def update(self, profile_type, mail, data): self.profile_type = web.safestr(profile_type) self.mail = web.safestr(mail) self.username, self.domain = self.mail.split('@', 1) if session.get('domainGlobalAdmin' ) is not True and session.get('username') != self.mail: # Don't allow to view/update other admins' profile. return (False, 'PERMISSION_DENIED') self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType='admin') if self.dn[0] is False: return self.dn mod_attrs = [] if self.profile_type == 'general': # Get preferredLanguage. lang = web.safestr(data.get('preferredLanguage', 'en_US')) mod_attrs += [(ldap.MOD_REPLACE, 'preferredLanguage', lang)] # Get cn. cn = data.get('cn', None) mod_attrs += ldaputils.getSingleModAttr(attr='cn', value=cn, default=self.username) first_name = data.get('first_name', '') mod_attrs += ldaputils.getSingleModAttr(attr='givenName', value=first_name, default=self.username) last_name = data.get('last_name', '') mod_attrs += ldaputils.getSingleModAttr(attr='sn', value=last_name, default=self.username) # Get accountStatus. if 'accountStatus' in data.keys(): accountStatus = 'active' else: accountStatus = 'disabled' mod_attrs += [(ldap.MOD_REPLACE, 'accountStatus', accountStatus)] try: # Modify profiles. self.conn.modify_s(self.dn, mod_attrs) if session.get('username') == self.mail and \ session.get('lang', 'en_US') != lang: session['lang'] = lang except ldap.LDAPError, e: return (False, ldaputils.getExceptionDesc(e))
def update(self, profile_type, mail, data): self.profile_type = web.safestr(profile_type) self.mail = web.safestr(mail) self.username, self.domain = self.mail.split('@', 1) if session.get('domainGlobalAdmin') is not True and session.get('username') != self.mail: # Don't allow to view/update other admins' profile. return (False, 'PERMISSION_DENIED') self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType='admin') if self.dn[0] is False: return self.dn mod_attrs = [] if self.profile_type == 'general': # Get preferredLanguage. lang = web.safestr(data.get('preferredLanguage', 'en_US')) mod_attrs += [(ldap.MOD_REPLACE, 'preferredLanguage', lang)] # Get cn. cn = data.get('cn', None) mod_attrs += ldaputils.getSingleModAttr(attr='cn', value=cn, default=self.username) first_name = data.get('first_name', '') mod_attrs += ldaputils.getSingleModAttr(attr='givenName', value=first_name, default=self.username) last_name = data.get('last_name', '') mod_attrs += ldaputils.getSingleModAttr(attr='sn', value=last_name, default=self.username) # Get accountStatus. if 'accountStatus' in data.keys(): accountStatus = 'active' else: accountStatus = 'disabled' mod_attrs += [(ldap.MOD_REPLACE, 'accountStatus', accountStatus)] try: # Modify profiles. self.conn.modify_s(self.dn, mod_attrs) if session.get('username') == self.mail and \ session.get('lang', 'en_US') != lang: session['lang'] = lang except ldap.LDAPError, e: return (False, ldaputils.getExceptionDesc(e))
def update(self, profile_type, mail, data): self.profile_type = web.safestr(profile_type) self.mail = web.safestr(mail) self.username, self.domain = self.mail.split("@", 1) if session.get("domainGlobalAdmin") is not True and session.get("username") != self.mail: # Don't allow to view/update other admins' profile. return (False, "PERMISSION_DENIED") self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType="admin") if self.dn[0] is False: return self.dn mod_attrs = [] if self.profile_type == "general": # Get preferredLanguage. lang = web.safestr(data.get("preferredLanguage", "en_US")) mod_attrs += [(ldap.MOD_REPLACE, "preferredLanguage", lang)] # Get cn. cn = data.get("cn", None) mod_attrs += ldaputils.getSingleModAttr(attr="cn", value=cn, default=self.username) first_name = data.get("first_name", "") mod_attrs += ldaputils.getSingleModAttr(attr="givenName", value=first_name, default=self.username) last_name = data.get("last_name", "") mod_attrs += ldaputils.getSingleModAttr(attr="sn", value=last_name, default=self.username) # Get accountStatus. if "accountStatus" in data.keys(): accountStatus = "active" else: accountStatus = "disabled" mod_attrs += [(ldap.MOD_REPLACE, "accountStatus", accountStatus)] try: # Modify profiles. self.conn.modify_s(self.dn, mod_attrs) if session.get("username") == self.mail and session.get("lang", "en_US") != lang: session["lang"] = lang except ldap.LDAPError, e: return (False, ldaputils.getExceptionDesc(e))
