def POST(self):
i = web.input(
domainName=[],
_unicode=False,
)
self.domainName = i.get('domainName', [])
self.action = i.get('action', None)
domainLib = domainlib.Domain()
if self.action == 'delete':
result = domainLib.delete(domains=self.domainName)
msg = 'DELETED_SUCCESS'
elif self.action == 'disable':
result = domainLib.enableOrDisableAccount(
domains=self.domainName,
action='disable',
)
msg = 'DISABLED_SUCCESS'
elif self.action == 'enable':
result = domainLib.enableOrDisableAccount(
domains=self.domainName,
action='enable',
)
msg = 'ENABLED_SUCCESS'
else:
result = (False, 'INVALID_ACTION')
msg = i.get('msg', None)
if result[0] is True:
return web.seeother('/domains?msg=%s' % msg)
else:
return web.seeother('/domains?msg=' + result[1])
def GET(self, profile_type, domain):
i = web.input()
self.domain = web.safestr(domain.split('/', 1)[0])
self.profile_type = web.safestr(profile_type)
if not iredutils.isDomain(self.domain):
return web.seeother('/domains?msg=EMPTY_DOMAIN')
domainLib = domainlib.Domain()
result = domainLib.profile(domain=self.domain)
if result[0] is True:
r = domainLib.listAccounts(attrs=['domainName'])
if r[0] is True:
allDomains = r[1]
else:
return r
allAccountSettings = ldaputils.getAccountSettingFromLdapQueryResult(
result[1],
key='domainName',
)
return web.render(
'ldap/domain/profile.html',
cur_domain=self.domain,
allDomains=allDomains,
allAccountSettings=allAccountSettings,
profile=result[1],
profile_type=self.profile_type,
msg=i.get('msg', None),
)
else:
return web.seeother('/domains?msg=' + result[1])
def POST(self, profile_type, domain):
self.profile_type = web.safestr(profile_type)
self.domain = web.safestr(domain)
i = web.input(
domainAliasName=[],
enabledService=[],
domainAdmin=[],
defaultList=[],
)
if self.domain != web.safestr(i.get('domainName', None)).lower():
raise web.seeother(
'/profile/domain/%s/%s?msg=DOMAIN_NAME_MISMATCH' %
(self.profile_type, self.domain))
domainLib = domainlib.Domain()
result = domainLib.update(profile_type=self.profile_type,
domain=self.domain,
data=i)
if result[0] is True:
raise web.seeother('/profile/domain/%s/%s?msg=UPDATED' %
(self.profile_type, self.domain))
elif result[0] is False:
raise web.seeother(
'/profile/domain/%s/%s?msg=%s' %
(self.profile_type, self.domain, web.urlquote(result[1])))
def POST(self):
i = web.input()
self.domain = web.safestr(i.get('domainName')).strip().lower()
domainLib = domainlib.Domain()
result = domainLib.add(data=i)
if result[0] is True:
return web.seeother(
'/profile/domain/general/%s?msg=CREATED_SUCCESS' % self.domain)
else:
return web.seeother('/create/domain?msg=%s' % result[1])
def GET(self, profile_type, mail):
self.mail = web.safestr(mail)
self.profile_type = web.safestr(profile_type)
if session.get('domainGlobalAdmin') is not True and session.get('username') != self.mail:
# Don't allow to view/update other admins' profile.
raise web.seeother('/profile/admin/general/%s?msg=PERMISSION_DENIED' % session.get('username'))
# Get admin profile.
adminLib = admin.Admin()
result = adminLib.profile(self.mail)
if result[0] is not True:
raise web.seeother('/admins?msg=' + result[1])
else:
self.admin_profile = result[1]
i = web.input()
if self.profile_type == 'general':
# Get available languages.
if result[0] is True:
