コード例 #1
0
	def get_udm_user_by_dn(self, userdn, admin=False):
		if admin:
			lo, po = get_admin_connection()
		else:
			lo, po = get_machine_connection()
		user = self.usersmod.object(None, lo, po, userdn)
		user.open()
		return user
コード例 #2
0
 def get_udm_user_dn(self, userdn, admin=False):
     if admin:
         lo, po = get_admin_connection()
     else:
         lo, po = get_machine_connection()
     univention.admin.modules.update()
     if self.usersmod is None:
         self.usersmod = univention.admin.modules.get("users/user")
         univention.admin.modules.init(lo, po, self.usersmod)
     user = self.usersmod.object(None, lo, po, userdn)
     user.open()
     return user
コード例 #3
0
ファイル: __init__.py プロジェクト: spaceone/ucs-school 
 def recheck_users(self, file_id, user_attrs):
     file_info = self._get_info(file_id)
     if ucr.is_true(
             'ucsschool/wizards/schoolwizards/workaround/admin-connection'):
         lo, po = get_admin_connection()
     else:
         lo, po = get_user_connection(bind=self.bind_user_connection,
                                      write=False)
     users = []
     for attrs in user_attrs:
         user = file_info.user_klass.from_frontend_attrs(
             attrs, file_info.school, file_info.date_format)
         user.validate(lo)
         users.append(user.to_dict(file_info.date_format))
     return users
コード例 #4
0
ファイル: __init__.py プロジェクト: spaceone/ucs-school 
 def import_users(self, iterator, file_id, attrs):
     if ucr.is_true(
             'ucsschool/wizards/schoolwizards/workaround/admin-connection'):
         lo, po = get_admin_connection()
     else:
         lo, po = get_user_connection(bind=self.bind_user_connection,
                                      write=False)
     file_info = None
     with stopped_notifier():
         CSVUser.invalidate_all_caches()
         for file_id, attrs in iterator:
             if file_info is None:
                 file_info = self._get_info(file_id)
             user = file_info.user_klass.from_frontend_attrs(
                 attrs, file_info.school, file_info.date_format)
             MODULE.process(
                 'Going to %s %s %s' %
                 (user.action, file_info.user_klass.__name__, user.name))
             action = {
                 'create': _('created'),
                 'modify': _('modified'),
                 'delete': _('deleted'),
             }.get(user.action, user.action)
             if user.commit(lo):
                 yield {
                     'username': user.name,
                     'action': action,
                     'success': True
                 }
             else:
                 yield {
                     'username': user.name,
                     'action': action,
                     'success': False,
                     'msg': user.get_error_msg()
                 }
     if file_info:
         os.unlink(file_info.filename)
         del self.file_map[file_id]
コード例 #5
0
	def create_self_registered_account(self, attributes):
		MODULE.info('create_self_registered_account(): attributes: {}'.format(attributes))
		ucr.load()
		if ucr.is_false('umc/self-service/account-registration/backend/enabled', True):
			msg = _('The account registration was disabled via the Univention Configuration Registry.')
			MODULE.error('create_self_registered_account(): {}'.format(msg))
			raise UMC_Error(msg)
		# filter out attributes that are not valid to set
		allowed_to_set = set(['PasswordRecoveryEmail', 'password'] + [attr.strip() for attr in ucr.get('umc/self-service/account-registration/udm_attributes', '').split(',') if attr.strip()])
		attributes = {k: v for (k, v) in attributes.items() if k in allowed_to_set}
		# validate attributes
		res = self._validate_user_attributes(attributes, self._update_required_attr_of_props_for_registration)
		# check username taken
		if 'username' in attributes:
			try:
				UDM.machine().version(2).get('users/user').get_by_id(attributes['username'])
			except NoObject:
				pass
			else:
				res['username'] = {
					'isValid': False,
					'message': _('The username is already taken'),
				}
		invalid = {k: v for (k, v) in res.items() if not (all(v['isValid']) if isinstance(v['isValid'], list) else v['isValid'])}
		if len(invalid):
			return {
				'success': False,
				'failType': 'INVALID_ATTRIBUTES',
				'data': invalid,
			}

		# check for missing required attributes from umc/self-service/account-registration/udm_attributes/required
		required_attrs = [attr.strip() for attr in ucr.get('umc/self-service/account-registration/udm_attributes/required', '').split(',') if attr.strip()]
		not_found = [attr for attr in required_attrs if attr not in attributes]
		if not_found:
			msg = _('The account could not be created:\nInformation provided is not sufficient. The following properties are missing:\n%s') % ('\n'.join(not_found),)
			MODULE.error('create_self_registered_account(): {}'.format(msg))
			raise UMC_Error(msg)

		univention.admin.modules.update()
		lo, po = get_admin_connection()

