def modUser(user): check = False try: # Open a connection con = ldap.initialize(settings.AUTH_LDAP_SERVER_URI) # Bind/authenticate with a user with apropriate rights to add objects con.simple_bind_s(settings.AUTH_LDAP_BIND_DN,str(settings.AUTH_LDAP_BIND_PASSWORD)) # The dn of our new entry/object dn="uid="+user.getUid()+","+str(settings.AUTH_LDAP_BASE_USER_DN) userOld=getUser(user.getUid()) # A dict to help build the "body" of the object # TODO: clean this attrs = {} attrs['cn'] = [str(user.getFirstname()).encode('utf-8')] attrs['mail'] = [str(user.getMail()).encode('utf-8')] attrs['sn'] = [str(user.getLastname()).encode('utf-8')] attrs['userpassword'] = [str(lsm.encrypt(user.getPassword())).encode('utf-8')] oldValue = {'cn': [str(userOld.getFirstname()).encode('utf-8')]} newValue = {'cn': [str(user.getFirstname()).encode('utf-8')]} # Convert our dict to nice syntax for the add-function using modlist-module ldif = modlist.modifyModlist(oldValue,newValue) con.modify_s(dn,ldif) oldValue = {'mail': [str(userOld.getMail()).encode('utf-8')]} newValue = {'mail': [str(user.getMail()).encode('utf-8')]} # Convert our dict to nice syntax for the add-function using modlist-module ldif = modlist.modifyModlist(oldValue,newValue) con.modify_s(dn,ldif) oldValue = {'sn': [str(userOld.getLastname()).encode('utf-8')]} newValue = {'sn': [str(user.getLastname()).encode('utf-8')]} # Convert our dict to nice syntax for the add-function using modlist-module ldif = modlist.modifyModlist(oldValue,newValue) con.modify_s(dn,ldif) if user.getPassword(): oldValue = {'userpassword': [str(userOld.getPassword()).encode('utf-8')]} newValue = {'userpassword': [str(lsm.encrypt(user.getPassword())).encode('utf-8')]} # Convert our dict to nice syntax for the add-function using modlist-module ldif = modlist.modifyModlist(oldValue,newValue) con.modify_s(dn,ldif) # Do the actual synchronous add-operation to the ldapserver #print('add_s') #print(type(dn)) #print(type(ldif)) # Its nice to the server to disconnect and free resources when done con.unbind_s() check = True except ldap.LDAPError: #except Exception: traceback.print_exc(file=sys.stdout) return check
def change_pass(email, old, new_password): """Change LDAP password method Function to change the password of the LDAP user. It requires the username, the old password and a new password. It binds to the ldap server and then performs the operation by storing the encrypted password in the ldap database. Parameters ---------- email: str Username of the ldap user old: str Old password new_password: str New password Returns ------- bool: True if successfully changed the password, False if not. """ conn = get_ldap_connection() try: # Reset Password password_value_old = {"userPassword": ldap_md5.encrypt(str(old))} password_value_new = { "userPassword": ldap_md5.encrypt(str(new_password)) } conn.simple_bind_s("cn=" + email + ",ou=users," + baseDN, old) ldif = modlist.modifyModlist(password_value_old, password_value_new) conn.modify_s("cn=" + email + ",ou=users," + baseDN, ldif) conn.unbind() return True except Exception as e: return False
def addUserToLdap(user): check = False try: # Open a connection con = ldap.initialize(settings.AUTH_LDAP_SERVER_URI) # Bind/authenticate with a user with apropriate rights to add objects con.simple_bind_s(settings.AUTH_LDAP_BIND_DN, str(settings.AUTH_LDAP_BIND_PASSWORD)) # The dn of our new entry/object dn = "uid=" + user.getUid() + "," + str(settings.AUTH_LDAP_BASE_USER_DN) # A dict to help build the "body" of the object # TODO: clean this attrs = {} attrs["objectclass"] = [ str("inetOrgPerson").encode("utf-8"), str("top").encode("utf-8"), str("person").encode("utf-8"), str("shadowAccount").encode("utf-8"), str("posixAccount").encode("utf-8"), ] attrs["cn"] = [str(user.getFirstname()).encode("utf-8")] attrs["displayname"] = [str(user.getDisplayname()).encode("utf-8")] attrs["mail"] = [str(user.getMail()).encode("utf-8")] attrs["sn"] = [str(user.getLastname()).encode("utf-8")] attrs["uid"] = [str(user.getUid()).encode("utf-8")] attrs["userpassword"] = [str(lsm.encrypt(user.getPassword())).encode("utf-8")] # necessary for posixAccount attrs["gidNumber"] = [str(1000).encode("utf-8")] attrs["homeDirectory"] = [str("/home/").encode("utf-8") + str(user.getUid()).encode("utf-8")] # TODO generate uniq uidNumber # TODO check if its uniq attrs["uidNumber"] = [str(1000).encode("utf-8")] # print(attrs) # Convert our dict to nice syntax for the add-function using modlist-module ldif = modlist.addModlist(attrs) # Do the actual synchronous add-operation to the ldapserver # print('add_s') # print(type(dn)) # print(type(ldif)) con.add_s(dn, ldif) # Its nice to the server to disconnect and free resources when done con.unbind_s() check = True except ldap.LDAPError: # except Exception: traceback.print_exc(file=sys.stdout) return check