def form(self):
# make configuration data available on form context
self.props = ILDAPProps(self.plugin)
self.users = ILDAPUsersConfig(self.plugin)
self.groups = ILDAPGroupsConfig(self.plugin)
# prepare users data on form context
self.users_attrmap = odict()
for key in self.static_attrs_users:
self.users_attrmap[key] = self.users.attrmap.get(key)
self.users_propsheet_attrmap = odict()
for key, value in self.users.attrmap.items():
if key in self.static_attrs_users:
continue
self.users_propsheet_attrmap[key] = value
# prepare groups data on form context
self.groups_attrmap = odict()
for key in self.static_attrs_groups:
self.groups_attrmap[key] = self.groups.attrmap.get(key)
self.groups_propsheet_attrmap = odict()
for key, value in self.groups.attrmap.items():
if key in self.static_attrs_groups:
continue
self.groups_propsheet_attrmap[key] = value
# handle form
form = parse_from_YAML('pas.plugins.ldap:properties.yaml', self, _)
controller = Controller(form, self.request)
if not controller.next:
return controller.rendered
self.request.RESPONSE.redirect(controller.next)
return u''
def connection_test(self):
props = ILDAPProps(self.plugin)
users = ILDAPUsersConfig(self.plugin)
groups = ILDAPGroupsConfig(self.plugin)
ugm = Ugm('test', props=props, ucfg=users, gcfg=groups)
try:
ugm.users.iterkeys().next()
except ldap.SERVER_DOWN, e:
return False, _("Server Down")
def _ugm(self):
plugin_cache = get_plugin_cache(self)
ugm = plugin_cache.get()
if ugm is not VALUE_NOT_CACHED:
return ugm
props = ILDAPProps(self)
ucfg = ILDAPUsersConfig(self)
gcfg = ILDAPGroupsConfig(self)
ugm = Ugm(props=props, ucfg=ucfg, gcfg=gcfg, rcfg=None)
plugin_cache.set(ugm)
return ugm
def save(self, widget, data):
props = ILDAPProps(self.plugin)
users = ILDAPUsersConfig(self.plugin)
groups = ILDAPGroupsConfig(self.plugin)
def fetch(name):
name = 'ldapsettings.%s' % name
__traceback_info__ = name
return data.fetch(name).extracted
props.uri = fetch('server.uri')
props.user = fetch('server.user')
password = fetch('server.password')
if password is not UNSET:
props.password = password
# XXX: later
#props.start_tls = fetch('server.start_tls')
#props.tls_cacertfile = fetch('server.tls_cacertfile')
#props.tls_cacertdir = fetch('server.tls_cacertdir')
#props.tls_clcertfile = fetch('server.tls_clcertfile')
#props.tls_clkeyfile = fetch('server.tls_clkeyfile')
#props.retry_max = fetch(at('server.retry_max')
#props.retry_delay = fetch('server.retry_delay')
props.cache = fetch('cache.cache')
props.memcached = fetch('cache.memcached')
props.timeout = fetch('cache.timeout')
users.baseDN = fetch('users.dn')
map = odict()
map.update(fetch('users.aliases_attrmap'))
users_propsheet_attrmap = fetch('users.propsheet_attrmap')
if users_propsheet_attrmap is not UNSET:
map.update(users_propsheet_attrmap)
users.attrmap = map
users.scope = fetch('users.scope')
users.queryFilter = fetch('users.query')
objectClasses = fetch('users.object_classes')
objectClasses = \
[v.strip() for v in objectClasses.split(',') if v.strip()]
users.objectClasses = objectClasses
groups = self.groups
groups.baseDN = fetch('groups.dn')
map = odict()
map.update(fetch('groups.aliases_attrmap'))
groups_propsheet_attrmap = fetch('groups.propsheet_attrmap')
if groups_propsheet_attrmap is not UNSET:
map.update(groups_propsheet_attrmap)
groups.attrmap = map
groups.scope = fetch('groups.scope')
groups.queryFilter = fetch('groups.query')
objectClasses = fetch('groups.object_classes')
objectClasses = \
[v.strip() for v in objectClasses.split(',') if v.strip()]
groups.objectClasses = objectClasses
def connection_test(self):
try:
props = ILDAPProps(self.plugin)
except Exception as e:
msg = _("Non-LDAP error while getting ILDAPProps!")
