コード例 #1
0
 def form(self):
     # make configuration data available on form context
     self.props = ILDAPProps(self.plugin)
     self.users = ILDAPUsersConfig(self.plugin)
     self.groups = ILDAPGroupsConfig(self.plugin)
     # prepare users data on form context
     self.users_attrmap = odict()
     for key in self.static_attrs_users:
         self.users_attrmap[key] = self.users.attrmap.get(key)
     self.users_propsheet_attrmap = odict()
     for key, value in self.users.attrmap.items():
         if key in self.static_attrs_users:
             continue
         self.users_propsheet_attrmap[key] = value
     # prepare groups data on form context
     self.groups_attrmap = odict()
     for key in self.static_attrs_groups:
         self.groups_attrmap[key] = self.groups.attrmap.get(key)
     self.groups_propsheet_attrmap = odict()
     for key, value in self.groups.attrmap.items():
         if key in self.static_attrs_groups:
             continue
         self.groups_propsheet_attrmap[key] = value
     # handle form
     form = parse_from_YAML('pas.plugins.ldap:properties.yaml', self, _)
     controller = Controller(form, self.request)
     if not controller.next:
         return controller.rendered
     self.request.RESPONSE.redirect(controller.next)
     return u''
コード例 #2
0
 def connection_test(self):
     props = ILDAPProps(self.plugin)
     users = ILDAPUsersConfig(self.plugin)
     groups = ILDAPGroupsConfig(self.plugin)
     ugm = Ugm('test', props=props, ucfg=users, gcfg=groups)
     try:
         ugm.users.iterkeys().next()
     except ldap.SERVER_DOWN, e:
         return False, _("Server Down")
コード例 #3
0
 def _ugm(self):
     plugin_cache = get_plugin_cache(self)
     ugm = plugin_cache.get()
     if ugm is not VALUE_NOT_CACHED:
         return ugm
     props = ILDAPProps(self)
     ucfg = ILDAPUsersConfig(self)
     gcfg = ILDAPGroupsConfig(self)
     ugm = Ugm(props=props, ucfg=ucfg, gcfg=gcfg, rcfg=None)
     plugin_cache.set(ugm)
     return ugm
コード例 #4
0
ファイル: properties.py プロジェクト: disko/pas.plugins.ldap
 def save(self, widget, data):
     props =  ILDAPProps(self.plugin)
     users =  ILDAPUsersConfig(self.plugin)
     groups = ILDAPGroupsConfig(self.plugin)
     def fetch(name):
         name = 'ldapsettings.%s' % name
         __traceback_info__ = name
         return data.fetch(name).extracted
     props.uri = fetch('server.uri')
     props.user = fetch('server.user')
     password = fetch('server.password')
     if password is not UNSET:
         props.password = password
     # XXX: later
     #props.start_tls = fetch('server.start_tls')
     #props.tls_cacertfile = fetch('server.tls_cacertfile')
     #props.tls_cacertdir = fetch('server.tls_cacertdir')
     #props.tls_clcertfile = fetch('server.tls_clcertfile')
     #props.tls_clkeyfile = fetch('server.tls_clkeyfile')
     #props.retry_max = fetch(at('server.retry_max')
     #props.retry_delay = fetch('server.retry_delay')
     props.cache = fetch('cache.cache')
     props.memcached = fetch('cache.memcached')
     props.timeout = fetch('cache.timeout')
     users.baseDN = fetch('users.dn')
     map = odict()
     map.update(fetch('users.aliases_attrmap'))
     users_propsheet_attrmap = fetch('users.propsheet_attrmap')
     if users_propsheet_attrmap is not UNSET:
         map.update(users_propsheet_attrmap)
     users.attrmap = map
     users.scope = fetch('users.scope')
     users.queryFilter = fetch('users.query')
     objectClasses = fetch('users.object_classes')
     objectClasses = \
         [v.strip() for v in objectClasses.split(',') if v.strip()]
     users.objectClasses = objectClasses
     groups = self.groups
     groups.baseDN = fetch('groups.dn')
     map = odict()