def update(self, profile_type, domain, data): self.profile_type = web.safestr(profile_type) self.domain = web.safestr(domain) self.domaindn = ldaputils.convert_keyword_to_dn(self.domain, accountType='domain') if self.domaindn[0] is False: return self.domaindn connutils = connUtils.Utils() self.accountSetting = [] mod_attrs = [] # Allow normal admin to update profiles. if self.profile_type == 'general': cn = data.get('cn', None) mod_attrs += ldaputils.getSingleModAttr(attr='cn', value=cn, default=self.domain) # Allow global admin to update profiles. if session.get('domainGlobalAdmin') is True: if self.profile_type == 'general': # Get accountStatus. if 'accountStatus' in data.keys(): accountStatus = 'active' else: accountStatus = 'disabled' mod_attrs += [(ldap.MOD_REPLACE, 'accountStatus', accountStatus)] try: dn = ldaputils.convert_keyword_to_dn(self.domain, accountType='domain') if dn[0] is False: return dn self.conn.modify_s(dn, mod_attrs) web.logger( msg="Update domain profile: %s (%s)." % (domain, profile_type), domain=domain, event='update', ) return (True, ) except Exception, e: return (False, ldaputils.getExceptionDesc(e))
def update(self, profile_type, domain, data): self.profile_type = web.safestr(profile_type) self.domain = web.safestr(domain) self.domaindn = ldaputils.convert_keyword_to_dn(self.domain, accountType='domain') if self.domaindn[0] is False: return self.domaindn connutils = connUtils.Utils() self.accountSetting = [] mod_attrs = [] # Allow normal admin to update profiles. if self.profile_type == 'general': cn = data.get('cn', None) mod_attrs += ldaputils.getSingleModAttr(attr='cn', value=cn, default=self.domain) # Allow global admin to update profiles. if session.get('domainGlobalAdmin') is True: if self.profile_type == 'general': # Get accountStatus. if 'accountStatus' in data.keys(): accountStatus = 'active' else: accountStatus = 'disabled' mod_attrs += [(ldap.MOD_REPLACE, 'accountStatus', accountStatus)] try: dn = ldaputils.convert_keyword_to_dn(self.domain, accountType='domain') if dn[0] is False: return dn self.conn.modify_s(dn, mod_attrs) web.logger(msg="Update domain profile: %s (%s)." % (domain, profile_type), domain=domain, event='update', ) return (True,) except Exception, e: return (False, ldaputils.getExceptionDesc(e))
def update(self, profile_type, domain, data): self.profile_type = web.safestr(profile_type) self.domain = web.safestr(domain) self.domaindn = ldaputils.convKeywordToDN(self.domain, accountType='domain') connutils = connUtils.Utils() self.accountSetting = [] mod_attrs = [] # Allow normal admin to update profiles. if self.profile_type == 'general': cn = data.get('cn', None) mod_attrs += ldaputils.getSingleModAttr(attr='cn', value=cn, default=self.domain) else: pass # Allow global admin to update profiles. if session.get('domainGlobalAdmin') is True: if self.profile_type == 'general': # Get accountStatus. if 'accountStatus' in data.keys(): accountStatus = 'active' else: accountStatus = 'disabled' mod_attrs += [ (ldap.MOD_REPLACE, 'accountStatus', accountStatus) ] else: pass else: pass try: dn = ldaputils.convKeywordToDN(self.domain, accountType='domain') self.conn.modify_s(dn, mod_attrs) return (True,) except Exception, e: return (False, ldaputils.getExceptionDesc(e))
