class RepositoryLdapUser(ldapdb.models.Model):
"""
Class for representing a repository user in LDAP
"""
# pylint: disable=W0222
# LDAP meta-data
base_dn = settings.BORGHIVE['LDAP_USER_BASEDN']
object_classes = ['organizationalPerson', 'posixAccount', 'shadowAccount']
last_modified = fields.DateTimeField(db_column='modifyTimestamp')
# posixAccount
uid = fields.IntegerField(db_column='uidNumber', unique=True)
group = fields.IntegerField(db_column='gidNumber')
gecos = fields.CharField(db_column='gecos', default='Borghive Repo User')
home = fields.CharField(db_column='homeDirectory',
default=settings.BORGHIVE['REPO_PATH'])
shell = fields.CharField(db_column='loginShell', default='/bin/bash')
username = fields.CharField(db_column='uid', primary_key=True)
sn = fields.CharField(db_column='sn', default='')
cn = fields.CharField(db_column='cn', default='')
def save(self, *args, **kwargs):
self.home = os.path.join(settings.BORGHIVE['REPO_PATH'], self.username)
self.sn = self.username
self.cn = self.username
super().save(*args, **kwargs)
def __str__(self):
return 'RepositoryLdapUser: {0.dn}: uid={0.uid} gid={0.group}'.format(
self)
class LdapUser(ldapdb.models.Model):
"""
Class for representing an LDAP user entry.
"""
# LDAP meta-data
base_dn = "ou=people,dc=example,dc=org"
object_classes = ['posixAccount', 'shadowAccount', 'inetOrgPerson']
last_modified = fields.DateTimeField(db_column='modifyTimestamp')
# inetOrgPerson
first_name = fields.CharField(db_column='givenName', verbose_name="Prime name")
last_name = fields.CharField("Final name", db_column='sn')
full_name = fields.CharField(db_column='cn')
email = fields.CharField(db_column='mail')
phone = fields.CharField(db_column='telephoneNumber', blank=True)
mobile_phone = fields.CharField(db_column='mobile', blank=True)
photo = fields.ImageField(db_column='jpegPhoto')
# posixAccount
uid = fields.IntegerField(db_column='uidNumber', unique=True)
group = fields.IntegerField(db_column='gidNumber')
gecos = fields.CharField(db_column='gecos')
home_directory = fields.CharField(db_column='homeDirectory')
login_shell = fields.CharField(db_column='loginShell', default='/bin/bash')
username = fields.CharField(db_column='uid', primary_key=True)
password = fields.CharField(db_column='userPassword')
# shadowAccount
last_password_change = fields.TimestampField(db_column='shadowLastChange')
def __str__(self):
return self.username
def __unicode__(self):
return self.full_name
class Tool(ldapdb.models.Model):
"""A tool is a specially named LDAP group."""
base_dn = settings.TOOLS_TOOL_BASE_DN
object_classes = ['posixGroup', 'groupOfNames']
objects = ToolManager()
group_name = fields.CharField(db_column='cn',
max_length=200,
primary_key=True)
gid = fields.IntegerField(db_column='gidNumber', unique=True)
maintainer_ids = fields.ListField(db_column='member')
@property
def name(self):
return self.group_name[6:]
@name.setter
def name(self, value):
self.group_name = 'tools.{0!s}'.format(value)
def maintainers(self):
# OMG, this is horrible. You can't search LDAP by dn.
return Maintainer.objects.filter(
username__in=(dn.split(',')[0].split('=')[1]
for dn in self.maintainer_ids))
def __str__(self):
return self.name
class AbstractGroup(ldapdb.models.Model):
class Meta:
abstract = True
object_classes = ['posixGroup']
gid = fields.IntegerField(db_column='gidNumber', unique=True)
name = fields.CharField(db_column='cn', max_length=200, primary_key=True)
usernames = fields.ListField(db_column='memberUid')
def __str__(self):
return self.name
def __unicode__(self):
return self.name
class RCLdapUser(ldapdb.models.Model):
"""
Class for representing an LDAP user entry.
