def register_user():
from passlib.hash import ldap_sha1
error_fields = validate_registration_form(request.vars)
if len(error_fields):
raise HTTP(400, body=jsonify(status='fail', fields=list(error_fields)))
try:
faculty_privileges = 0
try:
faculty_privileges = int(bool(request.vars.chk_faculty_privileges))
except Exception:
pass
password = ldap_sha1.encrypt(request.vars.password)
db.account_requests.insert(username=request.vars.username,
userid=request.vars.userid,
password=password,
email=request.vars.email,
faculty_privileges=faculty_privileges,
request_time=int(time.time()),
approval_status=0
)
return jsonify()
except Exception as e:
logger.exception(e.message or str(e.__class__))
return jsonify(status='fail', message=e.message or str(e.__class__))
def ldap_change_password(username, raw_password):
dn = "uid={username},{ou}".format(username=username, ou=settings.LDAP_PEOPLE_OU)
conn = ldap_connect(modify=True)
hashed_pass = ldap_sha1.encrypt(raw_password)
mod_attrs = [(ldap.MOD_REPLACE, 'userPassword', [hashed_pass])]
try:
conn.modify_s(dn, mod_attrs)
return True
except:
raise
def ldap_change_password(username, raw_password):
dn = "uid={username},{ou}".format(username=username,
ou=settings.LDAP_PEOPLE_OU)
conn = ldap_connect(modify=True)
hashed_pass = ldap_sha1.encrypt(raw_password)
mod_attrs = [(ldap.MOD_REPLACE, 'userPassword', [hashed_pass])]
try:
conn.modify_s(dn, mod_attrs)
return True
except:
raise
def ldap_change_password(username, raw_password):
dn = "uid={username},{ou}".format(username=username,
ou=settings.LDAP_PEOPLE_OU)
hashed_pass = ldap_sha1.encrypt(raw_password)
mod_attrs = {}
mod_attrs['userPassword'] = [MODIFY_REPLACE, [
hashed_pass,
]]
try:
conn = ldap_connect()
conn.modify(dn, mod_attrs)
return True
except:
raise
def register_user():
from passlib.hash import ldap_sha1
error_fields = validate_registration_form(request.vars)
if len(error_fields):
raise HTTP(400, body=jsonify(status='fail', fields=list(error_fields)))
try:
faculty_privileges = 0
try:
faculty_privileges = int(bool(request.vars.chk_faculty_privileges))
except Exception:
pass
password = ldap_sha1.encrypt(request.vars.password)
db.account_requests.insert(username=request.vars.username,
userid=request.vars.userid,
password=password,
email=request.vars.email,
faculty_privileges=faculty_privileges,
request_time=int(time.time()),
approval_status=0)
return jsonify()
except Exception as e:
logger.exception(e.message or str(e.__class__))
return jsonify(status='fail', message=e.message or str(e.__class__))
def ldap_create_user(**kwargs):
'''
Takes a dictionary of key/value pairs, generates a dictonary of LDAP-formatted
properties and attempts to submit new record. Pass in e.g.:
kwargs = {
"password": password,
"fname": fname,
"lname": lname,
"birthdate": birthdate,
"email": email,
"uid": uid,
"wdid": wdid,
"cca_id": cca_id,
}
'''
raw_password = kwargs.get('password')
hashed_pass = ldap_sha1.encrypt(raw_password)
uid = kwargs.get('uid')
wdid = kwargs.get('wdid')
cca_id = kwargs.get('cca_id')
fname = kwargs.get('fname')
lname = kwargs.get('lname')
birthdate = kwargs.get('birthdate')
email = kwargs.get('email')
# LDAP stores birthdates as simple strings of format 19711203, so all we need to do is
# stringify the date object and remove hyphens
bday_string = str(birthdate).replace('-', '')
attrs = {}
attrs['objectclass'] = [