# Get account dn. self.dn = connutils.getDnWithKeyword(self.mail, accountType='user') try: result = domainLib.getDomainAccountSetting(domain=self.domain) if result[0] is True: domainAccountSetting = result[1] except Exception, e: pass mod_attrs = [] if self.profile_type == 'general': # Get cn. cn = data.get('cn', None) mod_attrs += ldaputils.getSingleModAttr(attr='cn', value=cn, default=self.mail.split('@')[0]) # Update employeeNumber, mobile, title. for tmp_attr in ['employeeNumber', 'mobile', 'title',]: mod_attrs += ldaputils.getSingleModAttr(attr=tmp_attr, value=data.get(tmp_attr), default=None) ############ # Get quota # Get mail quota from web form. quota = web.safestr(data.get('mailQuota', '')).strip() oldquota = web.safestr(data.get('oldMailQuota', '')).strip() if not oldquota.isdigit(): oldquota = 0 else: oldquota = int(oldquota)
def update(self, profile_type, mail, data): self.profile_type = web.safestr(profile_type) self.mail = web.safestr(mail) if session.get('domainGlobalAdmin' ) is not True and session.get('username') != self.mail: # Don't allow to view/update other admins' profile. return (False, 'PERMISSION_DENIED') self.dn = ldaputils.convKeywordToDN(self.mail, accountType='admin') mod_attrs = [] if self.profile_type == 'general': # Get preferredLanguage. self.lang = web.safestr(data.get('preferredLanguage', 'en_US')) mod_attrs += [(ldap.MOD_REPLACE, 'preferredLanguage', self.lang)] # Get cn. cn = data.get('cn', None) mod_attrs += ldaputils.getSingleModAttr( attr='cn', value=cn, default=self.mail.split('@')[0], ) # Get accountStatus. if 'accountStatus' in data.keys(): accountStatus = 'active' else: accountStatus = 'disabled' mod_attrs += [(ldap.MOD_REPLACE, 'accountStatus', accountStatus)] try: # Modify profiles. self.conn.modify_s(self.dn, mod_attrs) if session.get('username') == self.mail: session['lang'] = self.lang except ldap.LDAPError, e: return (False, ldaputils.getExceptionDesc(e)) ######################### # Managed domains # if session.get('domainGlobalAdmin') is not True: return (False, 'PERMISSION_DENIED') # Get domains under control. result = self.getManagedDomains(mail=self.mail, attrs=[ 'domainName', ]) if result[0] is True: self.managedDomains = [] for d in result[1]: if 'domainName' in d[1].keys(): self.managedDomains += d[1].get('domainName') else: return result # Get domains from web form. self.newmd = [ web.safestr(v) for v in data.get('domainName', []) if iredutils.isDomain(v) ] # Compare two lists, get domain list which need to remove or add domain admins. self.domainsRemoveAdmins = [ str(v) for v in self.managedDomains if v not in self.newmd and iredutils.isDomain(v) ] self.domainsAddAdmins = [ str(v) for v in self.newmd if v not in self.managedDomains and iredutils.isDomain(v) ] connutils = connUtils.Utils() for i in self.domainsRemoveAdmins: result = connutils.addOrDelAttrValue( dn=ldaputils.convKeywordToDN(i, accountType='domain'), attr='domainAdmin', value=self.mail, action='delete', ) if result[0] is False: return result for i in self.domainsAddAdmins: result = connutils.addOrDelAttrValue( dn=ldaputils.convKeywordToDN(i, accountType='domain'), attr='domainAdmin', value=self.mail, action='add', ) if result[0] is False: return result return (True, )
# Get account dn. self.dn = connutils.getDnWithKeyword(self.mail, accountType='user') try: result = domainLib.getDomainAccountSetting(domain=self.domain) if result[0] is True: domainAccountSetting = result[1] except Exception, e: pass mod_attrs = [] if self.profile_type == 'general': # Get cn. cn = data.get('cn', None) mod_attrs += ldaputils.getSingleModAttr( attr='cn', value=cn, default=self.mail.split('@')[0]) # Update employeeNumber, mobile, title. for tmp_attr in [ 'employeeNumber', 'mobile', 'title', ]: mod_attrs += ldaputils.getSingleModAttr( attr=tmp_attr, value=data.get(tmp_attr), default=None) ############ # Get quota # Get mail quota from web form. quota = web.safestr(data.get('mailQuota', '')).strip()
def update(self, profile_type, mail, data): self.profile_type = web.safestr(profile_type) self.mail = web.safestr(mail) self.username, self.domain = self.mail.split('@', 1) if session.get('domainGlobalAdmin') is not True