def __add_to_group(self, uid, group_dn): """Add user to group""" if not self.__user_exists(uid): raise exception.LDAPUserNotFound(user_id=uid) if not self.__group_exists(group_dn): raise exception.LDAPGroupNotFound(group_id=group_dn) if self.__is_in_group(uid, group_dn): raise exception.LDAPMembershipExists(uid=uid, group_dn=group_dn) attr = [(self.ldap.MOD_ADD, 'member', self.__uid_to_dn(uid))] self.conn.modify_s(group_dn, attr)
def __remove_from_group(self, uid, group_dn): """Remove user from group""" if not self.__group_exists(group_dn): raise exception.LDAPGroupNotFound(group_id=group_dn) if not self.__user_exists(uid): raise exception.LDAPUserNotFound(user_id=uid) if not self.__is_in_group(uid, group_dn): raise exception.LDAPGroupMembershipNotFound(user_id=uid, group_id=group_dn) # NOTE(vish): remove user from group and any sub_groups sub_dns = self.__find_group_dns_with_member(group_dn, uid) for sub_dn in sub_dns: self.__safe_remove_from_group(uid, sub_dn)
def __delete_group(self, group_dn): """Delete Group""" if not self.__group_exists(group_dn): raise exception.LDAPGroupNotFound(group_id=group_dn) self.conn.delete_s(group_dn)