def update(entity): try: attrs = {} if entity.description: attrs.update( {global_ids.DESC: [(MOD_REPLACE, [entity.description])]}) # list of srings: if entity.props is not None and len(entity.props) > 0: attrs.update({global_ids.PROPS: [(MOD_REPLACE, [entity.props])]}) # list of comma delimited strings: if entity.constraint is not None: attrs.update({ global_ids.CONSTRAINT: [(MOD_REPLACE, [entity.constraint.get_raw()])] }) if len(attrs) > 0: conn = ldaphelper.open() conn.modify_s(__get_dn(entity), mods_to_modlist(attrs)) except ldap.NO_SUCH_OBJECT: raise NotFound(msg='Role update failed, not found:' + entity.name, id=global_ids.ROLE_NOT_FOUND) except ldap.LDAPError as e: raise RbacError('Role update failed result=' + str(e), global_ids.ROLE_UPDATE_FAILED) except Exception as e: raise RbacError(msg='Role update error=' + str(e), id=global_ids.ROLE_UPDATE_FAILED) return entity
def search_on_roles(roles): conn = None userList = [] search_filter = '(&(objectClass=' + USER_OC_NAME + ')' if len(roles) > 1: search_filter += '(|' end_filter = '))' else: end_filter = ')' for role in roles: search_filter += '(' + ROLES + '=' + role + ')' search_filter += end_filter try: conn = ldaphelper.open() entries = conn.search_s(CONTAINER_DN, scope=ldap.SCOPE_SUBTREE, filterstr=search_filter, attrlist=SEARCH_ATTRS) for dn, attrs in entries: userList.append(__unload(dn, attrs)) except Exception as e: raise RbacError(msg='User Search Roles error=' + str(e), id=global_ids.URLE_SEARCH_FAILED) finally: if conn: ldaphelper.close(conn) return userList
def revoke(entity, role): try: attrs = {} # constraint type: if role is not None: attrs.update({ROLES: [(MOD_DELETE, role.name)]}) conn = ldaphelper.open() conn.modify_s(__get_dn(entity), attrs_to_modlist(attrs)) except ldap.NO_SUCH_OBJECT: raise FortressError(msg='Perm not found, obj name=' + entity.obj_name + ', op_name=' + entity.op_name + ', role=' + role.name, id=global_ids.PERM_NOT_EXIST) except ldap.NO_SUCH_ATTRIBUTE: raise FortressError(msg='Perm revoke failed, not granted, obj name=' + entity.obj_name + ', op_name=' + entity.op_name + ', role=' + role.name, id=global_ids.PERM_ROLE_NOT_EXIST) except ldap.LDAPError as e: raise FortressError(msg='Perm revoke failed result=' + str(e), id=global_ids.PERM_REVOKE_FAILED) except Exception as e: raise FortressError(msg='Perm revoke error=' + str(e), id=global_ids.PERM_REVOKE_FAILED) return entity
def update_obj(entity): conn = None try: attrs = {} if entity.ou: attrs.update({global_ids.OU: [(MOD_REPLACE, [entity.ou])]}) if entity.description: attrs.update( {global_ids.DESC: [(MOD_REPLACE, [entity.description])]}) if entity.type: attrs.update({TYPE: [(MOD_REPLACE, [entity.type])]}) # list of comma delimited strings: if entity.props is not None and len(entity.props) > 0: attrs.update({global_ids.PROPS: [(MOD_REPLACE, entity.props)]}) if len(attrs) > 0: conn = ldaphelper.open() conn.modify_s(__get_obj_dn(entity), attrs_to_modlist(attrs)) except ldap.NO_SUCH_OBJECT: raise NotFound(msg='PermObj update failed, not found:' + entity.obj_name, id=global_ids.PERM_OBJ_NOT_FOUND) except ldap.LDAPError as e: raise FortressError(msg='PermObj update failed result=' + str(e), id=global_ids.PERM_UPDATE_FAILED) except Exception as e: raise FortressError(msg='PermObj update error=' + str(e), id=global_ids.PERM_UPDATE_FAILED) return entity