and session.get('username') != self.mail: # Don't allow to view/update other admins' profile. return (False, 'PERMISSION_DENIED') self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType='admin') if self.dn[0] is False: return self.dn mod_attrs = [] if self.profile_type == 'general': # Get preferredLanguage. lang = web.safestr(data.get('preferredLanguage', 'en_US')) mod_attrs += [(ldap.MOD_REPLACE, 'preferredLanguage', lang)] # Get cn. cn = data.get('cn', None) mod_attrs += ldaputils.getSingleModAttr(attr='cn', value=cn, default=self.username) first_name = data.get('first_name', '') mod_attrs += ldaputils.getSingleModAttr(attr='givenName', value=first_name, default=self.username) last_name = data.get('last_name', '') mod_attrs += ldaputils.getSingleModAttr(attr='sn', value=last_name, default=self.username) # Get accountStatus. if 'accountStatus' in list(data.keys()): accountStatus = 'active' else: accountStatus = 'disabled' mod_attrs += [(ldap.MOD_REPLACE, 'accountStatus', accountStatus)] try: # Modify profiles. self.conn.modify_s(self.dn, mod_attrs) if session.get('username') == self.mail and \ session.get('lang', 'en_US') != lang: session['lang'] = lang except ldap.LDAPError as e: return (False, ldaputils.getExceptionDesc(e)) elif self.profile_type == 'password': self.cur_passwd = data.get('oldpw', None) self.newpw = web.safestr(data.get('newpw')) self.confirmpw = web.safestr(data.get('confirmpw')) result = iredutils.verify_new_password(self.newpw, self.confirmpw) if result[0] is True: self.passwd = result[1] else: return result # Change password. if self.cur_passwd is None and session.get('domainGlobalAdmin') is True: # Reset password without verify old password. self.cur_passwd = None else: self.cur_passwd = str(self.cur_passwd) connutils = connUtils.Utils() result = connutils.changePasswd(dn=self.dn, cur_passwd=self.cur_passwd, newpw=self.passwd,) if result[0] is True: return (True,) else: return result return (True,)
action='add', ) else: mod_attrs = [(ldap.MOD_REPLACE, 'domainGlobalAdmin', None)] # Remove enabledService=domainadmin connutils.addOrDelAttrValue( dn=self.dn, attr='enabledService', value='domainadmin', action='delete', ) # Get display name. cn = data.get('cn', None) mod_attrs += ldaputils.getSingleModAttr(attr='cn', value=cn, default=self.username) first_name = data.get('first_name', '') mod_attrs += ldaputils.getSingleModAttr(attr='givenName', value=first_name, default=self.username) last_name = data.get('last_name', '') mod_attrs += ldaputils.getSingleModAttr(attr='sn', value=last_name, default=self.username) # Get preferred language: short lang code. e.g. en_US, de_DE. preferred_lang = web.safestr(data.get('preferredLanguage', 'en_US'))
def update(self, profile_type, mail, data): self.profile_type = web.safestr(profile_type) self.mail = str(mail).lower() self.username, self.domain = self.mail.split('@', 1) domainAccountSetting = {} connutils = connUtils.Utils() domainLib = domainlib.Domain() # Get account dn. self.dn = connutils.getDnWithKeyword(self.mail, accountType='user') try: result = domainLib.getDomainAccountSetting(domain=self.domain) if result[0] is True: domainAccountSetting = result[1] except Exception as e: pass mod_attrs = [] if self.profile_type == 'general': # Update domainGlobalAdmin=yes if session.get('domainGlobalAdmin') is True: # Update domainGlobalAdmin=yes if 'domainGlobalAdmin' in data: mod_attrs = [(ldap.MOD_REPLACE, 'domainGlobalAdmin', 'yes') ] # Update enabledService=domainadmin connutils.addOrDelAttrValue( dn=self.dn, attr='enabledService', value='domainadmin', action='add', ) else: mod_attrs = [(ldap.MOD_REPLACE, 'domainGlobalAdmin', None)] # Remove enabledService=domainadmin connutils.addOrDelAttrValue( dn=self.dn, attr='enabledService', value='domainadmin', action='delete', ) # Get display name. cn = data.get('cn', None) mod_attrs += ldaputils.getSingleModAttr(attr='cn', value=cn, default=self.username) first_name = data.get('first_name', '') mod_attrs += ldaputils.getSingleModAttr(attr='givenName', value=first_name, default=self.username) last_name = data.get('last_name', '') mod_attrs += ldaputils.getSingleModAttr(attr='sn', value=last_name, default=self.username) # Get preferred language: short lang code. e.g. en_US, de_DE. preferred_lang = web.safestr(data.get('preferredLanguage', 'en_US')) # Must be equal to or less than 5 characters. if len(preferred_lang) > 5: preferred_lang = preferred_lang[:5] mod_attrs += [(ldap.MOD_REPLACE, 'preferredLanguage', preferred_lang)] # Update language immediately. if session.get('username') == self.mail and \ session.get('lang', 'en_US') != preferred_lang: session['lang'] = preferred_lang # Update employeeNumber, mobile, title. for tmp_attr in [ 'employeeNumber', 'mobile', 'title', ]: mod_attrs += ldaputils.getSingleModAttr( attr=tmp_attr, value=data.get(tmp_attr), default=None) ############ # Get quota # Get mail quota from web form. quota = web.safestr(data.get('mailQuota', '')).strip() oldquota = web.safestr(data.get('oldMailQuota', '')).strip() if not oldquota.isdigit(): oldquota = 0 else: oldquota = int(oldquota) if quota == '' or not quota.isdigit(): # Don't touch it, keep original value. pass else: # Assign quota which got from web form. mailQuota = int(quota) # If mailQuota > domainSpareQuotaSize, use domainSpareQuotaSize. # if mailQuota < domainSpareQuotaSize, use mailQuota # 0 means unlimited. domainQuotaSize, domainQuotaUnit = domainAccountSetting.get( 'domainQuota', '0:GB').split(':') if int(domainQuotaSize) == 0: # Unlimited. Keep quota which got from web form. mod_attrs += [(ldap.MOD_REPLACE, 'mailQuota', str(mailQuota * 1024 * 1024))] else: # Get domain quota. if domainQuotaUnit == 'TB': domainQuota = int(domainQuotaSize) * 1024 * 1024 # TB elif domainQuotaUnit == 'GB': domainQuota = int(domainQuotaSize) * 1024 # GB else: domainQuota = int(domainQuotaSize) # MB # Query LDAP and get current domain quota size. result = connutils.getDomainCurrentQuotaSizeFromLDAP( domain=self.domain) if result[0] is True: domainCurrentQuotaSizeInBytes = result[1] else: domainCurrentQuotaSizeInBytes = 0 # Spare quota. domainSpareQuotaSize = (domainQuota + oldquota) - ( domainCurrentQuotaSizeInBytes / (1024 * 1024)) if domainSpareQuotaSize <= 0: # Set to 1MB. don't exceed domain quota size. mod_attrs += [(ldap.MOD_REPLACE, 'mailQuota', str(1024 * 1024))] else: # Get FINAL mailbox quota. if mailQuota >= domainSpareQuotaSize: mailQuota = domainSpareQuotaSize mod_attrs += [(ldap.MOD_REPLACE, 'mailQuota', str(mailQuota * 1024 * 1024))] # End quota ############ # Get telephoneNumber. telephoneNumber = data.get('telephoneNumber', []) nums = [str(num) for num in telephoneNumber if len(num) > 0] mod_attrs += [(ldap.MOD_REPLACE, 'telephoneNumber', nums)] # Get accountStatus. if 'accountStatus' in list(data.keys()): accountStatus = 'active' else: accountStatus = 'disabled' mod_attrs += [(ldap.MOD_REPLACE, 'accountStatus', accountStatus)] elif self.profile_type == 'password': # Get password length from @domainAccountSetting. minPasswordLength = domainAccountSetting.get( 'minPasswordLength', settings.min_passwd_length) maxPasswordLength = domainAccountSetting.get( 'maxPasswordLength', settings.max_passwd_length) # Get new passwords from user input. self.newpw = str(data.get('newpw', None)) self.confirmpw = str(data.get('confirmpw', None)) result = iredutils.verify_new_password( newpw=self.newpw, confirmpw=self.confirmpw, min_passwd_length=minPasswordLength, max_passwd_length=maxPasswordLength, ) if result[0] is True: if 'storePasswordInPlainText' in data and settings.STORE_PASSWORD_IN_PLAIN_TEXT: self.passwd = iredutils.generate_password_hash( result[1], pwscheme='PLAIN') else: self.passwd = iredutils.generate_password_hash(result[1]) mod_attrs += [(ldap.MOD_REPLACE, 'userPassword', self.passwd)] mod_attrs += [(ldap.MOD_REPLACE, 'shadowLastChange', str(ldaputils.getDaysOfShadowLastChange()))] else: return result try: self.conn.modify_s(self.dn, mod_attrs) return (True, ) except Exception as e: return (False, ldaputils.getExceptionDesc(e))
