def test_read_entry_with_attribute_from_auxiliary_class(self):
if test_server_type != 'AD':
w = Writer(self.connection,
'inetorgperson',
auxiliary_class='homeInfo')
n = w.new('cn=' + testcase_id + 'new-3,' + test_base)
n.sn = 'sn-test-3'
n.homeState = 'state-test-3'
self.assertEqual(n.entry_status, STATUS_PENDING_CHANGES)
n.entry_commit_changes()
self.assertEqual(n.sn, 'sn-test-3')
self.assertEqual(n.homeState, 'state-test-3')
self.assertEqual(n.entry_status, STATUS_COMMITTED)
r = Reader(self.connection,
'inetorgperson',
test_base,
'(cn=' + testcase_id + 'new-3',
auxiliary_class='homeInfo')
r.search()
self.assertTrue(r[0].cn, testcase_id + 'new-3')
self.assertTrue(r[0].homeState, testcase_id + 'state-test-3')
w1 = Writer.from_cursor(r)
w1[0].entry_delete()
w1.commit()
def test_create_invalid_entry_with_attribute_from_auxiliary_class_not_declared(
self):
w = Writer(self.connection, 'inetorgperson')
n = w.new('cn=' + testcase_id + 'new-2,' + test_base)
n.sn = 'sn-test-2'
with self.assertRaises(LDAPCursorError):
n.homeState = 'state-test-2'
def test_create_new_entry(self):
w = Writer(self.connection, 'inetorgperson')
n = w.new('cn=abstraction-create,' + test_base)
try:
n.entry_commit_changes()
except LDAPCursorError:
pass
def test_create_new_entry_valid_and_move_after_commit(self):
w = Writer(self.connection, 'inetorgperson')
n = w.new('cn=' + testcase_id + 'new-7,' + test_base)
n.sn = 'sn-test-7'
self.assertEqual(n.entry_status, STATUS_PENDING_CHANGES)
n.entry_commit_changes()
self.assertEqual(n.sn, 'sn-test-7')
self.assertEqual(n.entry_status, STATUS_COMMITTED)
n.entry_move(test_moved)
self.assertEqual(n.entry_status, STATUS_READY_FOR_MOVING)
sleep(5)
n.entry_commit_changes()
self.assertEqual(n.entry_status, STATUS_COMMITTED)
n.entry_delete()
self.assertEqual(n.entry_status, STATUS_READY_FOR_DELETION)
counter = 20
while counter > 0:
try:
n.entry_commit_changes()
if n.entry_status == STATUS_DELETED:
break
except LDAPCursorError:
pass
counter -= 1
sleep(3)
self.assertEqual(n.entry_status, STATUS_DELETED)
def test_create_new_entry_valid_and_move_after_commit(self):
w = Writer(self.connection, 'inetorgperson')
n = w.new('cn=' + testcase_id + 'new-7,' + test_base)
n.sn = 'sn-test-7'
self.assertEqual(n.entry_status, STATUS_PENDING_CHANGES)
n.entry_commit_changes()
self.assertEqual(n.sn, 'sn-test-7')
self.assertEqual(n.entry_status, STATUS_COMMITTED)
n.entry_move(test_moved)
self.assertEqual(n.entry_status, STATUS_READY_FOR_MOVING)
sleep(5)
n.entry_commit_changes()
self.assertEqual(n.entry_status, STATUS_COMMITTED)
n.entry_delete()
self.assertEqual(n.entry_status, STATUS_READY_FOR_DELETION)
counter = 20
while counter > 0:
try:
n.entry_commit_changes()
if n.entry_status == STATUS_DELETED:
break
except LDAPCursorError:
pass
counter -= 1
sleep(3)
self.assertEqual(n.entry_status, STATUS_DELETED)
def test_create_new_entry_valid_and_rename_before_commit(self):
w = Writer(self.connection, 'inetorgperson')
n = w.new('cn=' + testcase_id + 'new-4,' + test_base)
n.sn = 'sn-test-4'
self.assertEqual(n.entry_status, STATUS_PENDING_CHANGES)
try:
n.entry_rename('cn=' + testcase_id + 'new-4-renamed')
except LDAPCursorError:
pass
def test_create_new_entry_valid_and_rename_before_commit(self):
w = Writer(self.connection, 'inetorgperson')
n = w.new('cn=' + testcase_id + 'new-4,' + test_base)
n.sn = 'sn-test-4'
self.assertEqual(n.entry_status, STATUS_PENDING_CHANGES)
try:
n.entry_rename('cn=' + testcase_id + 'new-4-renamed')
except LDAPCursorError:
pass
def test_create_new_entry_valid_and_move_before_commit(self):
w = Writer(self.connection, 'inetorgperson')