logger.exception(msg)
return False, msg + str(e)
try:
users = ILDAPUsersConfig(self.plugin)
except Exception as e:
msg = _("Non-LDAP error while getting ILDAPUsersConfig!")
logger.exception(msg)
return False, msg + str(e)
try:
groups = ILDAPGroupsConfig(self.plugin)
except Exception as e:
msg = _("Non-LDAP error while getting ILDAPGroupsConfig!")
logger.exception(msg)
return False, msg + str(e)
try:
ugm = Ugm("test", props=props, ucfg=users, gcfg=groups)
ugm.users
except ldap.SERVER_DOWN:
return False, _("Server Down")
except ldap.LDAPError as e:
return False, _("LDAP users; ") + str(e)
except Exception as e:
logger.exception("Non-LDAP error while connection test!")
return False, _("Exception in Users; ") + str(e)
try:
ugm.groups
except ldap.LDAPError as e:
return False, _(
"LDAP Users ok, but groups not; ") + e.message["desc"]
except Exception as e:
logger.exception("Non-LDAP error while connection test!")
return False, _("Exception in Groups; ") + str(e)
return True, "Connection, users- and groups-access tested successfully."
def form(self):
# make configuration data available on form context
try:
self.props = ILDAPProps(self.plugin)
self.users = ILDAPUsersConfig(self.plugin)
self.groups = ILDAPGroupsConfig(self.plugin)
except Exception:
msg = "Problems getting the configuration adapters, re-initialize!"
logger.exception(msg)
self.plugin.init_settings()
self.anonymous = not self.props.user
# prepare users data on form context
self.users_attrmap = odict()
for key in self.static_attrs_users:
self.users_attrmap[key] = self.users.attrmap.get(key)
self.users_propsheet_attrmap = odict()
for key, value in self.users.attrmap.items():
if key in self.static_attrs_users:
continue
self.users_propsheet_attrmap[key] = value
# prepare groups data on form context
self.groups_attrmap = odict()
for key in self.static_attrs_groups:
self.groups_attrmap[key] = self.groups.attrmap.get(key)
self.groups_propsheet_attrmap = odict()
for key, value in self.groups.attrmap.items():
if key in self.static_attrs_groups:
continue
self.groups_propsheet_attrmap[key] = value
# handle form
form = parse_from_YAML("pas.plugins.ldap:properties.yaml", self, _)
controller = Controller(form, self.request)
if not controller.next:
return controller.rendered
self.request.RESPONSE.redirect(controller.next)
return u""
def props(self):
return ILDAPProps(self.plugin)
def save(self, widget, data):
props = ILDAPProps(self.plugin)
users = ILDAPUsersConfig(self.plugin)
groups = ILDAPGroupsConfig(self.plugin)
def fetch(name, default=UNSET):
name = 'ldapsettings.%s' % name
__traceback_info__ = name
val = data.fetch(name).extracted
if default is UNSET:
return val
if val is UNSET:
return default
return val
props.uri = fetch('server.uri')
props.user = fetch('server.user')
password = fetch('server.password')
if password is not UNSET:
props.password = password
props.ignore_cert = fetch('server.ignore_cert')
# TODO: later
# props.start_tls = fetch('server.start_tls')
# props.tls_cacertfile = fetch('server.tls_cacertfile')
# props.tls_cacertdir = fetch('server.tls_cacertdir')
# props.tls_clcertfile = fetch('server.tls_clcertfile')
# props.tls_clkeyfile = fetch('server.tls_clkeyfile')
# props.retry_max = fetch(at('server.retry_max')
# props.retry_delay = fetch('server.retry_delay')
props.page_size = fetch('server.page_size')
props.cache = fetch('cache.cache')
props.memcached = fetch('cache.memcached')
props.timeout = fetch('cache.timeout')
users.baseDN = fetch('users.dn')
attrmap = odict()
attrmap.update(fetch('users.aliases_attrmap'))
users_propsheet_attrmap = fetch('users.propsheet_attrmap')
if users_propsheet_attrmap is not UNSET:
attrmap.update(users_propsheet_attrmap)
users.attrmap = attrmap
users.scope = fetch('users.scope')
if users.scope is not UNSET:
users.scope = int(users.scope.strip('"'))
users.queryFilter = fetch('users.query')
objectClasses = fetch('users.object_classes')
users.objectClasses = objectClasses
users.memberOfSupport = fetch('users.memberOfSupport')
users.account_expiration = fetch('users.account_expiration')
users._expiresAttr = fetch('users.expires_attr')
users._expiresUnit = int(fetch('users.expires_unit', 0))
groups.baseDN = fetch('groups.dn')
attrmap = odict()
attrmap.update(fetch('groups.aliases_attrmap'))
groups_propsheet_attrmap = fetch('groups.propsheet_attrmap')
if groups_propsheet_attrmap is not UNSET:
attrmap.update(groups_propsheet_attrmap)
groups.attrmap = attrmap
groups.scope = fetch('groups.scope')
if groups.scope is not UNSET:
groups.scope = int(groups.scope.strip('"'))
groups.queryFilter = fetch('groups.query')
objectClasses = fetch('groups.object_classes')
groups.objectClasses = objectClasses
groups.memberOfSupport = fetch('groups.memberOfSupport')
def save(self, widget, data):
props = ILDAPProps(self.plugin)
users = ILDAPUsersConfig(self.plugin)
groups = ILDAPGroupsConfig(self.plugin)
def fetch(name, default=UNSET):
name = "ldapsettings.%s" % name
__traceback_info__ = name
val = data.fetch(name).extracted
if default is UNSET:
return val
if val is UNSET:
return default
return val
props.uri = fetch("server.uri")
if not fetch("server.anonymous"):
props.user = fetch("server.user")
password = fetch("server.password")
if password is not UNSET:
props.password = password
else:
props.user = ""
props.password = ""
props.ignore_cert = fetch("server.ignore_cert")
# TODO: later
# props.start_tls = fetch('server.start_tls')
# props.tls_cacertfile = fetch('server.tls_cacertfile')
# props.tls_cacertdir = fetch('server.tls_cacertdir')
# props.tls_clcertfile = fetch('server.tls_clcertfile')
# props.tls_clkeyfile = fetch('server.tls_clkeyfile')
# props.retry_max = fetch(at('server.retry_max')
# props.retry_delay = fetch('server.retry_delay')
props.page_size = fetch("server.page_size")
props.cache = fetch("cache.cache")
props.memcached = fetch("cache.memcached")
props.timeout = fetch("cache.timeout")
users.baseDN = fetch("users.dn")
# build attrmap from static keys and dynamic keys inputs
users.attrmap = odict()
users.attrmap.update(fetch("users.aliases_attrmap"))
users_propsheet_attrmap = fetch("users.propsheet_attrmap")
if users_propsheet_attrmap is not UNSET:
users.attrmap.update(users_propsheet_attrmap)
# we expect to always have the id key mapped under the same name in the
# propertysheet. this would be set implicit on LDAPPrincipal init, but
# to avoid a write on read, we do it here.
if users.attrmap["id"] not in users.attrmap:
users.attrmap[users.attrmap["id"]] = users.attrmap["id"]
users.scope = fetch("users.scope")
if users.scope is not UNSET:
users.scope = int(users.scope.strip('"'))
users.queryFilter = fetch("users.query")
objectClasses = fetch("users.object_classes")
users.objectClasses = objectClasses
users.memberOfSupport = fetch("users.memberOfSupport")
users.recursiveGroups = fetch("users.recursiveGroups")
users.memberOfExternalGroupDNs = fetch("users.memberOfExternalGroupDNs")
users.account_expiration = fetch("users.account_expiration")
users._expiresAttr = fetch("users.expires_attr")
users._expiresUnit = int(fetch("users.expires_unit", 0))
groups.baseDN = fetch("groups.dn")
groups.attrmap = odict()
groups.attrmap.update(fetch("groups.aliases_attrmap"))
groups_propsheet_attrmap = fetch("groups.propsheet_attrmap")
if groups_propsheet_attrmap is not UNSET:
groups.attrmap.update(groups_propsheet_attrmap)
groups.scope = fetch("groups.scope")
if groups.scope is not UNSET:
groups.scope = int(groups.scope.strip('"'))
groups.queryFilter = fetch("groups.query")
objectClasses = fetch("groups.object_classes")
groups.objectClasses = objectClasses
groups.memberOfSupport = fetch("groups.memberOfSupport")
groups.recursiveGroups = False
groups.memberOfExternalGroupDNs = []
def _ldap_props(self):
return ILDAPProps(self)
def save(self, widget, data):
props = ILDAPProps(self.plugin)
users = ILDAPUsersConfig(self.plugin)
groups = ILDAPGroupsConfig(self.plugin)
def fetch(name, default=UNSET):
name = 'ldapsettings.%s' % name
__traceback_info__ = name
val = data.fetch(name).extracted
if default is UNSET:
return val
if val is UNSET:
return default
return val
props.uri = fetch('server.uri')
props.user = fetch('server.user')
password = fetch('server.password')
if password is not UNSET:
props.password = password
props.ignore_cert = fetch('server.ignore_cert')
# TODO: later
# props.start_tls = fetch('server.start_tls')
# props.tls_cacertfile = fetch('server.tls_cacertfile')
# props.tls_cacertdir = fetch('server.tls_cacertdir')
# props.tls_clcertfile = fetch('server.tls_clcertfile')
# props.tls_clkeyfile = fetch('server.tls_clkeyfile')
# props.retry_max = fetch(at('server.retry_max')
# props.retry_delay = fetch('server.retry_delay')
props.page_size = fetch('server.page_size')
props.cache = fetch('cache.cache')
props.memcached = fetch('cache.memcached')
props.timeout = fetch('cache.timeout')
users.baseDN = fetch('users.dn')
attrmap = odict()
attrmap.update(fetch('users.aliases_attrmap'))
users_propsheet_attrmap = fetch('users.propsheet_attrmap')
if users_propsheet_attrmap is not UNSET:
attrmap.update(users_propsheet_attrmap)
users.attrmap = attrmap
users.scope = fetch('users.scope')
if users.scope is not UNSET:
users.scope = int(users.scope.strip('"'))
users.queryFilter = fetch('users.query')
objectClasses = fetch('users.object_classes')
users.objectClasses = objectClasses
users.memberOfSupport = fetch('users.memberOfSupport')
users.account_expiration = fetch('users.account_expiration')
users._expiresAttr = fetch('users.expires_attr')
users._expiresUnit = int(fetch('users.expires_unit', 0))
groups.baseDN = fetch('groups.dn')
attrmap = odict()
attrmap.update(fetch('groups.aliases_attrmap'))
groups_propsheet_attrmap = fetch('groups.propsheet_attrmap')
if groups_propsheet_attrmap is not UNSET:
attrmap.update(groups_propsheet_attrmap)
groups.attrmap = attrmap
groups.scope = fetch('groups.scope')
if groups.scope is not UNSET:
groups.scope = int(groups.scope.strip('"'))
groups.queryFilter = fetch('groups.query')
objectClasses = fetch('groups.object_classes')
groups.objectClasses = objectClasses