"""
rdn_keys = ['username']
# LDAP meta-data
base_dn = 'ou=users,dc=example,dc=org'
object_classes = ['posixAccount', 'inetOrgPerson']
last_modified = fields.DateTimeField(db_column='modifyTimestamp')
organization = fields.CharField(max_length=128,blank=False,null=False)
# inetOrgPerson
first_name = fields.CharField(db_column='givenName', verbose_name="Prime name")
last_name = fields.CharField("Final name", db_column='sn')
full_name = fields.CharField(db_column='cn')
email = fields.CharField(db_column='mail')
# posixAccount
uid = fields.IntegerField(db_column='uidNumber', unique=True)
group = fields.IntegerField(db_column='gidNumber')
gecos = fields.CharField(db_column='gecos')
home_directory = fields.CharField(db_column='homeDirectory')
login_shell = fields.CharField(db_column='loginShell', default='/bin/bash')
username = fields.CharField(db_column='uid')
@property
def organization(self):
return self.org
def __str__(self):
return self.username
def __unicode__(self):
return self.full_name
class LdapGroup(ldapdb.models.Model):
"""
Class for representing an LDAP group entry.
"""
# LDAP meta-data
base_dn = "ou=groups,dc=example,dc=org"
object_classes = ['posixGroup']
# posixGroup attributes
gid = fields.IntegerField(db_column='gidNumber', unique=True)
name = fields.CharField(db_column='cn', max_length=200, primary_key=True)
usernames = fields.ListField(db_column='memberUid')
def __str__(self):
return self.name
def __unicode__(self):
return self.name
class CuLdapUser(LdapUser):
class Meta:
managed = False
base_dn = settings.LDAPCONFS['culdap']['people_dn']
object_classes = []
uid = ldap_fields.IntegerField(db_column='uidNumber', unique=True)
# Used for automatic determination of role and affiliation.
edu_affiliation = ldap_fields.ListField(db_column='eduPersonAffiliation')
edu_primary_affiliation = ldap_fields.CharField(db_column='eduPersonPrimaryAffiliation')
cu_primary_major = ldap_fields.CharField(db_column='cuEduPersonPrimaryMajor1')
cu_home_department = ldap_fields.CharField(db_column='cuEduPersonHomeDepartment')
@sensitive_variables('pwd')
def authenticate(self,pwd):
authed = ldap_utils.authenticate(self.dn,pwd,'culdap')
logger = logging.getLogger('accounts')
logger.info('CU user {} auth attempt: {}'.format(self.username, authed))
return authed
class RcLdapGroup(ldapdb.models.Model):
class Meta:
verbose_name = 'LDAP group'
verbose_name_plural = 'LDAP groups'
managed = False
def __init__(self,*args,**kwargs):
super(RcLdapGroup,self).__init__(*args,**kwargs)
rdn = self.dn.lower().replace(self.base_dn.lower(), '')
rdn_list = rdn.split(',')
self.org = ''
if len(rdn_list) > 1:
ou = self.base_dn.lower().split(',')[0]
__, org = ou.split('=')
self.org = org
self.base_dn = self.base_dn.lower()
objects = RcLdapGroupManager()
rdn_keys = ['name']
base_dn = settings.LDAPCONFS['rcldap']['group_dn']
object_classes = ['top','posixGroup']
# posixGroup attributes
# gid = ldap_fields.IntegerField(db_column='gidNumber', unique=True)
gid = ldap_fields.IntegerField(db_column='gidNumber',null=True,blank=True)
name = ldap_fields.CharField(db_column='cn', max_length=200)
members = ldap_fields.ListField(db_column='memberUid',blank=True,null=True)
def __str__(self):
return self.name
def __str__(self):
return self.name
@property
def organization(self):
return self.org
@property
def effective_cn(self):
suffixed_name = ldap_utils.get_suffixed_username(self.name,self.organization)
return suffixed_name
def _set_base_dn(self,org):
if org in list(settings.ORGANIZATION_INFO.keys()):
ou = 'ou={}'.format(org)
self.org = org
if ou not in self.base_dn.lower():
self.base_dn = ','.join([ou,self.base_dn])
else:
raise ValueError('Invalid organization specified: {}'.format(org))
def save(self,*args,**kwargs):
org = kwargs.pop('organization', None)
if not org:
raise ValueError('No organization specified.')