n = w.new('cn=' + testcase_id + 'abstraction-create-6,' + test_base)
self.assertEqual(n.entry_status, STATUS_MANDATORY_MISSING)
n.sn = 'sn-test-6'
self.assertEqual(n.entry_status, STATUS_PENDING_CHANGES)
try:
n.entry_move(test_moved)
except LDAPCursorError:
pass
def test_create_new_entry_invalid_mandatory(self):
w = Writer(self.connection, 'inetorgperson')
n = w.new('cn=' + testcase_id + 'abstraction-create-1,' + test_base)
self.assertTrue('sn' in n.entry_mandatory_attributes)
self.assertTrue('cn' in n.entry_mandatory_attributes)
self.assertTrue('objectClass' in n.entry_mandatory_attributes)
self.assertEqual(n.entry_status, STATUS_MANDATORY_MISSING)
try:
n.entry_commit_changes()
except LDAPCursorError:
pass
def test_create_new_entry_invalid_mandatory(self):
if test_server_type == 'EDIR':
w = Writer(self.connection, 'inetorgperson')
n = w.new('cn=' + testcase_id + 'new-1,' + test_base)
self.assertTrue('sn' in n.entry_mandatory_attributes)
self.assertTrue(n.entry_status in [STATUS_MANDATORY_MISSING])
try:
n.entry_commit_changes()
except LDAPCursorError:
return
self.fail('Entry created with missing attributes')
def test_create_new_entry_invalid_mandatory(self):
if test_server_type == 'EDIR':
w = Writer(self.connection, 'inetorgperson')
n = w.new('cn=' + testcase_id + 'new-1,' + test_base)
self.assertTrue('sn' in n.entry_mandatory_attributes)
self.assertTrue(n.entry_status in [STATUS_MANDATORY_MISSING])
try:
n.entry_commit_changes()
except LDAPCursorError:
return
self.fail('Entry created with missing attributes')
def test_create_new_entry_valid_mandatory_only(self):
w = Writer(self.connection, 'inetorgperson')
n = w.new('cn=' + testcase_id + 'new-2,' + test_base)
n.sn = 'sn-test-2'
self.assertEqual(n.entry_status, STATUS_PENDING_CHANGES)
n.entry_commit_changes()
self.assertEqual(n.sn, 'sn-test-2')
self.assertEqual(n.entry_status, STATUS_COMMITTED)
n.entry_delete()
self.assertEqual(n.entry_status, STATUS_READY_FOR_DELETION)
n.entry_commit_changes()
self.assertEqual(n.entry_status, STATUS_DELETED)
def test_create_new_entry_valid_mandatory_only(self):
w = Writer(self.connection, 'inetorgperson')
n = w.new('cn=' + testcase_id + 'new-2,' + test_base)
n.sn = 'sn-test-2'
self.assertEqual(n.entry_status, STATUS_PENDING_CHANGES)
n.entry_commit_changes()
self.assertEqual(n.sn, 'sn-test-2')
self.assertEqual(n.entry_status, STATUS_COMMITTED)
n.entry_delete()
self.assertEqual(n.entry_status, STATUS_READY_FOR_DELETION)
n.entry_commit_changes()
self.assertEqual(n.entry_status, STATUS_DELETED)
def test_create_new_entry_valid_mandatory_only_case_insensitive_attribute_names(self):
w = Writer(self.connection, 'inetorgperson')
n = w.new('CN=' + testcase_id + 'abstraction-create-8,' + test_base)
self.assertEqual(n.entry_status, STATUS_MANDATORY_MISSING)
n.sn = 'sn-test-8'
self.assertEqual(n.entry_status, STATUS_PENDING_CHANGES)
n.entry_commit_changes()
self.assertEqual(n.sn, 'sn-test-8')
self.assertEqual(n.entry_status, STATUS_COMMITTED)
n.entry_delete()
self.assertEqual(n.entry_status, STATUS_READY_FOR_DELETION)
n.entry_commit_changes()
self.assertEqual(n.entry_status, STATUS_DELETED)
def test_create_entry_with_attribute_from_auxiliary_class(self):
w = Writer(self.connection, 'inetorgperson', auxiliary_class='homeInfo')
n = w.new('cn=' + testcase_id + 'new-1,' + test_base)
n.sn = 'sn-test-1'
n.homeState = 'state-test-1'
self.assertEqual(n.entry_status, STATUS_PENDING_CHANGES)
n.entry_commit_changes()
self.assertEqual(n.sn, 'sn-test-1')
self.assertEqual(n.homeState, 'state-test-1')
self.assertEqual(n.entry_status, STATUS_COMMITTED)
n.entry_delete()
self.assertEqual(n.entry_status, STATUS_READY_FOR_DELETION)