     map.update(fetch('groups.aliases_attrmap'))
     groups_propsheet_attrmap = fetch('groups.propsheet_attrmap')
     if groups_propsheet_attrmap is not UNSET:
         map.update(groups_propsheet_attrmap)
     groups.attrmap = map
     groups.scope = fetch('groups.scope')
     groups.queryFilter = fetch('groups.query')
     objectClasses = fetch('groups.object_classes')
     objectClasses = \
         [v.strip() for v in objectClasses.split(',') if v.strip()]
     groups.objectClasses = objectClasses
コード例 #5
0
 def connection_test(self):
     try:
         props = ILDAPProps(self.plugin)
     except Exception as e:
         msg = _("Non-LDAP error while getting ILDAPProps!")
         logger.exception(msg)
         return False, msg + str(e)
     try:
         users = ILDAPUsersConfig(self.plugin)
     except Exception as e:
         msg = _("Non-LDAP error while getting ILDAPUsersConfig!")
         logger.exception(msg)
         return False, msg + str(e)
     try:
         groups = ILDAPGroupsConfig(self.plugin)
     except Exception as e:
         msg = _("Non-LDAP error while getting ILDAPGroupsConfig!")
         logger.exception(msg)
         return False, msg + str(e)
     try:
         ugm = Ugm("test", props=props, ucfg=users, gcfg=groups)
         ugm.users
     except ldap.SERVER_DOWN:
         return False, _("Server Down")
     except ldap.LDAPError as e:
         return False, _("LDAP users; ") + str(e)
     except Exception as e:
         logger.exception("Non-LDAP error while connection test!")
         return False, _("Exception in Users; ") + str(e)
     try:
         ugm.groups
     except ldap.LDAPError as e:
         return False, _(
             "LDAP Users ok, but groups not; ") + e.message["desc"]
     except Exception as e:
         logger.exception("Non-LDAP error while connection test!")
         return False, _("Exception in Groups; ") + str(e)
     return True, "Connection, users- and groups-access tested successfully."
コード例 #6
0
 def form(self):
     # make configuration data available on form context
     try:
         self.props = ILDAPProps(self.plugin)
         self.users = ILDAPUsersConfig(self.plugin)
         self.groups = ILDAPGroupsConfig(self.plugin)
     except Exception:
         msg = "Problems getting the configuration adapters, re-initialize!"
         logger.exception(msg)
         self.plugin.init_settings()
     self.anonymous = not self.props.user
     # prepare users data on form context
     self.users_attrmap = odict()
     for key in self.static_attrs_users:
         self.users_attrmap[key] = self.users.attrmap.get(key)
     self.users_propsheet_attrmap = odict()
     for key, value in self.users.attrmap.items():
         if key in self.static_attrs_users:
             continue
         self.users_propsheet_attrmap[key] = value
     # prepare groups data on form context
     self.groups_attrmap = odict()
     for key in self.static_attrs_groups:
         self.groups_attrmap[key] = self.groups.attrmap.get(key)
     self.groups_propsheet_attrmap = odict()
     for key, value in self.groups.attrmap.items():
         if key in self.static_attrs_groups:
             continue
         self.groups_propsheet_attrmap[key] = value
     # handle form
     form = parse_from_YAML("pas.plugins.ldap:properties.yaml", self, _)
     controller = Controller(form, self.request)
     if not controller.next:
         return controller.rendered
     self.request.RESPONSE.redirect(controller.next)
     return u""
コード例 #7
0
 def props(self):
     return ILDAPProps(self.plugin)
コード例 #8
0
    def save(self, widget, data):
        props = ILDAPProps(self.plugin)
        users = ILDAPUsersConfig(self.plugin)
        groups = ILDAPGroupsConfig(self.plugin)

        def fetch(name, default=UNSET):
            name = 'ldapsettings.%s' % name
            __traceback_info__ = name
            val = data.fetch(name).extracted
            if default is UNSET:
                return val
            if val is UNSET:
                return default
            return val

        props.uri = fetch('server.uri')
        props.user = fetch('server.user')
        password = fetch('server.password')
        if password is not UNSET:
            props.password = password
        props.ignore_cert = fetch('server.ignore_cert')
        # TODO: later
        # props.start_tls = fetch('server.start_tls')
        # props.tls_cacertfile = fetch('server.tls_cacertfile')
        # props.tls_cacertdir = fetch('server.tls_cacertdir')
        # props.tls_clcertfile = fetch('server.tls_clcertfile')
        # props.tls_clkeyfile = fetch('server.tls_clkeyfile')
        # props.retry_max = fetch(at('server.retry_max')
        # props.retry_delay = fetch('server.retry_delay')
        props.page_size = fetch('server.page_size')
        props.cache = fetch('cache.cache')
        props.memcached = fetch('cache.memcached')
        props.timeout = fetch('cache.timeout')
        users.baseDN = fetch('users.dn')
        attrmap = odict()
        attrmap.update(fetch('users.aliases_attrmap'))
        users_propsheet_attrmap = fetch('users.propsheet_attrmap')
        if users_propsheet_attrmap is not UNSET:
            attrmap.update(users_propsheet_attrmap)
        users.attrmap = attrmap
        users.scope = fetch('users.scope')
        if users.scope is not UNSET:
            users.scope = int(users.scope.strip('"'))
        users.queryFilter = fetch('users.query')
        objectClasses = fetch('users.object_classes')
        users.objectClasses = objectClasses
        users.memberOfSupport = fetch('users.memberOfSupport')
        users.account_expiration = fetch('users.account_expiration')
        users._expiresAttr = fetch('users.expires_attr')
        users._expiresUnit = int(fetch('users.expires_unit', 0))
        groups.baseDN = fetch('groups.dn')
        attrmap = odict()
        attrmap.update(fetch('groups.aliases_attrmap'))
        groups_propsheet_attrmap = fetch('groups.propsheet_attrmap')
        if groups_propsheet_attrmap is not UNSET:
            attrmap.update(groups_propsheet_attrmap)
        groups.attrmap = attrmap
        groups.scope = fetch('groups.scope')
        if groups.scope is not UNSET:
            groups.scope = int(groups.scope.strip('"'))
        groups.queryFilter = fetch('groups.query')
        objectClasses = fetch('groups.object_classes')
        groups.objectClasses = objectClasses
        groups.memberOfSupport = fetch('groups.memberOfSupport')
コード例 #9
0
    def save(self, widget, data):
        props = ILDAPProps(self.plugin)
        users = ILDAPUsersConfig(self.plugin)
        groups = ILDAPGroupsConfig(self.plugin)

        def fetch(name, default=UNSET):
            name = "ldapsettings.%s" % name
            __traceback_info__ = name
            val = data.fetch(name).extracted
            if default is UNSET:
                return val
            if val is UNSET:
                return default
            return val

        props.uri = fetch("server.uri")
        if not fetch("server.anonymous"):
            props.user = fetch("server.user")
            password = fetch("server.password")
            if password is not UNSET:
                props.password = password
        else:
            props.user = ""
            props.password = ""
        props.ignore_cert = fetch("server.ignore_cert")
        # TODO: later
        # props.start_tls = fetch('server.start_tls')
        # props.tls_cacertfile = fetch('server.tls_cacertfile')
        # props.tls_cacertdir = fetch('server.tls_cacertdir')
        # props.tls_clcertfile = fetch('server.tls_clcertfile')
        # props.tls_clkeyfile = fetch('server.tls_clkeyfile')
        # props.retry_max = fetch(at('server.retry_max')
        # props.retry_delay = fetch('server.retry_delay')
        props.page_size = fetch("server.page_size")
        props.cache = fetch("cache.cache")
        props.memcached = fetch("cache.memcached")
        props.timeout = fetch("cache.timeout")
        users.baseDN = fetch("users.dn")
        # build attrmap from static keys and dynamic keys inputs
        users.attrmap = odict()
        users.attrmap.update(fetch("users.aliases_attrmap"))
        users_propsheet_attrmap = fetch("users.propsheet_attrmap")
        if users_propsheet_attrmap is not UNSET:
            users.attrmap.update(users_propsheet_attrmap)
        # we expect to always have the id key mapped under the same name in the
        # propertysheet. this would be set implicit on LDAPPrincipal init, but
        # to avoid a write on read, we do it here.
        if users.attrmap["id"] not in users.attrmap:
            users.attrmap[users.attrmap["id"]] = users.attrmap["id"]
        users.scope = fetch("users.scope")
        if users.scope is not UNSET:
            users.scope = int(users.scope.strip('"'))
        users.queryFilter = fetch("users.query")
        objectClasses = fetch("users.object_classes")
        users.objectClasses = objectClasses
        users.memberOfSupport = fetch("users.memberOfSupport")
        users.recursiveGroups = fetch("users.recursiveGroups")
        users.memberOfExternalGroupDNs = fetch("users.memberOfExternalGroupDNs")
        users.account_expiration = fetch("users.account_expiration")
        users._expiresAttr = fetch("users.expires_attr")
        users._expiresUnit = int(fetch("users.expires_unit", 0))
        groups.baseDN = fetch("groups.dn")
        groups.attrmap = odict()
        groups.attrmap.update(fetch("groups.aliases_attrmap"))
        groups_propsheet_attrmap = fetch("groups.propsheet_attrmap")
        if groups_propsheet_attrmap is not UNSET:
            groups.attrmap.update(groups_propsheet_attrmap)
        groups.scope = fetch("groups.scope")
        if groups.scope is not UNSET:
            groups.scope = int(groups.scope.strip('"'))
        groups.queryFilter = fetch("groups.query")
        objectClasses = fetch("groups.object_classes")
        groups.objectClasses = objectClasses
        groups.memberOfSupport = fetch("groups.memberOfSupport")
        groups.recursiveGroups = False
        groups.memberOfExternalGroupDNs = []
コード例 #10
0
ファイル: plugin.py プロジェクト: affinitic/pas.plugins.ldap
 def _ldap_props(self):
     return ILDAPProps(self)
コード例 #11
0
    def save(self, widget, data):
        props = ILDAPProps(self.plugin)
        users = ILDAPUsersConfig(self.plugin)
        groups = ILDAPGroupsConfig(self.plugin)