###################
# Managed domains
#
# Get all domains.
domainLib = domainlib.Domain()
resultOfAllDomains = domainLib.listAccounts(attrs=['domainName', 'cn', ])
if resultOfAllDomains[0] is True:
self.allDomains = resultOfAllDomains[1]
else:
return resultOfAllDomains
return web.render(
'ldap/admin/profile.html',
mail=self.mail,
profile_type=self.profile_type,
profile=self.admin_profile,
languagemaps=languages.get_language_maps(),
allDomains=self.allDomains,
msg=i.get('msg', None),
)
else:
raise web.seeother('/profile/admin/%s/%s?msg=%s' % (self.profile_type, self.mail, result[1]))
elif self.profile_type == 'password':
return web.render('ldap/admin/profile.html',
mail=self.mail,
profile_type=self.profile_type,
profile=self.admin_profile,
min_passwd_length=settings.min_passwd_length,
max_passwd_length=settings.max_passwd_length,
msg=i.get('msg', None))
def GET(self, domain='', cur_page=1):
domain = web.safestr(domain).split('/', 1)[0]
cur_page = int(cur_page)
if not iredutils.is_domain(domain):
raise web.seeother('/domains?msg=INVALID_DOMAIN_NAME')
if cur_page == 0:
cur_page = 1
i = web.input()
domainLib = domainlib.Domain()
result = domainLib.listAccounts(attrs=[
'domainName',
'accountStatus',
])
if result[0] is True:
allDomains = result[1]
else:
return result
userLib = user.User()
result = userLib.listAccounts(domain=domain)
if result[0] is True:
connutils = connUtils.Utils()
sl = connutils.getSizelimitFromAccountLists(
result[1],
curPage=cur_page,
sizelimit=settings.PAGE_SIZE_LIMIT,
accountType='user',
domain=domain,
)
accountList = sl.get('accountList', [])
if cur_page > sl.get('totalPages'):
cur_page = sl.get('totalPages')
return web.render(
'ldap/user/list.html',
cur_page=cur_page,
total=sl.get('totalAccounts'),
users=accountList,
cur_domain=domain,
allDomains=allDomains,
accountUsedQuota={},
msg=i.get('msg'),
)
else:
raise web.seeother('/domains?msg=%s' % web.urlquote(result[1]))
def GET(self, profile_type, mail):
i = web.input(
enabledService=[],
telephoneNumber=[],
)
self.mail = web.safestr(mail)
self.cur_domain = self.mail.split('@', 1)[-1]
self.profile_type = web.safestr(profile_type)
if self.mail.startswith('@') and iredutils.is_domain(self.cur_domain):
# Catchall account.
raise web.seeother('/profile/domain/catchall/%s' % self.cur_domain)
if not iredutils.is_email(self.mail):
raise web.seeother('/domains?msg=INVALID_USER')
domainAccountSetting = {}
userLib = user.User()
result = userLib.profile(domain=self.cur_domain, mail=self.mail)
if result[0] is False:
raise web.seeother('/users/%s?msg=%s' %
(self.cur_domain, web.urlquote(result[1])))
if self.profile_type == 'password':
# Get accountSetting of current domain.
domainLib = domainlib.Domain()
result_setting = domainLib.getDomainAccountSetting(
domain=self.cur_domain)
if result_setting[0] is True:
domainAccountSetting = result_setting[1]
minPasswordLength = domainAccountSetting.get('minPasswordLength', '0')
maxPasswordLength = domainAccountSetting.get('maxPasswordLength', '0')
return web.render(
'ldap/user/profile.html',
profile_type=self.profile_type,
mail=self.mail,
user_profile=result[1],
defaultStorageBaseDirectory=settings.storage_base_directory,
minPasswordLength=minPasswordLength,
maxPasswordLength=maxPasswordLength,
domainAccountSetting=domainAccountSetting,
languagemaps=get_language_maps(),
msg=i.get('msg', None),
)
def update(self, profile_type, mail, data):
self.profile_type = web.safestr(profile_type)
self.mail = str(mail).lower()
self.domain = self.mail.split('@', 1)[-1]
domainAccountSetting = {}
connutils = connUtils.Utils()
domainLib = domainlib.Domain()