'top'.encode('utf8'),
'person'.encode('utf8'),
'organizationalPerson'.encode('utf8'),
'inetOrgPerson'.encode('utf8'),
'eduPerson'.encode('utf8'),
'account'.encode('utf8'),
'posixAccount'.encode('utf8'),
'shadowAccount'.encode('utf8'),
'sambaSAMAccount'.encode('utf8'),
'passwordObject'.encode('utf8'),
'ccaPerson'.encode('utf8'),
]
attrs['sn'] = lname.encode('utf8')
attrs['cn'] = fname.encode('utf8')
attrs['displayName'] = '{first} {last}'.format(first=fname, last=lname).encode('utf8')
attrs['userPassword'] = '******'.format(passwd=hashed_pass.encode('utf8')),
attrs['uid'] = uid.encode('utf8')
attrs['givenName'] = fname.encode('utf8')
attrs['ccaBirthDate'] = bday_string.encode('utf8')
attrs['homeDirectory'] = '/Users/{username}'.format(username=uid).encode('utf8')
attrs['uidNumber'] = str(ldap_generate_uidnumber()).encode('utf8')
attrs['gidNumber'] = str(20).encode('utf8')
attrs['ccaWorkdayNumber'] = str(wdid).encode('utf8')
attrs['ccaEmployeeNumber'] = str(cca_id).encode('utf8')
attrs['sambaSID'] = 'placeholder'.encode('utf8') # We don't use this value but it must be present.
attrs['mail'] = email.encode('utf8')
# Attempt to insert new LDAP user
try:
dn = "uid={username},{ou}".format(username=uid, ou=settings.LDAP_PEOPLE_OU)
ldif = modlist.addModlist(attrs)
conn = ldap_connect(modify=True)
conn.add_s(dn, ldif)
conn.unbind_s()
ldap_enable_disable_acct(uid, "enable") # Set their account activation timestamp
return True
except:
raise
def ldap_create_user(**kwargs):
'''
Takes a dictionary of key/value pairs, generates a dictonary of LDAP-formatted
properties and attempts to submit new record. Pass in e.g.:
kwargs = {
"password": password,
"fname": fname,
"lname": lname,
"birthdate": birthdate,
"email": email,
"uid": uid,
"wdid": wdid,
"cca_id": cca_id,
}
'''
raw_password = kwargs.get('password')
hashed_pass = ldap_sha1.encrypt(raw_password)
uid = kwargs.get('uid')
wdid = kwargs.get('wdid')
cca_id = kwargs.get('cca_id')
fname = kwargs.get('fname')
lname = kwargs.get('lname')
birthdate = kwargs.get('birthdate')
email = kwargs.get('email')
# LDAP stores birthdates as simple strings of format 19711203, so all we need to do is
# stringify the date object and remove hyphens
bday_string = str(birthdate).replace('-', '')
objectclass = [
'top',
'person',
'organizationalPerson',
'inetOrgPerson',
'eduPerson',
'account',
'posixAccount',
'shadowAccount',
'sambaSAMAccount',
'passwordObject',
'ccaPerson',
'inetuser',
]
attrs = {}
attrs['sn'] = lname
attrs['cn'] = fname
attrs['displayName'] = '{first} {last}'.format(first=fname, last=lname)
attrs['userPassword'] = '******'.format(passwd=hashed_pass),
attrs['uid'] = uid
attrs['givenName'] = fname
attrs['ccaBirthDate'] = bday_string
attrs['homeDirectory'] = '/Users/{username}'.format(username=uid)
attrs['uidNumber'] = str(ldap_generate_uidnumber())
attrs['gidNumber'] = str(20)
attrs['ccaWorkdayNumber'] = str(wdid)
attrs['ccaEmployeeNumber'] = str(cca_id)
attrs[
'sambaSID'] = 'placeholder' # We don't use this value but it must be present.
attrs['mail'] = email
# Attempt to insert new LDAP user
try:
dn = "uid={username},{ou}".format(username=uid,
ou=settings.LDAP_PEOPLE_OU)
conn = ldap_connect()
conn.add(dn, objectclass, attrs)
conn.unbind()
ldap_enable_disable_acct(
uid, "enable") # Set their account activation timestamp
return True
except:
raise