n.entry_commit_changes()
self.assertEqual(n.entry_status, STATUS_DELETED)
def test_read_entry_with_attribute_from_auxiliary_class(self):
w = Writer(self.connection, 'inetorgperson', auxiliary_class='homeInfo')
n = w.new('cn=' + testcase_id + 'new-3,' + test_base)
n.sn = 'sn-test-3'
n.homeState = 'state-test-3'
self.assertEqual(n.entry_status, STATUS_PENDING_CHANGES)
n.entry_commit_changes()
self.assertEqual(n.sn, 'sn-test-3')
self.assertEqual(n.homeState, 'state-test-3')
self.assertEqual(n.entry_status, STATUS_COMMITTED)
r = Reader(self.connection, 'inetorgperson', test_base, '(cn=' + testcase_id + 'new-3', auxiliary_class='homeInfo')
r.search()
self.assertTrue(r[0].cn, testcase_id + 'new-3')
self.assertTrue(r[0].homeState, testcase_id + 'state-test-3')
def test_create_new_entry_valid_mandatory_and_optional(self):
w = Writer(self.connection, 'inetorgperson')
n = w.new('cn=' + testcase_id + 'abstraction-create-3,' + test_base)
self.assertEqual(n.entry_status, STATUS_MANDATORY_MISSING)
n.sn = 'sn-test-3'
n.postalAddress = 'postal-address-3'
self.assertEqual(n.entry_status, STATUS_PENDING_CHANGES)
n.entry_commit_changes()
self.assertEqual(n.sn, 'sn-test-3')
self.assertEqual(n.postalAddress, 'postal-address-3')
self.assertEqual(n.entry_status, STATUS_COMMITTED)
n.entry_delete()
self.assertEqual(n.entry_status, STATUS_READY_FOR_DELETION)
n.entry_commit_changes()
self.assertEqual(n.entry_status, STATUS_DELETED)
def _default_write_cursor(self):
"""
return a write cursor containing just this instance.
"""
from ldap3 import Writer
return Writer.from_cursor(self._default_read_cursor)
def delete(self):
ldap_server = Server(host=self.server.server_host,
port=self.server.server_port,
use_ssl=self.server.start_tls,
get_info=ALL)
connection = Connection(server=ldap_server,
user=self.server.admin_username,
password=self.server.admin_password,
raise_exceptions=True,
authentication=NTLM)
connection.bind()
query = 'cn: {}'.format(self.group.name, )
cursor_reader = Reader(connection,
self.obj,
self.server.search_base,
query=query)
cursor_reader.search()
cursor_writer = Writer.from_cursor(cursor_reader)
if cursor_reader.entries:
ldap_group = cursor_writer[0]
ldap_group.entry_delete()
ldap_group.entry_commit_changes()
connection.unbind()
def reset_password(self):
ldap_server = Server(host=self.server.server_host,
port=self.server.server_port,
use_ssl=self.server.start_tls,
get_info=ALL)
connection = Connection(server=ldap_server,
user=self.server.admin_username,
password=self.server.admin_password,
raise_exceptions=True,
authentication=NTLM)
connection.bind()
cursor_reader = Reader(connection,
self.person,
self.server.search_base,
query=self.query)
cursor_reader.search()
cursor_writer = Writer.from_cursor(cursor_reader)
if cursor_reader.entries:
ldap_user = cursor_writer[0]
self._reset_password(connection, ldap_user)
ldap_user.entry_commit_changes()
connection.unbind()
def profile():
with Connection(server,
current_user.dn,
current_user.get_password(),
auto_bind=True) as conn:
person = ObjectDef(["inetOrgPerson"], conn)
r = Reader(conn, person, current_user.dn)
r.search()
# print(r[0].entry_attributes_as_dict)
form = ProfileForm(request.form, obj=current_user)
if request.method == "POST" and form.validate():
w = Writer.from_cursor(r)
# print(w[0].entry_attributes_as_dict)
current_user.email = form.email.data
current_user.vorname = form.vorname.data
current_user.nachname = form.nachname.data
w[0].givenName = current_user.vorname
w[0].sn = current_user.nachname
w[0].mail = current_user.email
result = w[0].entry_commit_changes(refresh=True, controls=None)