# Get account dn.
self.dn = connutils.getDnWithKeyword(self.mail, accountType='user')
try:
result = domainLib.getDomainAccountSetting(domain=self.domain)
if result[0] is True:
domainAccountSetting = result[1]
except Exception, e:
pass
def POST(self):
i = web.input(
domainName=[],
_unicode=False,
)
self.domainName = i.get('domainName', [])
action = i.get('action', None)
domainLib = domainlib.Domain()
if action == 'delete':
keep_mailbox_days = form_utils.get_single_value(
form=i,
input_name='keep_mailbox_days',
default_value=0,
is_integer=True)
result = domainLib.delete(domains=self.domainName,
keep_mailbox_days=keep_mailbox_days)
msg = 'DELETED'
elif action == 'disable':
result = domainLib.enableOrDisableAccount(
domains=self.domainName,
action='disable',
)
msg = 'DISABLED'
elif action == 'enable':
result = domainLib.enableOrDisableAccount(
domains=self.domainName,
action='enable',
)
msg = 'ENABLED'
else:
result = (False, 'INVALID_ACTION')
msg = i.get('msg', None)
if result[0] is True:
raise web.seeother('/domains?msg=%s' % msg)
else:
raise web.seeother('/domains?msg=' + web.urlquote(result[1]))
def GET(self, cur_page=1):
i = web.input()
cur_page = int(cur_page)
if cur_page == 0:
cur_page == 1
domainLib = domainlib.Domain()
result = domainLib.listAccounts()
if result[0] is True:
allDomains = result[1]
# Get value of accountSetting.
allAccountSettings = ldaputils.getAccountSettingFromLdapQueryResult(
allDomains,
key='domainName',
)
else:
return result
connutils = connUtils.Utils()
sl = connutils.getSizelimitFromAccountLists(
allDomains,
curPage=cur_page,
sizelimit=session.get('pageSizeLimit', 50),
)
if cur_page > sl.get('totalPages'):
cur_page = sl.get('totalPages')
return web.render(
'ldap/domain/list.html',
cur_page=cur_page,
total=sl.get('totalAccounts'),
allDomains=sl.get('accountList'),
allAccountSettings=allAccountSettings,
msg=i.get('msg', None),
)
def POST(self, profile_type, domain):
self.profile_type = web.safestr(profile_type)
self.domain = web.safestr(domain)
i = web.input()
if self.domain != web.safestr(i.get('domainName', None)):
return web.seeother(
'/profile/domain/%s/%s?msg=DOMAIN_NAME_MISMATCH' %
(self.profile_type, self.domain))
domainLib = domainlib.Domain()
result = domainLib.update(
profile_type=self.profile_type,
domain=self.domain,
data=i,
)
if result[0] is True:
return web.seeother(
'/profile/domain/%s/%s?msg=PROFILE_UPDATED_SUCCESS' %
(self.profile_type, self.domain))
elif result[0] is False:
return web.seeother('/profile/domain/%s/%s?msg=%s' %
(self.profile_type, self.domain, result[1]))
def GET(self, domainName=None):
i = web.input()
if domainName is None:
self.cur_domain = ''
else:
self.cur_domain = web.safestr(domainName)
domainLib = domainlib.Domain()
result = domainLib.listAccounts(attrs=[
'domainName',
'accountSetting',
'domainCurrentQuotaSize',
])
if result[0] is True:
allDomains = result[1]
if len(allDomains) == 0:
raise web.seeother('/domains?msg=NO_DOMAIN_AVAILABLE')
else:
# Redirect to create new user under first domain, so that we
# can get per-domain account settings, such as number of
# account limit, password length control, etc.
if self.cur_domain == '':
raise web.seeother('/create/user/' +
str(allDomains[0][1]['domainName'][0]))
# Get accountSetting of current domain.
allAccountSettings = ldaputils.getAccountSettingFromLdapQueryResult(
allDomains, key='domainName')
domainAccountSetting = allAccountSettings.get(self.cur_domain, {})
defaultUserQuota = domainLib.getDomainDefaultUserQuota(
self.cur_domain, domainAccountSetting)
else:
raise web.seeother('/domains?msg=' % web.urlquote(result[1]))
# Get number of account limit.
connutils = connUtils.Utils()
result = connutils.getNumberOfCurrentAccountsUnderDomain(
self.cur_domain,
accountType='user',
)
if result[0] is True:
numberOfCurrentAccounts = result[1]
else:
numberOfCurrentAccounts = 0
# Get current domain quota size.
result = connutils.getDomainCurrentQuotaSizeFromLDAP(
domain=self.cur_domain)
if result[0] is True:
domainCurrentQuotaSize = result[1]
else:
# -1 means temporary error. Don't allow to create new user.
domainCurrentQuotaSize = -1
return web.render('ldap/user/create.html',
cur_domain=self.cur_domain,
allDomains=allDomains,
defaultUserQuota=defaultUserQuota,
domainAccountSetting=domainAccountSetting,
numberOfCurrentAccounts=numberOfCurrentAccounts,
domainCurrentQuotaSize=domainCurrentQuotaSize,
msg=i.get('msg'))
def add(self, domain, data):
# Get domain name, username, cn.
self.domain = web.safestr(data.get('domainName')).strip().lower()
self.username = web.safestr(data.get('username')).strip().lower()
self.mail = self.username + '@' + self.domain
self.groups = data.get('groups', [])
if not iredutils.isDomain(self.domain) or not iredutils.isEmail(
self.mail):
return (False, 'MISSING_DOMAIN_OR_USERNAME')
# Check account existing.
connutils = connUtils.Utils()
if connutils.isAccountExists(domain=self.domain,
filter='(mail=%s)' % self.mail):
return (False, 'ALREADY_EXISTS')
# Get @domainAccountSetting.
domainLib = domainlib.Domain()
result_domain_profile = domainLib.profile(self.domain)
# Initial parameters.
domainAccountSetting = {}
self.aliasDomains = []
if result_domain_profile[0] is True:
domainProfile = result_domain_profile[1]
domainAccountSetting = ldaputils.getAccountSettingFromLdapQueryResult(
domainProfile, key='domainName').get(self.domain, {})
self.aliasDomains = domainProfile[0][1].get('domainAliasName', [])
# Check password.
self.newpw = web.safestr(data.get('newpw'))
self.confirmpw = web.safestr(data.get('confirmpw'))
result = iredutils.verifyNewPasswords(
self.newpw,
self.confirmpw,
min_passwd_length=domainAccountSetting.get('minPasswordLength',
'0'),
max_passwd_length=domainAccountSetting.get('maxPasswordLength',
'0'),
)
if result[0] is True:
self.passwd = ldaputils.generatePasswd(result[1])
else:
return result
# Get display name.
self.cn = data.get('cn')
# Get user quota. Unit is MB.
# 0 or empty is not allowed if domain quota is set, set to
# @defaultUserQuota or @domainSpareQuotaSize
# Initial final mailbox quota.
self.quota = 0
# Get mail quota from web form.
defaultUserQuota = domainLib.getDomainDefaultUserQuota(
self.domain, domainAccountSetting)
self.mailQuota = str(data.get('mailQuota')).strip()
if self.mailQuota.isdigit():
self.mailQuota = int(self.mailQuota)
else:
self.mailQuota = defaultUserQuota
# 0 means unlimited.
domainQuotaSize, domainQuotaUnit = domainAccountSetting.get(
'domainQuota', '0:GB').split(':')
if int(domainQuotaSize) == 0:
# Unlimited.
self.quota = self.mailQuota
else:
# Get domain quota, convert to MB.
if domainQuotaUnit == 'TB':
domainQuota = int(domainQuotaSize) * 1024 * 1024 # TB
elif domainQuotaUnit == 'GB':
domainQuota = int(domainQuotaSize) * 1024 # GB
else:
domainQuota = int(domainQuotaSize) # MB
# TODO Query whole domain and calculate current quota size, not read from domain profile.
#domainCurrentQuotaSize = int(domainProfile[0][1].get('domainCurrentQuotaSize', ['0'])[0]) / (1024*1024)
result = connutils.getDomainCurrentQuotaSizeFromLDAP(
domain=self.domain)
if result[0] is True:
domainCurrentQuotaSize = result[1]
else:
domainCurrentQuotaSize = 0
# Spare quota.
domainSpareQuotaSize = domainQuota - domainCurrentQuotaSize / (
1024 * 1024)
if domainSpareQuotaSize <= 0:
return (False, 'EXCEEDED_DOMAIN_QUOTA_SIZE')
# Get FINAL mailbox quota.
if self.mailQuota == 0:
self.quota = domainSpareQuotaSize
else:
if domainSpareQuotaSize > self.mailQuota:
self.quota = self.mailQuota
else:
self.quota = domainSpareQuotaSize
# Get default groups.
self.groups = [
web.safestr(v)
for v in domainAccountSetting.get('defaultList', '').split(',')
if iredutils.isEmail(v)
]
self.defaultStorageBaseDirectory = domainAccountSetting.get(
'defaultStorageBaseDirectory', None)
# Get default mail list which set in domain accountSetting.
ldif = iredldif.ldif_mailuser(
domain=self.domain,
aliasDomains=self.aliasDomains,
username=self.username,
cn=self.cn,
passwd=self.passwd,
quota=self.quota,
groups=self.groups,
storageBaseDirectory=self.defaultStorageBaseDirectory,
)
if attrs.RDN_USER == 'mail':
self.dn = ldaputils.convKeywordToDN(self.mail, accountType='user')
elif attrs.RDN_USER == 'cn':
self.dn = 'cn=' + self.cn + ',' + attrs.DN_BETWEEN_USER_AND_DOMAIN + \
ldaputils.convKeywordToDN(self.domain, accountType='domain')
elif attrs.RDN_USER == 'uid':
self.dn = 'uid=' + self.username + ',' + attrs.DN_BETWEEN_USER_AND_DOMAIN + \
ldaputils.convKeywordToDN(self.domain, accountType='domain')
else:
return (False, 'UNSUPPORTED_USER_RDN')
try:
self.conn.add_s(
ldap.filter.escape_filter_chars(self.dn),
ldif,
)
web.logger(
msg="Create user: %s." % (self.mail),
domain=self.domain,
event='create',
)
return (True, )
except ldap.ALREADY_EXISTS:
return (False, 'ALREADY_EXISTS')
except Exception, e:
return (False, ldaputils.getExceptionDesc(e))
def GET(self, profile_type, mail):
self.mail = web.safestr(mail)
self.profile_type = web.safestr(profile_type)
if session.get('domainGlobalAdmin') is not True and session.get('username') != self.mail:
# Don't allow to view/update other admins' profile.
return web.seeother('/profile/admin/general/%s?msg=PERMISSION_DENIED' % session.get('username'))
adminLib = admin.Admin()
# Get admin profile.
result = adminLib.profile(self.mail)
if result[0] is not True:
return web.seeother('/admins?msg=' + result[1])
else:
self.admin_profile = result[1]
i = web.input()
if self.profile_type == 'general':
# Get available languages.
if result[0] is True:
###################
# Managed domains
#
# Check permission.
#if session.get('domainGlobalAdmin') is not True:
# return web.seeother('/profile/admin/general/%s?msg=PERMISSION_DENIED' % self.mail)
# Get all domains.
domainLib = domainlib.Domain()
resultOfAllDomains = domainLib.listAccounts(attrs=['domainName', 'cn', ])
if resultOfAllDomains[0] is True:
self.allDomains = resultOfAllDomains[1]
else:
return resultOfAllDomains
# Get domains under control.
resultOfManagedDomains = adminLib.getManagedDomains(mail=self.mail, attrs=['domainName', ])
if resultOfManagedDomains[0] is True:
self.managedDomains = []
for d in resultOfManagedDomains[1]:
if 'domainName' in d[1].keys():
self.managedDomains += d[1].get('domainName')
else:
return resultOfManagedDomains
return web.render(
'ldap/admin/profile.html',
mail=self.mail,
profile_type=self.profile_type,
profile=self.admin_profile,
languagemaps=languages.getLanguageMaps(),
allDomains=self.allDomains,
managedDomains=self.managedDomains,
msg=i.get('msg', None),
)
else:
return web.seeother('/profile/admin/%s/%s?msg=%s' % (self.profile_type, self.mail, result[1]))
elif self.profile_type == 'password':
return web.render('ldap/admin/profile.html',
mail=self.mail,
profile_type=self.profile_type,
profile=self.admin_profile,
min_passwd_length=cfg.general.get('min_passwd_length'),
max_passwd_length=cfg.general.get('max_passwd_length'),
msg=i.get('msg', None),
)
def GET(self):
i = web.input(_unicode=False,)