self._set_base_dn(org)
force_insert = kwargs.pop('force_insert',None)
# If no GID specified, auto-assign
if self.gid == None:
id_tracker = IdTracker.objects.get(category='posix')
gid = id_tracker.get_next_id()
self.gid = gid
logger = logging.getLogger('accounts')
logger.info('Auto-assigned GID to group: {}, {}'.format(gid, self.name))
super(RcLdapGroup,self).save(*args,**kwargs)
class RcLdapUser(LdapUser):
class Meta:
verbose_name = 'LDAP user'
verbose_name_plural = 'LDAP users'
managed = False
def __init__(self,*args,**kwargs):
super(RcLdapUser,self).__init__(*args,**kwargs)
rdn = self.dn.lower().replace(self.base_dn.lower(), '')
rdn_list = rdn.split(',')
self.org = ''
if len(rdn_list) > 1:
ou = self.base_dn.lower().split(',')[0]
__, org = ou.split('=')
self.org = org
self.base_dn = self.base_dn.lower()
objects = RcLdapUserManager()
base_dn = str(settings.LDAPCONFS['rcldap']['people_dn'])
object_classes = list(map(str, ['top','person','inetorgperson','posixaccount','curcPerson','shadowAccount']))
expires = ldap_fields.IntegerField(db_column='shadowExpire',blank=True,null=True)
uid = ldap_fields.IntegerField(db_column='uidNumber',null=True,blank=True)
gid = ldap_fields.IntegerField(db_column='gidNumber',null=True,blank=True)
gecos = ldap_fields.CharField(db_column='gecos',default='')
home_directory = ldap_fields.CharField(db_column='homeDirectory')
login_shell = ldap_fields.CharField(db_column='loginShell', default='/bin/bash')
#curcPerson attributes
role = ldap_fields.ListField(db_column='curcRole',blank=True,null=True)
affiliation = ldap_fields.ListField(db_column='curcAffiliation',blank=True,null=True)
@property
def organization(self):
return self.org
@property
def effective_uid(self):
suffixed_username = ldap_utils.get_suffixed_username(self.username,self.organization)
return suffixed_username
def _set_base_dn(self,org):
if org in list(map(str, list(settings.ORGANIZATION_INFO.keys()))):
ou = 'ou={}'.format(org)
self.org = org
if ou not in self.base_dn.lower():
self.base_dn = ','.join([ou,self.base_dn])
else:
raise ValueError('Invalid organization specified: {}'.format(org))
def save(self,*args,**kwargs):
org = str(kwargs.pop('organization', None))
if not org:
raise ValueError('No organization specified.')
self._set_base_dn(org)
# If no UID/GID specified, auto-assign
logger = logging.getLogger('accounts')
if (self.uid == None) and (self.gid == None):
id_tracker = IdTracker.objects.get(category='posix')
uid = id_tracker.get_next_id()
self.uid = uid
self.gid = uid
logger.info('Auto-assigning UID and GID to user: {}, {}'.format(uid, self.effective_uid))
elif self.uid == None:
self.uid = self.gid
logger.info('Auto-assigning UID to user: {}, {}'.format(self.gid, self.effective_uid))
elif self.gid == None:
self.gid = self.uid
logger.info('Auto-assigning GID to user: {}, {}'.format(self.uid, self.effective_uid))
super(RcLdapUser,self).save(*args,**kwargs)