if result:
flash(u"Profiländerung erfolgreich", "success")
return redirect(url_for("index"))
else:
flash(u"Profiländerung nicht erfolgreich", "danger")
return render_template(
"/admin/changeprofile.html",
form=form,
user=current_user,
title=u"Profiländerung",
)
def test_create_entry_with_attribute_from_auxiliary_class(self):
if test_server_type != 'AD':
w = Writer(self.connection,
'inetorgperson',
auxiliary_class='homeInfo')
n = w.new('cn=' + testcase_id + 'new-1,' + test_base)
n.sn = 'sn-test-1'
n.homeState = 'state-test-1'
self.assertEqual(n.entry_status, STATUS_PENDING_CHANGES)
n.entry_commit_changes()
self.assertEqual(n.sn, 'sn-test-1')
self.assertEqual(n.homeState, 'state-test-1')
self.assertEqual(n.entry_status, STATUS_COMMITTED)
n.entry_delete()
self.assertEqual(n.entry_status, STATUS_READY_FOR_DELETION)
n.entry_commit_changes()
self.assertEqual(n.entry_status, STATUS_DELETED)
def form_valid(self, form: ComputerDescriptionForm):
# write new description
reader = form.get_reader()
writer = Writer.from_cursor(reader)
computer = writer[0]
computer.description = form.data["description"]
writer.commit()
return super(ComputersView, self).form_valid(form)
def test_create_new_entry_valid_and_rename_after_commit(self):
w = Writer(self.connection, 'inetorgperson')
n = w.new('cn=' + testcase_id + 'new-5,' + test_base)
n.sn = 'sn-test-5'
n.postalAddress = 'postal-address-5'
self.assertEqual(n.entry_status, STATUS_PENDING_CHANGES)
n.entry_commit_changes()
self.assertEqual(n.sn, 'sn-test-5')
self.assertEqual(n.postalAddress, 'postal-address-5')
self.assertEqual(n.entry_status, STATUS_COMMITTED)
n.entry_rename('cn=' + testcase_id + 'new-5-renamed')
self.assertEqual(n.entry_status, STATUS_READY_FOR_RENAMING)
n.entry_commit_changes()
self.assertEqual(n.entry_status, STATUS_COMMITTED)
n.entry_delete()
self.assertEqual(n.entry_status, STATUS_READY_FOR_DELETION)
n.entry_commit_changes()
self.assertEqual(n.entry_status, STATUS_DELETED)
def test_create_new_entry_valid_and_rename_after_commit(self):
w = Writer(self.connection, 'inetorgperson')
n = w.new('cn=' + testcase_id + 'new-5,' + test_base)
n.sn = 'sn-test-5'
n.postalAddress = 'postal-address-5'
self.assertEqual(n.entry_status, STATUS_PENDING_CHANGES)
n.entry_commit_changes()
self.assertEqual(n.sn, 'sn-test-5')
self.assertEqual(n.postalAddress, 'postal-address-5')
self.assertEqual(n.entry_status, STATUS_COMMITTED)
n.entry_rename('cn=' + testcase_id + 'new-5-renamed')
self.assertEqual(n.entry_status, STATUS_READY_FOR_RENAMING)
n.entry_commit_changes()
self.assertEqual(n.entry_status, STATUS_COMMITTED)
n.entry_delete()
self.assertEqual(n.entry_status, STATUS_READY_FOR_DELETION)
n.entry_commit_changes()
self.assertEqual(n.entry_status, STATUS_DELETED)
def test_read_entry_with_attribute_from_missing_auxiliary_class(self):
if test_server_type != 'AD':
w = Writer(self.connection,
'inetorgperson',
auxiliary_class='homeInfo')
n = w.new('cn=' + testcase_id + 'new-4,' + test_base)
n.sn = 'sn-test-4'
n.homeState = 'state-test-4'
self.assertEqual(n.entry_status, STATUS_PENDING_CHANGES)
n.entry_commit_changes()
self.assertEqual(n.sn, 'sn-test-4')
self.assertEqual(n.homeState, 'state-test-4')
self.assertEqual(n.entry_status, STATUS_COMMITTED)
r = Reader(self.connection, 'inetorgperson', test_base,
'(cn=' + testcase_id + 'new-4')
r.search()
self.assertTrue(r[0].cn, testcase_id + 'new-4')
with self.assertRaises(LDAPCursorError):
self.assertTrue(r[0].homeState, testcase_id + 'state-test-3')
def process_outbound_entry(queue_entry, ldap_connection):
""" Processes queue_entry and apply changes to the LDAP user/group.
Args:
queue_entry: (dict) A outbound_queue table entry. The mandatory keys in
the dict are:
{
"data": (dict containing current state of LDAP object)
"data_type": (str)
}
ldap_connection: (ldap Connection object) A bound ldap connection object.
Returns:
write_confirmation: (bool) Returns True if a change to LDAP occurred,
returns False if no LDAP changes occurred
"""
distinguished_name = get_distinguished_name(queue_entry)
data_type = queue_entry["data_type"]
if data_type == "group":
sawtooth_entry_filtered = outbound_group_filter(queue_entry["data"], "ldap")
elif data_type == "user":
# Outbound AD user changes is currently not supported
return False
object_def = ObjectDef(data_type, ldap_connection)
reader_cursor = Reader(ldap_connection, object_def, distinguished_name)
reader_cursor.search()
writer_cursor = Writer.from_cursor(reader_cursor)
if reader_cursor.entries:
LOGGER.debug("Updating AD %s: %s", data_type, distinguished_name)
validated_entry = validate_update_entry(sawtooth_entry_filtered, data_type)
# Grab current state of user/group in LDAP
ldap_resource = writer_cursor[0]
# Update AD user/group
for ad_attribute in validated_entry:
ldap_current_value = ldap_resource[ad_attribute].value
if ad_attribute != "distinguishedName" and validated_entry[ad_attribute]:
# Convert member list to list if value is a string
if ad_attribute == "member" and isinstance(ldap_current_value, str):
ldap_current_value = [ldap_current_value]
# Sort lists for comparison
if isinstance(ldap_current_value, list):
ldap_current_value.sort()
validated_entry[ad_attribute].sort()
if ldap_current_value != validated_entry[ad_attribute]:
ldap_resource[ad_attribute] = validated_entry[ad_attribute]
return ldap_resource.entry_commit_changes()
LOGGER.debug("AD %s %s was not found.", data_type, distinguished_name)
return False
def save_object(self, object):
if not object.entry:
object.entry = Writer(ldap_conn, object_def=obj_inetorgperson).new(
username_to_dn(object.username))
object.entry_is_writable = True
else:
object.convert_to_writable()
object.id = object.entry.entry_dn
object.entry.userPassword = object.password
object.entry.mail = object.email or ""
object.entry.displayName = object.displayName or object.username
object.entry.sn = object.displayName or object.username
assert object.entry.entry_commit_changes()
def test_modify_entry_with_attrdef_with_friendly_name(self):
self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'new-9', attributes={test_multivalued_attribute: testcase_id + 'friendly-attr-name-1'}))
a = AttrDef(name=test_multivalued_attribute, key='myname')
o = ObjectDef('inetorgperson')
o += a
r = Reader(self.connection, o, test_base, 'myname:=' + testcase_id + 'friendly*')
r.search()
self.assertTrue(r[0].myname, testcase_id + 'friendly-attr-name-1')
w = Writer.from_cursor(r)
e = w[0]
e.myname += 'xyz'
w.commit()
self.assertTrue('xyz' in e.myname)
def save(self):
ldap_server = Server(host=self.server.server_host,
port=self.server.server_port,
use_ssl=self.server.start_tls,
get_info=ALL)
connection = Connection(server=ldap_server,
user=self.server.admin_username,
password=self.server.admin_password,
raise_exceptions=True,
authentication=NTLM)
connection.bind()
query = 'cn: {}'.format(self.group.name, )
cursor_reader = Reader(connection,
self.obj,
self.server.search_base,
query=query)
cursor_reader.search()
cursor_writer = Writer.from_cursor(cursor_reader)
if cursor_reader.entries:
ldap_group = cursor_writer[0]
else:
ldap_group = cursor_writer.new(
dn="CN={},{}".format(self.group.name, self.server.search_base))
ldap_group.cn = self.group.name
ldap_group.slug_name = self.group.name
if self.group.service_type == 'security':
ldap_group.type = -2147483646
elif self.group.service_type == 'area':
ldap_group.type = -2147483646
ldap_group.flags = 25
else:
ldap_group.type = 2
#ldap_group.email = self.group.email
ldap_group.email_canonical = self.group.email.strip().split("@")[0]
ldap_group.entry_commit_changes()
connection.unbind()
def _check_dn_exists(dn, object_def, fix=True):
"""
Check if a certain DN exists, otherwise create it.
The only MUST attribute of the object_def must be specified
in the DN.
"""
conn = current_app.ldap3_login_manager.connection
r = Reader(conn, object_def, current_app.config["LDAP_BASE_DN"])
try:
base = r.search_object(dn)
except LDAPNoSuchObjectResult:
current_app.logger.error("DN does not exist: %s" % dn)
if fix:
current_app.logger.info("Attempting to fix...")
w = Writer.from_cursor(r)
base = w.new(dn)
base.description = "Automagically added by quasisentient sanity checks"
w.commit()
def test_modify_entry_with_attrdef_with_friendly_name(self):
self.delete_at_teardown.append(
add_user(self.connection,
testcase_id,
'new-9',
attributes={
test_multivalued_attribute:
testcase_id + 'friendly-attr-name-1'
}))
a = AttrDef(name=test_multivalued_attribute, key='myname')
o = ObjectDef('inetorgperson')
o += a
r = Reader(self.connection, o, test_base,
'myname:=' + testcase_id + 'friendly*')
r.search()
self.assertTrue(r[0].myname, testcase_id + 'friendly-attr-name-1')
w = Writer.from_cursor(r)
e = w[0]
e.myname += 'xyz'
w.commit()
self.assertTrue('xyz' in e.myname)
print(8, conn.last_error)
conn.modify('cn=b.smith,ou=moved,ou=ldap3-tutorial,dc=demo1,dc=freeipa,dc=org', {'sn': [(MODIFY_REPLACE, ['Smith'])]})
print(9, conn.last_error)
conn.modify('cn=b.smith,ou=moved,ou=ldap3-tutorial,dc=demo1,dc=freeipa,dc=org', {'sn': [(MODIFY_ADD, ['Young', 'Johnson']), (MODIFY_DELETE, ['Smith'])], 'givenname': [(MODIFY_REPLACE, ['Mary', 'Jane'])]})
print(10, conn.last_error)
conn.modify_dn('cn=b.smith,ou=moved,ou=ldap3-tutorial,dc=demo1,dc=freeipa,dc=org', 'cn=b.smith', new_superior='ou=ldap3-tutorial,dc=demo1,dc=freeipa,dc=org')
print(11, conn.last_error)
conn.modify('cn=b.smith,ou=ldap3-tutorial,dc=demo1,dc=freeipa,dc=org', {'sn': [(MODIFY_DELETE, ['Johnson'])], 'givenname': [(MODIFY_REPLACE, ['Beatrix'])]})
print(12, conn.last_error)
conn.modify_dn('cn=b.smith,ou=ldap3-tutorial,dc=demo1,dc=freeipa,dc=org', 'cn=b.young')
print(13, conn.last_error)
conn.add('cn=m.johnson,ou=ldap3-tutorial,dc=demo1,dc=freeipa,dc=org', 'inetOrgPerson', {'givenName': 'Mary Ann', 'sn': 'Johnson', 'departmentNumber': 'DEV', 'telephoneNumber': 2222})
print(14, conn.last_error)
conn.add('cn=q.gray,ou=ldap3-tutorial,dc=demo1,dc=freeipa,dc=org', 'inetOrgPerson', {'givenName': 'Quentin', 'sn': 'Gray', 'departmentNumber': 'QA', 'telephoneNumber': 3333})
print(15, conn.last_error)
obj_person = ObjectDef('inetOrgPerson', conn)
r = Reader(conn, obj_person, 'ou=ldap3-tutorial,dc=demo1,dc=freeipa,dc=org')
r.search()
print(r)
w = Writer.from_cursor(r)
print(w)
print(w[0])
e = w[0]
print(e.entry_dn)
print(e.entry_attributes)
print(e.entry_attributes_as_dict)
print(e.entry_mandatory_attributes)
print(e.entry_to_ldif())
print(e.entry_to_json(include_empty=False))
def test_writer_from_cursor(self):
o = ObjectDef('inetorgperson', self.connection)
r = Reader(self.connection, o, 'o=test', 'cn:=*')
r.search()
w = Writer.from_cursor(r, self.connection, o)
def save(self):
ldap_server = Server(host=self.server.server_host,
port=self.server.server_port,
use_ssl=self.server.start_tls,
get_info=ALL)
connection = Connection(server=ldap_server,
user=self.server.admin_username,
password=self.server.admin_password,
raise_exceptions=True,
authentication=NTLM)
connection.bind()
cursor_reader = Reader(connection,
self.person,
self.server.search_base,
query=self.query)
cursor_reader.search()
cursor_writer = Writer.from_cursor(cursor_reader)
if cursor_reader.entries:
ldap_user = cursor_writer[0]
else:
ldap_user = cursor_writer.new(dn="CN={},{}".format(
self.user.get_full_name(), self.server.search_base))
ldap_user.cn = self.user.get_full_name()
ldap_user.username = self.user.username[:20]
ldap_user.logon = "{}@{}".format(self.user.username,
self.server.domain)
ldap_user.entry_commit_changes()
self._reset_password(connection, ldap_user)