def update(entity): try: attrs = {} if entity.description: attrs.update( {global_ids.DESC: [(MOD_REPLACE, [entity.description])]}) if entity.type: attrs.update({TYPE: [(MOD_REPLACE, [entity.type])]}) # list of strings: if entity.props is not None and len(entity.props) > 0: attrs.update({global_ids.PROPS: [(MOD_REPLACE, entity.props)]}) if entity.users is not None and len(entity.users) > 0: attrs.update({USERS: [(MOD_REPLACE, entity.users)]}) if entity.roles is not None and len(entity.roles) > 0: attrs.update({ROLES: [(MOD_REPLACE, entity.roles)]}) if len(attrs) > 0: conn = ldaphelper.open() conn.modify_s(__get_dn(entity), attrs_to_modlist(attrs)) except ldap.NO_SUCH_OBJECT: raise NotFound(msg='Perm update failed, not found:' + entity.obj_name, id=global_ids.PERM_OP_NOT_FOUND) except ldap.LDAPError as e: raise RbacError(msg='Perm update failed result=' + str(e), id=global_ids.PERM_UPDATE_FAILED) except Exception as e: raise RbacError(msg='Perm update error=' + str(e), id=global_ids.PERM_UPDATE_FAILED) return entity
def create(entity): try: attrs = {} attrs.update({'objectClass': ROLE_OCS}) attrs.update({global_ids.CN: entity.name}) attrs.update({ROLE_NAME: entity.name}) # generate random id: entity.internal_id = str(uuid.uuid4()) attrs.update({global_ids.INTERNAL_ID: entity.internal_id}) # string: if entity.description: attrs.update({global_ids.DESC: entity.description}) # list of strings if entity.props is not None and len(entity.props) > 0: attrs.update({global_ids.PROPS: entity.props}) # list of comma delimited strings: if entity.constraint is None: entity.constraint = Constraint(name=entity.name) #if entity.constraint is not None: attrs.update({global_ids.CONSTRAINT: entity.constraint.get_raw()}) conn = ldaphelper.open() conn.add_s(__get_dn(entity), add_to_modlist(attrs)) except ldap.ALREADY_EXISTS: raise NotUnique(msg='Role create failed, already exists:' + entity.uid, id=global_ids.ROLE_ADD_FAILED) except ldap.LDAPError as e: raise RbacError(msg='Role create failed result=' + str(e), id=global_ids.ROLE_ADD_FAILED) except Exception as e: raise RbacError(msg='Role create error=' + str(e), id=global_ids.ROLE_ADD_FAILED) return entity
def create_obj(entity): try: attrs = {} attrs.update({'objectClass': PERM_OBJ_OCS}) attrs.update({OBJ_NM: entity.obj_name}) # generate random id: entity.internal_id = str(uuid.uuid4()) attrs.update({global_ids.INTERNAL_ID: entity.internal_id}) # ou is req'd for organizationalUnit object class, if caller did not set, use obj name. if not entity.ou: entity.ou = entity.obj_name attrs.update({global_ids.OU: entity.ou}) if entity.description: attrs.update({global_ids.DESC: entity.description}) if entity.type: attrs.update({TYPE: entity.type}) # list of comma delimited strings: if entity.props is not None and len(entity.props) > 0: attrs.update({global_ids.PROPS: entity.props}) conn = ldaphelper.open() conn.add_s(__get_obj_dn(entity), add_to_modlist(attrs)) except ldap.ALREADY_EXISTS: raise NotUnique(msg='PermObj create failed, already exists:' + entity.uid, id=global_ids.PERM_ADD_FAILED) except ldap.LDAPError as e: raise FortressError(msg='PermObj create failed result=' + str(e), id=global_ids.PERM_ADD_FAILED) except Exception as e: raise FortressError(msg='PermObj create error=' + str(e), id=global_ids.PERM_ADD_FAILED) return entity
def search(entity): conn = None permList = [] search_filter = '(&(objectClass=' + PERM_OC_NAME + ')' if entity.obj_name: search_filter += '(' + OBJ_NM + '=' + entity.obj_name + ')' if entity.op_name: search_filter += '(' + OP_NM + '=' + entity.op_name + ')' if entity.obj_id: search_filter += '(' + OBJ_ID + '=' + entity.obj_id + ')' search_filter += ')' try: conn = ldaphelper.open() entries = conn.search_s(__CONTAINER_DN, scope=ldap.SCOPE_SUBTREE, filterstr=search_filter, attrlist=SEARCH_ATTRS) for dn, attrs in entries: permList.append(__unload(dn, attrs)) except Exception as e: raise RbacError(msg='Perm search error=' + str(e), id=global_ids.PERM_SEARCH_FAILED) finally: if conn: ldaphelper.close(conn) return permList
def get_members_constraint(entity): conn = None mList = [] search_filter = '(&(objectClass=' + ROLE_OC_NAME + ')' search_filter += '(' + ROLE_NAME + '=' + entity.name + '))' try: conn = ldaphelper.open() # TODO: use sizelimit=1 entries = conn.search_s(__CONTAINER_DN, scope=ldap.SCOPE_SUBTREE, filterstr=search_filter, attrlist=[MEMBER, global_ids.CONSTRAINT]) if not entries: raise NotFound(msg="Role not found, name=" + entity.name, id=global_ids.ROLE_NOT_FOUND) elif len(entries) > 1: raise NotUnique(msg="Role not unique, name=" + entity.name, id=global_ids.ROLE_SEARCH_FAILED) dn, attrs = entries[0] member_dns = ldaphelper.get_list(attrs.get(MEMBER, [])) constraint = Constraint( ldaphelper.get_attr_val(attrs.get(global_ids.CONSTRAINT, []))) mList = __convert_list(member_dns) except Exception as e: # FIXME: change to LDAPError raise RbacError(msg='Get members search error=' + str(e), id=global_ids.ROLE_OCCUPANT_SEARCH_FAILED) finally: if conn: ldaphelper.close(conn) return [mList, constraint]
def delete(entity): try: conn = ldaphelper.open() conn.delete_s(__get_dn(entity)) except ldap.NO_SUCH_OBJECT: raise RbacError(msg='User delete not found:' + entity.uid, id=global_ids.USER_NOT_FOUND) except ldap.LDAPError as e: raise RbacError(msg='User delete failed result=' + str(e), id=global_ids.USER_DELETE_FAILED) except Exception as e: raise RbacError(msg='User delete error=' + str(e), id=global_ids.USER_DELETE_FAILED) return entity
def delete_ou(name): __validate(name) try: conn = ldaphelper.open() conn.delete_s(ldaphelper.get_container_dn(name)) except ldap.NO_SUCH_OBJECT: raise NotFound(msg='OU delete not found:' + name, id=global_ids.CNTR_NOT_FOUND) except ldap.LDAPError as e: raise RbacError(msg='OU delete failed result=' + str(e), id=global_ids.CNTR_DELETE_FAILED) except Exception as e: raise RbacError(msg='OU delete error=' + str(e), id=global_ids.CNTR_DELETE_FAILED)
def delete_obj(entity): try: conn = ldaphelper.open() conn.delete_s(__get_obj_dn(entity)) except ldap.NO_SUCH_OBJECT: raise NotFound(msg='PermObj delete not found:' + entity.obj_name, id=global_ids.PERM_OBJ_NOT_FOUND) except ldap.LDAPError as e: raise FortressError(msg='PermObj delete failed result=' + str(e), id=global_ids.PERM_DELETE_FAILED) except Exception as e: raise FortressError(msg='PermObj delete error=' + str(e), id=global_ids.PERM_DELETE_FAILED) return entity
def delete_suffix(): try: conn = ldaphelper.open() conn.delete_s(__SUFX_DN) except ldap.NO_SUCH_OBJECT: raise NotFound(msg='Suffix delete not found dn=' + __SUFX_DN, id=global_ids.SUFX_NOT_EXIST) except ldap.LDAPError as e: raise RbacError(msg='Suffix delete failed, dn=' + __SUFX_DN + ', result=' + str(e), id=global_ids.SUFX_DELETE_FAILED) except Exception as e: raise RbacError(msg='Suffix delete failed, dn=' + __SUFX_DN + ', error=' + str(e), id=global_ids.SUFX_DELETE_FAILED)
def remove_member(entity, uid): try: attrs = {} if uid: user_dn = __get_user_dn(uid) attrs.update({MEMBER: [(MOD_DELETE, user_dn)]}) conn = ldaphelper.open() conn.modify_s(__get_dn(entity), mods_to_modlist(attrs)) except ldap.NO_SUCH_ATTRIBUTE: raise RbacError(msg='Remove member failed, not assigned, role=' + entity.name + ', member dn=' + user_dn, id=global_ids.URLE_ASSIGN_NOT_EXIST) except ldap.LDAPError as e: raise RbacError(msg='Remove member failed result=' + str(e), id=global_ids.ROLE_REMOVE_OCCUPANT_FAILED) except Exception as e: raise RbacError(msg='Remove member error=' + str(e), id=global_ids.ROLE_REMOVE_OCCUPANT_FAILED) return entity