        def fetch(name, default=UNSET):
            name = 'ldapsettings.%s' % name
            __traceback_info__ = name
            val = data.fetch(name).extracted
            if default is UNSET:
                return val
            if val is UNSET:
                return default
            return val

        props.uri = fetch('server.uri')
        props.user = fetch('server.user')
        password = fetch('server.password')
        if password is not UNSET:
            props.password = password
        props.ignore_cert = fetch('server.ignore_cert')
        # TODO: later
        # props.start_tls = fetch('server.start_tls')
        # props.tls_cacertfile = fetch('server.tls_cacertfile')
        # props.tls_cacertdir = fetch('server.tls_cacertdir')
        # props.tls_clcertfile = fetch('server.tls_clcertfile')
        # props.tls_clkeyfile = fetch('server.tls_clkeyfile')
        # props.retry_max = fetch(at('server.retry_max')
        # props.retry_delay = fetch('server.retry_delay')
        props.page_size = fetch('server.page_size')
        props.cache = fetch('cache.cache')
        props.memcached = fetch('cache.memcached')
        props.timeout = fetch('cache.timeout')
        users.baseDN = fetch('users.dn')
        attrmap = odict()
        attrmap.update(fetch('users.aliases_attrmap'))
        users_propsheet_attrmap = fetch('users.propsheet_attrmap')
        if users_propsheet_attrmap is not UNSET:
            attrmap.update(users_propsheet_attrmap)
        users.attrmap = attrmap
        users.scope = fetch('users.scope')
        if users.scope is not UNSET:
            users.scope = int(users.scope.strip('"'))
        users.queryFilter = fetch('users.query')
        objectClasses = fetch('users.object_classes')
        users.objectClasses = objectClasses
        users.memberOfSupport = fetch('users.memberOfSupport')
        users.account_expiration = fetch('users.account_expiration')
        users._expiresAttr = fetch('users.expires_attr')
        users._expiresUnit = int(fetch('users.expires_unit', 0))
        groups.baseDN = fetch('groups.dn')
        attrmap = odict()
        attrmap.update(fetch('groups.aliases_attrmap'))
        groups_propsheet_attrmap = fetch('groups.propsheet_attrmap')
        if groups_propsheet_attrmap is not UNSET:
            attrmap.update(groups_propsheet_attrmap)
        groups.attrmap = attrmap
        groups.scope = fetch('groups.scope')
        if groups.scope is not UNSET:
            groups.scope = int(groups.scope.strip('"'))
        groups.queryFilter = fetch('groups.query')
        objectClasses = fetch('groups.object_classes')
        groups.objectClasses = objectClasses
        groups.memberOfSupport = fetch('groups.memberOfSupport')
コード例 #12
0
    def save(self, widget, data):
        props = ILDAPProps(self.plugin)
        users = ILDAPUsersConfig(self.plugin)
        groups = ILDAPGroupsConfig(self.plugin)