if self.user.status == "active":
self._activate_user(connection, ldap_user)
else:
self._deactivate_user(connection, ldap_user)
ldap_user.first_name = self.user.first_name
ldap_user.last_name = self.user.last_name
ldap_user.full_name = self.user.get_full_name()
if self.user.email:
ldap_user.email = self.user.email
ldap_user.email_canonical = self.user.email.strip().split("@")[0]
if self.user.email_domain:
ldap_user.email_domain = self.user.email_domain
if str(self.user.email_buzon_size):
ldap_user.email_buzon_size = self.user.email_buzon_size * 1024 * 1024
if str(self.user.email_message_size):
ldap_user.email_message_size = self.user.email_message_size
if self.user.internet_domain:
ldap_user.internet_domain = self.user.internet_domain
if self.user.internet_quota_type:
ldap_user.internet_quota_type = self.user.internet_quota_type
if str(self.user.internet_quota_size):
ldap_user.internet_quota_size = self.user.internet_quota_size
if str(self.user.internet_extra_quota_size):
ldap_user.internet_extra_quota_size = self.user.internet_extra_quota_size
if self.user.ftp_folder:
ldap_user.ftp_folder = self.user.ftp_folder
if str(self.user.ftp_size):
ldap_user.ftp_size = self.user.ftp_size
ldap_user.entry_commit_changes()
groups = []
for service in self.user.services.all():
service.ldap_save()
groups.append("CN={},{}".format(service.name,
self.server.search_base))
for distribution_list in self.user.distribution_list.all():
distribution_list.ldap_save()
groups.append("CN={},{}".format(distribution_list.name,
self.server.search_base))
if self.user.area:
self.user.area.ldap_save()
groups.append("CN={},{}".format(self.user.area.name,
self.server.search_base))
connection.extend.microsoft.remove_members_from_groups(
ldap_user.entry_dn, ldap_user.groups.values)
connection.extend.microsoft.add_members_to_groups(
ldap_user.entry_dn, groups)
connection.unbind()
def test_create_invalid_entry_with_attribute_from_auxiliary_class_not_declared(self):
w = Writer(self.connection, 'inetorgperson')
n = w.new('cn=' + testcase_id + 'new-2,' + test_base)
n.sn = 'sn-test-2'
with self.assertRaises(LDAPCursorError):
n.homeState = 'state-test-2'
def Create():
print()
print('c : create an object of objectClass ' + oc + ' in', d)
print()
#use cursor from ldap3's abstraction layer in order to get information which attributes are mandatory or optional
r = Reader(c, o, d)
r.search()
list_of_attributes = r[0].entry_attributes
list_of_mandatory_attributes = r[0].entry_mandatory_attributes
list_of_optional_attributes = Diff(list_of_attributes,
list_of_mandatory_attributes)
w = Writer.from_cursor(r)
# create new object using the writer created from the reader r
# input loop for cn
userinput = ''
while userinput == '':
userinput = input(
'input Common Name (cn) value of Destinguished Name (dn) (cannot be empty): '
)
if userinput != '':
commonname = userinput
#hotfix to avoid a crash when the cn already exists
try:
e = w.new('cn=' + commonname + ',' + d)
except:
print()
print("invalid username, please try another one")
print()
userinput = ''
# input loop for mandatory attribs
userinput = ''
while userinput == '':
for mandatoryattrib in list_of_mandatory_attributes:
# skip attribute "ObjectClass" because it comes from Reader r and cannot be edited (in the assigment only "email" is a normal unhandled mandatory attribute)
if mandatoryattrib != 'objectClass':
# cn in dn cannot/should not be different from attribute cn and is mandatory I guess
if mandatoryattrib == 'cn':
userinput = commonname
else:
userinput = ''
while userinput == '':
userinput = input(
'input value for mandatory attribute ' +
mandatoryattrib + ' (cannot be empty): ')
# if the input is a userPassword, crypt it before pushing to the writer
if mandatoryattrib == 'userPassword':
if userinput != '':
userinput = '{CRYPT}' + crypt.crypt(
userinput, crypt.METHOD_SHA512)
e[mandatoryattrib] = userinput
e[mandatoryattrib] = userinput
# input loop for optional attribs and handle them differently (optional input)
for optionalattrib in list_of_optional_attributes:
userinput = input('input value for optional attribute ' +
optionalattrib +
' (can be empty, just press enter): ')
if not userinput:
userinput = ' '
# if the input is a userPassword, crypt it before pushing to the writer
if optionalattrib == 'userPassword':
if userinput != '':
userinput = '{CRYPT}' + crypt.crypt(userinput,
crypt.METHOD_SHA512)
e[optionalattrib] = userinput
print(e[optionalattrib])
e.entry_commit_changes()
def Update():
print()
print('u : update an entry in', d)
print()
print('please enter the Common Name CN of entry you want to update')
print()
# ask user for cn of dn he wants to update
userinput = ''
while userinput == '':
userinput = input(
'input Common Name (cn) value of Destinguished Name (dn) (cannot be empty): '
)
commonname = userinput
entrydn = ('cn=' + userinput + ',' + d)
#read object from directory and create a writer cursor from/for this entry
r = Reader(c, o, entrydn)
r.search()
# hotfix to avoid a crash when the cn already exists
try:
list_of_attributes = r[0].entry_attributes
list_of_mandatory_attributes = r[0].entry_mandatory_attributes
list_of_optional_attributes = Diff(list_of_attributes,
list_of_mandatory_attributes)
w = Writer.from_cursor(r)
# dn cannot be double, so the first element is also the only one
e = w[0]
except:
print()
print("invalid username, please try another one")
print()
userinput = ''
#continue if it worked to get the object
print()
print('you are editing the following entry')
print()
print(e)
print()
# input loop for mandatory attribs
userinput = ''
while userinput == '':
for mandatoryattrib in list_of_mandatory_attributes:
# skip attribute "ObjectClass" because it comes from Reader r and cannot be edited (in the assigment only "email" is a normal unhandled mandatory attribute)
if mandatoryattrib != 'objectClass':
# cn in dn cannot/should not be different from attribute cn and is mandatory I guess
if mandatoryattrib == 'cn':
userinput = commonname
else:
userinput = ''
while userinput == '':
userinput = input(
'input value for mandatory attribute ' +
mandatoryattrib + ' (cannot be empty): ')
# if the input is a userPassword, crypt it before pushing to the writer
if mandatoryattrib == 'userPassword':
if userinput != '':
userinput = '{CRYPT}' + crypt.crypt(
userinput, crypt.METHOD_SHA512)
e[mandatoryattrib] = userinput
e[mandatoryattrib] = userinput
# input loop for optional attribs and handle them differently (optional input)
for optionalattrib in list_of_optional_attributes:
userinput = input('input value for optional attribute ' +
optionalattrib +
' (can be empty, just press enter): ')
if not userinput:
userinput = ' '
# if the input is a userPassword, crypt it before pushing to the writer
if optionalattrib == 'userPassword':
if userinput != '':
userinput = '{CRYPT}' + crypt.crypt(userinput,
crypt.METHOD_SHA512)
e[optionalattrib] = userinput
print(e[optionalattrib])
e.entry_commit_changes()
'givenName': 'Mary Ann',
'sn': 'Johnson',
'departmentNumber': 'DEV',
'telephoneNumber': 2222
})
print(14, conn.last_error)
conn.add(
'cn=q.gray,ou=ldap3-tutorial,dc=demo1,dc=freeipa,dc=org', 'inetOrgPerson',
{
'givenName': 'Quentin',
'sn': 'Gray',
'departmentNumber': 'QA',
'telephoneNumber': 3333
})
print(15, conn.last_error)
obj_person = ObjectDef('inetOrgPerson', conn)
r = Reader(conn, obj_person, 'ou=ldap3-tutorial,dc=demo1,dc=freeipa,dc=org')
r.search()
print(r)
w = Writer.from_cursor(r)
print(w)
print(w[0])
e = w[0]
print(e.entry_dn)
print(e.entry_attributes)
print(e.entry_attributes_as_dict)
print(e.entry_mandatory_attributes)
print(e.entry_to_ldif())
print(e.entry_to_json(include_empty=False))