groups.memberOfSupport = fetch('groups.memberOfSupport')
def save(self, widget, data):
props = ILDAPProps(self.plugin)
users = ILDAPUsersConfig(self.plugin)
groups = ILDAPGroupsConfig(self.plugin)
def fetch(name, default=UNSET):
name = "ldapsettings.%s" % name
__traceback_info__ = name
val = data.fetch(name).extracted
if default is UNSET:
return val
if val is UNSET:
return default
return val
props.uri = fetch("server.uri")
if not fetch("server.anonymous"):
props.user = fetch("server.user")
password = fetch("server.password")
if password is not UNSET:
props.password = password
else:
props.user = ""
props.password = ""
props.ignore_cert = fetch("server.ignore_cert")
# TODO: later
# props.start_tls = fetch('server.start_tls')
# props.tls_cacertfile = fetch('server.tls_cacertfile')
# props.tls_cacertdir = fetch('server.tls_cacertdir')
# props.tls_clcertfile = fetch('server.tls_clcertfile')
# props.tls_clkeyfile = fetch('server.tls_clkeyfile')
# props.retry_max = fetch(at('server.retry_max')
# props.retry_delay = fetch('server.retry_delay')
props.page_size = fetch("server.page_size")
props.cache = fetch("cache.cache")
props.memcached = fetch("cache.memcached")
props.timeout = fetch("cache.timeout")
users.baseDN = fetch("users.dn")
# build attrmap from static keys and dynamic keys inputs
users.attrmap = odict()
users.attrmap.update(fetch("users.aliases_attrmap"))
users_propsheet_attrmap = fetch("users.propsheet_attrmap")
if users_propsheet_attrmap is not UNSET:
users.attrmap.update(users_propsheet_attrmap)
# we expect to always have the id key mapped under the same name in the
# propertysheet. this would be set implicit on LDAPPrincipal init, but
# to avoid a write on read, we do it here.
if users.attrmap['id'] not in users.attrmap:
users.attrmap[users.attrmap['id']] = users.attrmap['id']
users.scope = fetch("users.scope")
if users.scope is not UNSET:
users.scope = int(users.scope.strip('"'))
users.queryFilter = fetch("users.query")
objectClasses = fetch("users.object_classes")
users.objectClasses = objectClasses
users.memberOfSupport = fetch("users.memberOfSupport")
users.account_expiration = fetch("users.account_expiration")
users._expiresAttr = fetch("users.expires_attr")
users._expiresUnit = int(fetch("users.expires_unit", 0))
groups.baseDN = fetch("groups.dn")
groups.attrmap = odict()
groups.attrmap.update(fetch("groups.aliases_attrmap"))
groups_propsheet_attrmap = fetch("groups.propsheet_attrmap")
if groups_propsheet_attrmap is not UNSET:
groups.attrmap.update(groups_propsheet_attrmap)
groups.scope = fetch("groups.scope")
if groups.scope is not UNSET:
groups.scope = int(groups.scope.strip('"'))
groups.queryFilter = fetch("groups.query")
objectClasses = fetch("groups.object_classes")
groups.objectClasses = objectClasses
groups.memberOfSupport = fetch("groups.memberOfSupport")
users.attrmap
setup.runAllImportStepsFromProfile(profile_id)
commit("Installed new pas.plugins.ldap.")
elif setup.hasPendingUpgrades(profile_id):
setup.upgradeProfile(profile_id)
commit("Upgraded pas.plugins.ldap.")
if new_ldap_plugin_id not in pas:
setup.runAllImportStepsFromProfile(profile_id)
commit("Created new pas.plugins.ldap plugin.")
if options.uri:
uri = options.uri
if ":" not in uri:
uri = "localhost:{0}".format(uri)
if not uri.startswith("ldap"):
uri = "ldaps://{0}".format(uri)
plugin = pas[new_ldap_plugin_id]
props = ILDAPProps(plugin)
if props.uri != uri:
props.uri = uri
commit("Set server.uri to {0}".format(uri))
if options.enable or options.disable:
# Activate or deactive the plugin for all available plugin types.
changed = False
plugin = pas[new_ldap_plugin_id]
for info in pas.plugins.listPluginTypeInfo():
interface = info["interface"]
if not interface.providedBy(plugin):
continue
active = plugin.is_plugin_active(interface)
if options.enable and active:
# It is already enabled, nothing to do.