        def fetch(name, default=UNSET):
            name = "ldapsettings.%s" % name
            __traceback_info__ = name
            val = data.fetch(name).extracted
            if default is UNSET:
                return val
            if val is UNSET:
                return default
            return val

        props.uri = fetch("server.uri")
        if not fetch("server.anonymous"):
            props.user = fetch("server.user")
            password = fetch("server.password")
            if password is not UNSET:
                props.password = password
        else:
            props.user = ""
            props.password = ""
        props.ignore_cert = fetch("server.ignore_cert")
        # TODO: later
        # props.start_tls = fetch('server.start_tls')
        # props.tls_cacertfile = fetch('server.tls_cacertfile')
        # props.tls_cacertdir = fetch('server.tls_cacertdir')
        # props.tls_clcertfile = fetch('server.tls_clcertfile')
        # props.tls_clkeyfile = fetch('server.tls_clkeyfile')
        # props.retry_max = fetch(at('server.retry_max')
        # props.retry_delay = fetch('server.retry_delay')
        props.page_size = fetch("server.page_size")
        props.cache = fetch("cache.cache")
        props.memcached = fetch("cache.memcached")
        props.timeout = fetch("cache.timeout")
        users.baseDN = fetch("users.dn")
        # build attrmap from static keys and dynamic keys inputs
        users.attrmap = odict()
        users.attrmap.update(fetch("users.aliases_attrmap"))
        users_propsheet_attrmap = fetch("users.propsheet_attrmap")
        if users_propsheet_attrmap is not UNSET:
            users.attrmap.update(users_propsheet_attrmap)
        # we expect to always have the id key mapped under the same name in the
        # propertysheet. this would be set implicit on LDAPPrincipal init, but
        # to avoid a write on read, we do it here.
        if users.attrmap['id'] not in users.attrmap:
            users.attrmap[users.attrmap['id']] = users.attrmap['id']
        users.scope = fetch("users.scope")
        if users.scope is not UNSET:
            users.scope = int(users.scope.strip('"'))
        users.queryFilter = fetch("users.query")
        objectClasses = fetch("users.object_classes")
        users.objectClasses = objectClasses
        users.memberOfSupport = fetch("users.memberOfSupport")
        users.account_expiration = fetch("users.account_expiration")
        users._expiresAttr = fetch("users.expires_attr")
        users._expiresUnit = int(fetch("users.expires_unit", 0))
        groups.baseDN = fetch("groups.dn")
        groups.attrmap = odict()
        groups.attrmap.update(fetch("groups.aliases_attrmap"))
        groups_propsheet_attrmap = fetch("groups.propsheet_attrmap")
        if groups_propsheet_attrmap is not UNSET:
            groups.attrmap.update(groups_propsheet_attrmap)
        groups.scope = fetch("groups.scope")
        if groups.scope is not UNSET:
            groups.scope = int(groups.scope.strip('"'))
        groups.queryFilter = fetch("groups.query")
        objectClasses = fetch("groups.object_classes")
        groups.objectClasses = objectClasses
        groups.memberOfSupport = fetch("groups.memberOfSupport")
        users.attrmap
コード例 #13
0
        setup.runAllImportStepsFromProfile(profile_id)
        commit("Installed new pas.plugins.ldap.")
    elif setup.hasPendingUpgrades(profile_id):
        setup.upgradeProfile(profile_id)
        commit("Upgraded pas.plugins.ldap.")
    if new_ldap_plugin_id not in pas:
        setup.runAllImportStepsFromProfile(profile_id)
        commit("Created new pas.plugins.ldap plugin.")
    if options.uri:
        uri = options.uri
        if ":" not in uri:
            uri = "localhost:{0}".format(uri)
        if not uri.startswith("ldap"):
            uri = "ldaps://{0}".format(uri)
        plugin = pas[new_ldap_plugin_id]
        props = ILDAPProps(plugin)
        if props.uri != uri:
            props.uri = uri
            commit("Set server.uri to {0}".format(uri))

    if options.enable or options.disable:
        # Activate or deactive the plugin for all available plugin types.
        changed = False
        plugin = pas[new_ldap_plugin_id]
        for info in pas.plugins.listPluginTypeInfo():
            interface = info["interface"]
            if not interface.providedBy(plugin):
                continue
            active = plugin.is_plugin_active(interface)
            if options.enable and active:
                # It is already enabled, nothing to do.