def create_suffix(name): dn = DC_NAME + '=' + name + ',' + DC_NAME + '=com' try: attrs = {} attrs.update({'objectClass': SUFX_OCS}) attrs.update({DC_NAME: name}) attrs.update({O: name}) conn = ldaphelper.open() conn.add_s(dn, add_to_modlist(attrs)) except Exception as e: raise NotUnique(msg='Suffix create failed, already exists:' + dn, id=global_ids.SUFX_ALREADY_EXISTS) except ldap.ALREADY_EXISTS: raise RbacError(msg='Suffix create failed, dn=' + dn + ', result=' + str(e), id=global_ids.SUFX_CREATE_FAILED) except Exception as e: raise RbacError(msg='Suffix create dn=' + dn + ', error=' + str(e), id=global_ids.SUFX_CREATE_FAILED)
def assign(entity, constraint): try: attrs = {} if constraint is not None: attrs.update({ROLE_CONSTRAINTS: [(MOD_ADD, constraint.get_raw())]}) attrs.update({ROLES: [(MOD_ADD, constraint.name)]}) if len(attrs) > 0: conn = ldaphelper.open() conn.modify_s(__get_dn(entity), mods_to_modlist(attrs)) except ldap.NO_SUCH_OBJECT: raise RbacError(msg='User assign failed, not found:' + entity.uid, id=global_ids.USER_NOT_FOUND) except ldap.LDAPError as e: raise RbacError(msg='User assign failed result=' + str(e), id=global_ids.URLE_ASSIGN_FAILED) except Exception as e: raise RbacError(msg='User assign error=' + str(e), id=global_ids.URLE_ASSIGN_FAILED) return entity
def add_member(entity, uid): try: attrs = {} if uid: user_dn = __get_user_dn(uid) attrs.update({MEMBER: [(MOD_ADD, user_dn)]}) conn = ldaphelper.open() conn.modify_s(__get_dn(entity), mods_to_modlist(attrs)) except ldap.NO_SUCH_OBJECT: raise NotFound(msg='Add member failed, not found, role=' + entity.name + ', member dn=' + user_dn, id=global_ids.ROLE_NOT_FOUND) except ldap.LDAPError as e: raise RbacError(msg='Add member failed result=' + str(e), id=global_ids.ROLE_USER_ASSIGN_FAILED) except Exception as e: raise RbacError(msg='Add member error=' + str(e), id=global_ids.ROLE_USER_ASSIGN_FAILED) return entity
def create_ou(name, desc=None): __validate(name) try: attrs = {} attrs.update({'objectClass': OU_OCS}) attrs.update({OU_NAME: name}) if not desc: desc = 'py-fortress Container ' + name attrs.update({global_ids.DESC: desc}) conn = ldaphelper.open() conn.add_s(ldaphelper.get_container_dn(name), add_to_modlist(attrs)) except Exception as e: raise RbacError(msg='OU create error=' + str(e), id=global_ids.CNTR_CREATE_FAILED) except ldap.ALREADY_EXISTS: raise NotUnique(msg='OU create failed, already exists:' + name, id=global_ids.CNTR_ALREADY_EXISTS) except ldap.LDAPError as e: raise RbacError(msg='OU create failed result=' + str(e), id=global_ids.CNTR_CREATE_FAILED)
def search(entity): conn = None roleList = [] search_filter = '(&(objectClass=' + ROLE_OC_NAME + ')' search_filter += '(' + ROLE_NAME + '=' + entity.name + '))' try: conn = ldaphelper.open() entries = conn.search_s(__CONTAINER_DN, scope=ldap.SCOPE_SUBTREE, filterstr=search_filter, attrlist=SEARCH_ATTRS) for dn, attrs in entries: roleList.append(__unload(dn, attrs)) except Exception as e: raise RbacError(msg='Role search error=' + str(e), id=global_ids.ROLE_SEARCH_FAILED) finally: if conn: ldaphelper.close(conn) return roleList
def grant(entity, role): try: attrs = {} # constraint type: if role is not None: attrs.update({ROLES: [(MOD_ADD, role.name)]}) conn = ldaphelper.open() conn.modify_s(__get_dn(entity), attrs_to_modlist(attrs)) except ldap.NO_SUCH_OBJECT: raise NotFound(msg='Perm grant failed, not found, obj name=' + entity.obj_name + ', op_name=' + entity.op_name + ', op id=' + entity.obj_id + ', role=' + role.name, id=global_ids.PERM_OP_NOT_FOUND) except ldap.LDAPError as e: raise RbacError(msg='Perm grant failed result=' + str(e), id=global_ids.PERM_GRANT_FAILED) except Exception as e: raise RbacError(msg='Perm grant error=' + str(e), id=global_ids.PERM_GRANT_FAILED) return entity