# Get queries.
self.event = web.safestr(i.get('event', 'all'))
self.domain = web.safestr(i.get('domain', 'all'))
self.admin = web.safestr(i.get('admin', 'all'))
self.cur_page = web.safestr(i.get('page', '1'))
if not self.cur_page.isdigit() or self.cur_page == '0':
self.cur_page = 1
else:
self.cur_page = int(self.cur_page)
logLib = loglib.Log()
total, entries = logLib.listLogs(
event=self.event,
domain=self.domain,
admin=self.admin,
cur_page=self.cur_page,
)
# Pre-defined
allDomains = []
allAdmins = []
if cfg.general.backend == 'ldap':
# Get all domains under control.
domainLib = domain.Domain()
result = domainLib.listAccounts(attrs=['domainName'])
if result[0] is True:
allDomains = [ v[1]['domainName'][0] for v in result[1] ]
# Get all admins.
if session.get('domainGlobalAdmin') is True:
adminLib = admin.Admin()
result = adminLib.listAccounts(attrs=['mail'])
if result[0] is not False:
allAdmins = [ v[1]['mail'][0] for v in result[1] ]
else:
allAdmins = [self.admin]
elif cfg.general.backend == 'mysql':
domainLib = domainlib.Domain()
qr = domainLib.getAllDomains(columns=['domain'])
if qr[0] is True:
for r in qr[1]:
allDomains += [r.domain]
# Get all admins.
if session.get('domainGlobalAdmin') is True:
adminLib = adminlib.Admin()
qr = adminLib.getAllAdmins(columns=['username'])
if qr[0] is True:
for r in qr[1]:
allAdmins += [r.username]
else:
allAdmins = [self.admin]
return web.render(
'panel/log.html',
event=self.event,
domain=self.domain,
admin=self.admin,
allEvents=LOG_EVENTS,
cur_page=self.cur_page,
total=total,
entries=entries,
allDomains=allDomains,
allAdmins=allAdmins,
msg=i.get('msg'),
)
def update(self, profile_type, mail, data):
self.profile_type = web.safestr(profile_type)
self.mail = str(mail).lower()
self.username, self.domain = self.mail.split('@', 1)
domainAccountSetting = {}
connutils = connUtils.Utils()
domainLib = domainlib.Domain()
# Get account dn.
self.dn = connutils.getDnWithKeyword(self.mail, accountType='user')
try:
result = domainLib.getDomainAccountSetting(domain=self.domain)
if result[0] is True:
domainAccountSetting = result[1]
except Exception as e:
pass
mod_attrs = []
if self.profile_type == 'general':
# Update domainGlobalAdmin=yes
if session.get('domainGlobalAdmin') is True:
# Update domainGlobalAdmin=yes
if 'domainGlobalAdmin' in data:
mod_attrs = [(ldap.MOD_REPLACE, 'domainGlobalAdmin', 'yes')
]
# Update enabledService=domainadmin
connutils.addOrDelAttrValue(
dn=self.dn,
attr='enabledService',
value='domainadmin',
action='add',
)
else:
mod_attrs = [(ldap.MOD_REPLACE, 'domainGlobalAdmin', None)]
# Remove enabledService=domainadmin
connutils.addOrDelAttrValue(
dn=self.dn,
attr='enabledService',
value='domainadmin',
action='delete',
)
# Get display name.
cn = data.get('cn', None)
mod_attrs += ldaputils.getSingleModAttr(attr='cn',
value=cn,
default=self.username)
first_name = data.get('first_name', '')
mod_attrs += ldaputils.getSingleModAttr(attr='givenName',
value=first_name,
default=self.username)
last_name = data.get('last_name', '')
mod_attrs += ldaputils.getSingleModAttr(attr='sn',
value=last_name,
default=self.username)
# Get preferred language: short lang code. e.g. en_US, de_DE.
preferred_lang = web.safestr(data.get('preferredLanguage',
'en_US'))
# Must be equal to or less than 5 characters.
if len(preferred_lang) > 5:
preferred_lang = preferred_lang[:5]
mod_attrs += [(ldap.MOD_REPLACE, 'preferredLanguage',
preferred_lang)]
# Update language immediately.
if session.get('username') == self.mail and \
session.get('lang', 'en_US') != preferred_lang:
session['lang'] = preferred_lang
# Update employeeNumber, mobile, title.
for tmp_attr in [
'employeeNumber',
'mobile',
'title',
]:
mod_attrs += ldaputils.getSingleModAttr(
attr=tmp_attr, value=data.get(tmp_attr), default=None)
############
# Get quota
# Get mail quota from web form.
quota = web.safestr(data.get('mailQuota', '')).strip()
oldquota = web.safestr(data.get('oldMailQuota', '')).strip()
if not oldquota.isdigit():
oldquota = 0
else:
oldquota = int(oldquota)
if quota == '' or not quota.isdigit():
# Don't touch it, keep original value.
pass
else:
# Assign quota which got from web form.
mailQuota = int(quota)
# If mailQuota > domainSpareQuotaSize, use domainSpareQuotaSize.
# if mailQuota < domainSpareQuotaSize, use mailQuota
# 0 means unlimited.
domainQuotaSize, domainQuotaUnit = domainAccountSetting.get(
'domainQuota', '0:GB').split(':')
if int(domainQuotaSize) == 0:
# Unlimited. Keep quota which got from web form.
mod_attrs += [(ldap.MOD_REPLACE, 'mailQuota',
str(mailQuota * 1024 * 1024))]
else:
# Get domain quota.
if domainQuotaUnit == 'TB':
domainQuota = int(domainQuotaSize) * 1024 * 1024 # TB
elif domainQuotaUnit == 'GB':
domainQuota = int(domainQuotaSize) * 1024 # GB
else:
domainQuota = int(domainQuotaSize) # MB
# Query LDAP and get current domain quota size.
result = connutils.getDomainCurrentQuotaSizeFromLDAP(
domain=self.domain)
if result[0] is True:
domainCurrentQuotaSizeInBytes = result[1]
else:
domainCurrentQuotaSizeInBytes = 0
# Spare quota.
domainSpareQuotaSize = (domainQuota + oldquota) - (
domainCurrentQuotaSizeInBytes / (1024 * 1024))
if domainSpareQuotaSize <= 0:
# Set to 1MB. don't exceed domain quota size.
mod_attrs += [(ldap.MOD_REPLACE, 'mailQuota',
str(1024 * 1024))]
else:
# Get FINAL mailbox quota.
if mailQuota >= domainSpareQuotaSize:
mailQuota = domainSpareQuotaSize
mod_attrs += [(ldap.MOD_REPLACE, 'mailQuota',
str(mailQuota * 1024 * 1024))]
# End quota
############
# Get telephoneNumber.
telephoneNumber = data.get('telephoneNumber', [])
nums = [str(num) for num in telephoneNumber if len(num) > 0]
mod_attrs += [(ldap.MOD_REPLACE, 'telephoneNumber', nums)]
# Get accountStatus.
if 'accountStatus' in list(data.keys()):
accountStatus = 'active'
else:
accountStatus = 'disabled'
mod_attrs += [(ldap.MOD_REPLACE, 'accountStatus', accountStatus)]
elif self.profile_type == 'password':
# Get password length from @domainAccountSetting.
minPasswordLength = domainAccountSetting.get(
'minPasswordLength', settings.min_passwd_length)
maxPasswordLength = domainAccountSetting.get(
'maxPasswordLength', settings.max_passwd_length)
# Get new passwords from user input.
self.newpw = str(data.get('newpw', None))
self.confirmpw = str(data.get('confirmpw', None))
result = iredutils.verify_new_password(
newpw=self.newpw,
confirmpw=self.confirmpw,
min_passwd_length=minPasswordLength,
max_passwd_length=maxPasswordLength,
)
if result[0] is True:
if 'storePasswordInPlainText' in data and settings.STORE_PASSWORD_IN_PLAIN_TEXT:
self.passwd = iredutils.generate_password_hash(
result[1], pwscheme='PLAIN')
else:
self.passwd = iredutils.generate_password_hash(result[1])
mod_attrs += [(ldap.MOD_REPLACE, 'userPassword', self.passwd)]
mod_attrs += [(ldap.MOD_REPLACE, 'shadowLastChange',
str(ldaputils.getDaysOfShadowLastChange()))]
else:
return result
try:
self.conn.modify_s(self.dn, mod_attrs)
return (True, )
except Exception as e:
return (False, ldaputils.getExceptionDesc(e))