def update(self, profile_type, mail, data): self.profile_type = web.safestr(profile_type) self.mail = web.safestr(mail) if session.get('domainGlobalAdmin') is not True and session.get('username') != self.mail: # Don't allow to view/update other admins' profile. return (False, 'PERMISSION_DENIED') self.dn = ldaputils.convKeywordToDN(self.mail, accountType='admin') mod_attrs = [] if self.profile_type == 'general': # Get preferredLanguage. self.lang = web.safestr(data.get('preferredLanguage', 'en_US')) mod_attrs += [(ldap.MOD_REPLACE, 'preferredLanguage', self.lang)] # Get cn. cn = data.get('cn', None) mod_attrs += ldaputils.getSingleModAttr(attr='cn', value=cn, default=self.mail.split('@')[0],) # Get accountStatus. if 'accountStatus' in data.keys(): accountStatus = 'active' else: accountStatus = 'disabled' mod_attrs += [ (ldap.MOD_REPLACE, 'accountStatus', accountStatus) ] try: # Modify profiles. self.conn.modify_s(self.dn, mod_attrs) if session.get('username') == self.mail: session['lang'] = self.lang except ldap.LDAPError, e: return (False, ldaputils.getExceptionDesc(e)) ######################### # Managed domains # if session.get('domainGlobalAdmin') is not True: return (False, 'PERMISSION_DENIED') # Get domains under control. result = self.getManagedDomains(mail=self.mail, attrs=['domainName',]) if result[0] is True: self.managedDomains = [] for d in result[1]: if 'domainName' in d[1].keys(): self.managedDomains += d[1].get('domainName') else: return result # Get domains from web form. self.newmd = [web.safestr(v) for v in data.get('domainName', []) if iredutils.isDomain(v)] # Compare two lists, get domain list which need to remove or add domain admins. self.domainsRemoveAdmins = [str(v) for v in self.managedDomains if v not in self.newmd and iredutils.isDomain(v) ] self.domainsAddAdmins = [str(v) for v in self.newmd if v not in self.managedDomains and iredutils.isDomain(v) ] connutils = connUtils.Utils() for i in self.domainsRemoveAdmins: result = connutils.addOrDelAttrValue( dn=ldaputils.convKeywordToDN(i, accountType='domain'), attr='domainAdmin', value=self.mail, action='delete', ) if result[0] is False: return result for i in self.domainsAddAdmins: result = connutils.addOrDelAttrValue( dn=ldaputils.convKeywordToDN(i, accountType='domain'), attr='domainAdmin', value=self.mail, action='add', ) if result[0] is False: return result return (True,)
if self.profile_type == "general": # Update domainGlobalAdmin=yes if session.get("domainGlobalAdmin") is True: # Update domainGlobalAdmin=yes if "domainGlobalAdmin" in data: mod_attrs = [(ldap.MOD_REPLACE, "domainGlobalAdmin", "yes")] # Update enabledService=domainadmin connutils.addOrDelAttrValue(dn=self.dn, attr="enabledService", value="domainadmin", action="add") else: mod_attrs = [(ldap.MOD_REPLACE, "domainGlobalAdmin", None)] # Remove enabledService=domainadmin connutils.addOrDelAttrValue(dn=self.dn, attr="enabledService", value="domainadmin", action="delete") # Get display name. cn = data.get("cn", None) mod_attrs += ldaputils.getSingleModAttr(attr="cn", value=cn, default=self.username) first_name = data.get("first_name", "") mod_attrs += ldaputils.getSingleModAttr(attr="givenName", value=first_name, default=self.username) last_name = data.get("last_name", "") mod_attrs += ldaputils.getSingleModAttr(attr="sn", value=last_name, default=self.username) # Get preferred language: short lang code. e.g. en_US, de_DE. preferred_lang = web.safestr(data.get("preferredLanguage", "en_US")) # Must be equal to or less than 5 characters. if len(preferred_lang) > 5: preferred_lang = preferred_lang[:5] mod_attrs += [(ldap.MOD_REPLACE, "preferredLanguage", preferred_lang)] # Update language immediately. if session.get("username") == self.mail and session.get("lang", "en_US") != preferred_lang: