        @type attributes: list of strings describing LDAP attributes. If this is
                          None (default), we return all the retrieved attributes

        @returns: the matching LDAP entry as a dictionary, limited to the requested attributes.
        """
        self.log.info("group_search: cn = %s, member_uid = %s, requested attributes = %s"
                      % (cn, member_uid, attributes))
        cn_filter = CnFilter(cn)
        member_filter = MemberFilter(member_uid)
        result = self.group_filter_search(cn_filter & member_filter, attributes)
        self.log.debug("group_search for %s, %s yields %s" % (cn, member_uid, result))
        if not result is None and len(result) > 0:
            return result[0]
        else:
            self.log.debug("group_search returning None")
            return None

    def project_filter_search(self, ldap_filter, attributes=None, post_filter=None):
        """Perform an LDAP lookup in the projects tree, based on the given filter.

        @type ldap_filter: string describing an LDAP filter or LdapFilter instance
        @type attributes: list of strings describing LDAP attributes. If this is
                          None (default), we return all retrieved attributes
        @type post_filter: (attribute name, compiled regex), allows filtering the results
                           based on the specified attribute matching the givenregex. Note
                           that the attribute is matched, not searched.

        @returns: list of matching LDAP entries as dictionaries, limited to the requested attributes.

        @raise ldap.OTHER if the LDAP connection was not properly instantiated
        """
        if not self.ldap:
            self.log.error("LDAP search request (user_filter_search) failed: ldap not initialised")
            raise ldap.OTHER()

        return self._filter_search(self.configuration.project_dn_base,
                                   self.configuration.project_multi_value_attributes,
                                   ldap_filter,
                                   attributes,
                                   post_filter)

    def vo_filter_search(self, ldap_filter, attributes=None, post_filter=None):
        """Perform an LDAP lookup in the VO tree, based on the given filter.

        @type ldap_filter: string describing an LDAP filter or LdapFilter instance
        @type attributes: list of strings describing LDAP attributes. If this is
                          None (default), we return all retrieved attributes
        @type post_filter: (attribute name, compiled regex), allows filtering the results
                           based on the specified attribute matching the givenregex. Note
                           that the attribute is matched, not searched.

        @returns: list of matching LDAP entries as dictionaries, limited to the requested attributes.

        @raise ldap.OTHER if the LDAP connection was not properly instantiated
        """
        if not self.ldap:
            self.log.error("LDAP search request (user_filter_search) failed: ldap not initialised")
            raise ldap.OTHER()

        return self._filter_search(self.configuration.vo_dn_base,
                                   self.configuration.vo_multi_value_attributes,
                                   ldap_filter,
                                   attributes,
                                   post_filter)

    def user_filter_search(self, ldap_filter, attributes=None, post_filter=None):
        """Perform an LDAP lookup in the user tree, based on the given filter.

        @type filter: string describing an LDAP filter or LdapFilter instance
        @type attributes: list of strings describing LDAP attributes. If this is
                          None (default), we return all retrieved attributes
        @type post_filter: (attribute name, compiled regex), allows filtering the results
                           based on the specified attribute matching the givenregex. Note
                           that the attribute is matched, not searched.

        @returns: list of matching LDAP entries as dictionaries, limited to the requested attributes.

        @raise ldap.OTHER if the LDAP connection was not properly instantiated
        """
        if not self.ldap:
            self.log.error("LDAP search request (user_filter_search) failed: ldap not initialised")
            raise ldap.OTHER()

        # For users, we use the following base:
        self.log.info("user_filter_search: filter = %s, requested attributes = %s" % (filter, attributes))
        return self._filter_search(self.configuration.user_dn_base,
                                   self.configuration.user_multi_value_attributes,
                                   ldap_filter,
                                   attributes,
                                   post_filter)

    def user_search(self, user_id, institute, attributes=None):
        """Perform an LDAP search for the given user and institute.

        Note that both user_id and institute are mandatory here. If this is
        not what you want, you should instead use user_filter_search.

        @type user_id: string representing the user login in the given institute
        @type institute: string representing the institute
        @type attributes: list of string describing LDAP attributes. If this is
                           None (default) then all attributes are returned.

        @returns: a dictionary, with the values for the requested attributes for the given user
        """
        login_filter = LdapFilter("instituteLogin=%s" % (user_id))
        institute_filter = LdapFilter("institute=%s" % (institute))

        result = self.user_filter_search(login_filter & institute_filter, attributes)
        self.log.debug("user_search for %s, %s yields %s" % (user_id, institute, result))
        if not result is None and len(result) > 0:
            return result[0]
        else:
            self.log.debug("user_search returning None")
            return None

    def __delist_ldap_return_value(self, entry, list_attributes=None, attributes=None):
        """Get sensible values, i.e., not lists in the LDAP returned values
        if they're not needed.

        Note that a user can have e.g., multiple public keys, so we're keeping
        that as a list. Such attributes should be specified in the list_attributes

        @type entry: LDAP result entry as a dictionary
        @type list_attributes
        @type attributes: attribute names we wish to retain
        """
        kvs = [(k, v[0]) for (k, v) in entry.iteritems()
                if (list_attributes is None or k not in list_attributes)
                and (attributes is None or k in attributes)]
        # we do want to get all the attributes that provide multiple items
        for a in list_attributes:
            if (attributes is None or a in attributes) and a in entry:
                kvs.append((a, entry[a]))
        return dict(kvs)

    def __modify(self, current, dn, attributes):
        """Actually make the modification."""
        current_ = {}
        for key in attributes.keys():
            current_[key] = current.get(key, [])
        # [(ldap.MOD_REPLACE, k, v) for (k,v) in attributes.iteritems()]
        modification_attributes = ldap.modlist.modifyModlist(current_, attributes)

        self.ldap.modify_attributes(dn, modification_attributes)

    def group_modify(self, cn, attributes):
        """Change one or more attributes for a given group.

        @type cn: string representing the common name for the group
        @type attributes:  dictionary with the attribute names and their new values

        @raise: NoSuchGroupError
        """
        dn = "cn=%s,%s" % (cn, self.configuration.group_dn_base)
        current = self.group_filter_search(CnFilter(cn))
        if current is None:
            self.log.error("group_modify did not find group with cn = %s (dn = %s)" % (cn, dn))
            raise NoSuchGroupError(cn)
        self.log.debug("group_modify current attribute values = %s - new attribute values = %s"
                       % (current[0], attributes))
        self.__modify(current[0], dn, attributes)

    def user_modify(self, cn, attributes):
        """Change one or more attributes for a given user.

        @type cn: string representing the common name for the user
        @type attributes: dictionary with the attribute names and their new values

        @raise: NoSuchUserError
        """
        dn = "cn=%s,%s" % (cn, self.configuration.user_dn_base)
        current = self.user_filter_search(CnFilter(cn))
        if current is None:
            self.log.error("user_modify did not find user with cn = %s (dn = %s)" % (cn, dn))
            raise NoSuchUserError(cn)
        self.log.debug("user_modify current attribute values = %s - new attribute values = %s"
                       % (current[0], attributes))
        self.__modify(current[0], dn, attributes)

    def project_modify(self, cn, attributes):
        """Change one or more attributes for a given project.

        @type cn: string representing the common name for the user
        @type attributes: dictionary with the attribute names and their new values

        @raise: NoSuchProjectError
        """
        dn = "cn=%s,%s" % (cn, self.configuration.project_dn_base)
        current = self.project_filter_search(CnFilter(cn))
        if current is None:
            self.log.error("project_modify did not find project with cn = %s (dn = %s)" % (cn, dn))
            raise NoSuchProjectError(cn)
        self.log.debug("project_modify current attribute values = %s - new attribute values = %s"
                       % (current[0], attributes))
        self.__modify(current[0], dn, attributes)

    def user_add(self, cn, attributes):
        """Add the values for the given attributes.

        @type cn: string representing the common name for the user. Together with the subtree, this forms the dn.
        @type attributes: dictionary with attributes for which a value should be added
        """
        dn = "cn=%s,%s" % (cn, self.configuration.user_dn_base)
        self.ldap.add(dn, attributes.items())

    def group_add(self, cn, attributes):
        """Add the values for the given attributes.

        @type cn: string representing the common name for the group. Together with the subtree, this forms the dn.
        @type attributes: dictionary with attributes for which a value should be added
        """
        dn = "cn=%s,%s" % (cn, self.configuration.group_dn_base)
        self.ldap.add(dn, attributes.items())

    def project_add(self, cn, attributes):
        """Add the values for the given attributes.

        @type cn: string representing the common name for the project. Together with the subtree, this forms the dn.
        @type attributes: dictionary with attributes for which a value should be added
        """
        dn = "cn=%s,%s" % (cn, self.configuration.project_dn_base)
        self.ldap.add(dn, attributes.items())

    def get_schema(self, ldap_obj_class_name_or_oid, reload=False):
        """Get attributes as provided by schema

        - we only do this once when it is requested
        - we cache the result as this should not change in a single run
        - unless the reload flag is set :-D

        @type ldap_obj_class_name_or_oid: LDAP class name or OID to get the schema from
                                         (passed to ldap.schema.subentry.SubSchema)
        @type reload: boolean indicating if the schema should be returned form the cache or reloaded from the LDAP
                      server.

        @returns: dictionary containing details about the schema
                  there is an entry for each attribute with the following keys
                  - ['oid'] gives the corresponding oid for the attribute
                  - ['single'] gives True for a single-value attribute, False otherwise

        @raise: LDAPError when the schema cannot be fetched for the given object class
        """
        if self.ldap is None:
            self.bind()

        if not reload and ldap_obj_class_name_or_oid in self.schema:
            return self.schema[ldap_obj_class_name_or_oid]

        self.schema[ldap_obj_class_name_or_oid] = {}

        try:
            # returns ('cn=Subschema', <ldap.schema.subentry.SubSchema instance at 0x1986878>)
            schematype, schema = ldap.schema.subentry.urlfetch(self.ldap.ldap_url.unparse())
        except ldap.LDAPError, _:
            self.log.raiseException("Failed to fetch schema from url %s" % (self.ldap.ldap_url))

        attributes = {}

        if schematype == 'cn=Subschema':
            try:
                # this returns a list of dicts
                for x in schema.attribute_types([ldap_obj_class_name_or_oid]):
                    attributes.update(x)
            except Exception, _:
                self.log.raiseException("Failed to retrieve attributes from schematype %s and ldap_obj_class_name_or_oid %s"
                                        % (schematype, ldap_obj_class_name_or_oid))
コード例 #12
0
import sys, pprint, ldap, ldap.schema

schema_attrs = ldap.schema.SCHEMA_ATTRS

ldap.set_option(ldap.OPT_DEBUG_LEVEL, 0)

ldap._trace_level = 0

subschemasubentry_dn, schema = ldap.schema.urlfetch(sys.argv[-1])

if subschemasubentry_dn is None:
    print "No sub schema sub entry found!"
    sys.exit(1)

oc_list = ["person", "organizationalPerson", "inetOrgPerson"]
struct_oc = schema.get_structural_oc(oc_list)
# print str(schema.get_obj(ldap.schema.ObjectClass,struct_oc))
pprint.pprint(schema.get_applicable_aux_classes(struct_oc))
pprint.pprint(schema.attribute_types(oc_list))