def create(entity): try: attrs = {} attrs.update({'objectClass': PERM_OCS}) attrs.update({OBJ_NM: entity.obj_name}) attrs.update({OP_NM: entity.op_name}) entity.abstract_name = entity.obj_name + '.' + entity.op_name attrs.update({global_ids.CN: entity.abstract_name}) # generate random id: entity.internal_id = str(uuid.uuid4()) attrs.update({global_ids.INTERNAL_ID: entity.internal_id}) if entity.obj_id: attrs.update({OBJ_ID: entity.obj_id}) if entity.description: attrs.update({global_ids.DESC: entity.description}) if entity.abstract_name: attrs.update({PERM_NAME: entity.abstract_name}) if entity.type: attrs.update({TYPE: entity.type}) # list of strings: if entity.props is not None and len(entity.props) > 0: attrs.update({global_ids.PROPS: entity.props}) if entity.users is not None and len(entity.users) > 0: attrs.update({USERS: entity.users}) if entity.roles is not None and len(entity.roles) > 0: attrs.update({ROLES: entity.roles}) conn = ldaphelper.open() conn.add_s(__get_dn(entity), add_to_modlist(attrs)) except ldap.ALREADY_EXISTS: raise NotUnique(msg='Perm create failed, already exists:' + entity.obj_name, id=global_ids.PERM_ADD_FAILED) except ldap.LDAPError as e: raise RbacError(msg='Perm create failed result=' + str(e), id=global_ids.PERM_ADD_FAILED) except Exception as e: raise RbacError(msg='Perm create error=' + str(e), id=global_ids.PERM_ADD_FAILED) return entity
def search(entity): conn = None userList = [] search_filter = '(&(objectClass=' + USER_OC_NAME + ')' if entity.uid: search_filter += '(' + global_ids.UID + '=' + entity.uid + ')' if entity.ou: search_filter += '(' + global_ids.OU + '=' + entity.ou + ')' search_filter += ')' try: conn = ldaphelper.open() entries = conn.search_s(CONTAINER_DN, scope=ldap.SCOPE_SUBTREE, filterstr=search_filter, attrlist=SEARCH_ATTRS) for dn, attrs in entries: userList.append(__unload(dn, attrs)) except Exception as e: raise RbacError(msg='User Search error=' + str(e)) finally: if conn: ldaphelper.close(conn) return userList
def create(entity): try: attrs = {} attrs.update({'objectClass': USER_OCS}) attrs.update({global_ids.UID: entity.uid}) # generate random id: entity.internal_id = str(uuid.uuid4()) attrs.update({global_ids.INTERNAL_ID: entity.internal_id}) # cn is req'd for iNetOrgPerson, if caller did not set, use uid value if not entity.cn: entity.cn = entity.uid attrs.update({global_ids.CN: entity.cn}) # likewise sn is req'd for iNetOrgPerson, if caller did not set, use uid value if not entity.sn: entity.sn = entity.uid attrs.update({global_ids.SN: entity.sn}) # strings: if entity.password: attrs.update({PW: entity.password}) if entity.description: attrs.update({global_ids.DESC: entity.description}) if entity.ou: attrs.update({global_ids.OU: entity.ou}) if entity.display_name: attrs.update({DISPLAY_NAME: entity.display_name}) if entity.employee_type: attrs.update({EMPLOYEE_TYPE: entity.employee_type}) if entity.title: attrs.update({TITLE: entity.title}) if entity.department_number: attrs.update({DEPT_NUM: entity.department_number}) if entity.l: attrs.update({LOCATION: entity.l}) if entity.physical_delivery_office_name: attrs.update( {PHYSICAL_OFFICE_NM: entity.physical_delivery_office_name}) if entity.postal_code: attrs.update({POSTAL_CODE: entity.postal_code}) if entity.room_number: attrs.update({RM_NUM: entity.room_number}) if entity.pw_policy: attrs.update({PW_POLICY: entity.pw_policy}) # boolean: if entity.system is not None: attrs.update({IS_SYSTEM: 'TRUE' if entity.system else 'FALSE'}) # list of strings: if entity.phones is not None and len(entity.phones) > 0: attrs.update({TELEPHONE_NUMBER: entity.phones}) if entity.mobiles is not None and len(entity.mobiles) > 0: attrs.update({MOBILE: entity.mobiles}) if entity.emails is not None and len(entity.emails) > 0: attrs.update({MAIL: entity.emails}) if entity.props is not None and len(entity.props) > 0: attrs.update({global_ids.PROPS: entity.props}) # list of delimited strings: if entity.constraint: attrs.update({global_ids.CONSTRAINT: entity.constraint.get_raw()}) conn = ldaphelper.open() conn.add_s(__get_dn(entity), add_to_modlist(attrs)) except ldap.ALREADY_EXISTS: raise NotUnique(msg='User create failed, already exists:' + entity.uid, id=global_ids.USER_ADD_FAILED) except ldap.LDAPError as e: raise RbacError(msg='User create failed result=' + str(e), id=global_ids.USER_ADD_FAILED) except Exception as e: raise RbacError(msg='User create error=' + str(e), id=global_ids.USER_ADD_FAILED) return entity
def update(entity): try: attrs = {} # strings: if entity.cn: attrs.update({global_ids.CN: [(MOD_REPLACE, [entity.cn])]}) if entity.sn: attrs.update({global_ids.SN: [(MOD_REPLACE, [entity.sn])]}) if entity.password: attrs.update({PW: [(MOD_REPLACE, [entity.password])]}) if entity.description: attrs.update( {global_ids.DESC: [(MOD_REPLACE, [entity.description])]}) if entity.ou: attrs.update({global_ids.OU: [(MOD_REPLACE, [entity.ou])]}) if entity.display_name: attrs.update( {DISPLAY_NAME: [(MOD_REPLACE, [entity.display_name])]}) if entity.employee_type: attrs.update( {EMPLOYEE_TYPE: [(MOD_REPLACE, entity.employee_type)]}) if entity.title: attrs.update({TITLE: [(MOD_REPLACE, [entity.title])]}) if entity.department_number: attrs.update({DEPT_NUM: [(MOD_REPLACE, entity.department_number)]}) if entity.l: attrs.update({LOCATION: [(MOD_REPLACE, entity.l)]}) if entity.physical_delivery_office_name: attrs.update({ PHYSICAL_OFFICE_NM: [(MOD_REPLACE, entity.physical_delivery_office_name)] }) if entity.postal_code: attrs.update({POSTAL_CODE: [(MOD_REPLACE, entity.postal_code)]}) if entity.room_number: attrs.update({RM_NUM: [(MOD_REPLACE, entity.room_number)]}) if entity.pw_policy: attrs.update({PW_POLICY: [(MOD_REPLACE, entity.pw_policy)]}) # list of strings: if entity.phones is not None and len(entity.phones) > 0: attrs.update({TELEPHONE_NUMBER: [(MOD_REPLACE, entity.phones)]}) if entity.mobiles is not None and len(entity.mobiles) > 0: attrs.update({MOBILE: [(MOD_REPLACE, entity.mobiles)]}) if entity.emails is not None and len(entity.emails) > 0: attrs.update({MAIL: [(MOD_REPLACE, entity.emails)]}) if entity.system is not None: attrs.update({ IS_SYSTEM: [(MOD_REPLACE, 'TRUE' if entity.system else 'FALSE')] }) # list of delimited strings:: if entity.constraint is not None: attrs.update({ global_ids.CONSTRAINT: [(MOD_REPLACE, entity.constraint.get_raw())] }) # boolean: if entity.props is not None and len(entity.props) > 0: attrs.update({global_ids.PROPS: [(MOD_REPLACE, entity.props)]}) if len(attrs) > 0: conn = ldaphelper.open() conn.modify_s(__get_dn(entity), mods_to_modlist(attrs)) except ldap.NO_SUCH_OBJECT: raise NotFound(msg='User update failed, not found:' + entity.name, id=global_ids.USER_UPDATE_FAILED) except ldap.LDAPError as e: raise RbacError(msg='User update failed result=' + str(e), id=global_ids.USER_UPDATE_FAILED) except Exception as e: raise RbacError(msg='User update error=' + str(e), id=global_ids.USER_UPDATE_FAILED) return entity