		# get usertemplate
		template_dn = ucr.get('umc/self-service/account-registration/usertemplate', '')
		usertemplate = None
		if template_dn:
			usertemplate_mod = univention.admin.modules.get('settings/usertemplate')
			univention.admin.modules.init(lo, po, usertemplate_mod, None, True)
			try:
				usertemplate = usertemplate_mod.object(None, lo, None, template_dn)
			except udm_errors.noObject:
				msg = _('The user template "{}" set by the "umc/self-service/account-registration/usertemplate" UCR variable does not exist. A user account can not be created. Please contact your system administrator.'.format(template_dn))
				MODULE.error('create_self_registered_account(): {}'.format(msg))
				raise UMC_Error(msg)

		# init user module with template
		usersmod = univention.admin.modules.get('users/user')
		univention.admin.modules.init(lo, po, usersmod, usertemplate, True)

		# get user container
		udm = UDM.machine().version(2)
		user_position = univention.admin.uldap.position(po.getBase())
		container_dn = ucr.get('umc/self-service/account-registration/usercontainer', None)
		if container_dn:
			try:
				container = udm.obj_by_dn(container_dn)
			except NoObject:
				msg = _('The container "{}" set by the "umc/self-service/account-registration/usercontainer" UCR variable does not exist. A user account can not be created. Please contact your system administrator.'.format(container_dn))
				MODULE.error('create_self_registered_account(): {}'.format(msg))
				raise UMC_Error(msg)
			else:
				user_position.setDn(container.dn)
		else:
			for dn in usersmod.object.get_default_containers(lo):
				try:
					container = udm.obj_by_dn(dn)
				except NoObject:
					pass
				else:
					user_position.setDn(container.dn)
					break

		# create user
		attributes['PasswordRecoveryEmailVerified'] = 'FALSE'
		attributes['RegisteredThroughSelfService'] = 'TRUE'
		new_user = usersmod.object(None, lo, user_position)
		new_user.open()
		for key, value in attributes.items():
			if key in new_user and value:
				new_user[key] = value
		try:
			new_user.create()
		except univention.admin.uexceptions.base as exc:
			MODULE.error('create_self_registered_account(): could not create user: %s' % (traceback.format_exc(),))
			return {
				'success': False,
				'failType': 'CREATION_FAILED',
				'data': _('The account could not be created:\n%s') % UDM_Error(exc),
			}
		finally:
			# TODO cleanup
			# reinit user module without template.
			# This has to be done since the modules are singletons?
			univention.admin.modules.update()
			self._usersmod = None
			#  univention.admin.modules.init(lo, po, usersmod, None, True)
		try:
			self.send_message(new_user['username'], 'verify_email', new_user['PasswordRecoveryEmail'], raise_on_success=False)
		except Exception:
			verify_token_successfully_send = False
		else:
			verify_token_successfully_send = True
		return {
			'success': True,
			'verifyTokenSuccessfullySend': verify_token_successfully_send,
			'data': {
				'username': new_user['username'],
				'email': new_user['PasswordRecoveryEmail'],
			}
		}
コード例 #6
0
def main():
    ### Step 1) Open connection to remote (source) LDAP server
    #
    # TODO: Replace example strings below
    #
    remote_ldap_base = 'dc=remote,dc=domain,dc=net'
    remote_ldap_binddn = 'uid=Administrator,cn=users,%s' % remote_ldap_base
    remote_ldap_bindpw = 'Fill in the password'
    remote_ldap_uri = 'ldaps://server.remote.domain.net:636'
    # remote_ldap_start_tls = 2  # this means force TLS in uldap.access
    remote_ldap_start_tls = 0
    remote_ldap_ca_certfile = '/var/tmp/remote_ldap_ca_certfile.pem'

    ## Alternative: read from an LDIF file
    #  remote_ldap_uri = 'file:///var/tmp/users.ldif'

    if remote_ldap_uri.startswith('ldap'):
        ## E.g. use "low level" univention.uldap class (wrapper around python-ldap)
        #
        access_to_source_ldap = univention.uldap.access(
            uri=remote_ldap_uri,
            base=remote_ldap_base,
            binddn=remote_ldap_binddn,
            bindpw=remote_ldap_bindpw,
            start_tls=remote_ldap_start_tls,
            ca_certfile=remote_ldap_ca_certfile)

        ## Alternative: use plain python-ldap directly
        #
        # source_ldap = ldap.initialize('ldaps://%s:%s' % (remote_ldap_host, remote_ldap_port))
        # source_ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, remote_ldap_ca_certfile)
        # source_ldap.simple_bind_s(remote_ldap_binddn, remote_ldap_bindpw)
        # source_ldap.set_option(ldap.OPT_REFERRALS, 0)

    elif remote_ldap_uri.startswith('file://'):
        if not os.path.exists(remote_ldap_uri[7:]):
            print("File {} does not exist".format(remote_ldap_uri[7:]))
            sys.exit(1)
    else:
        print(
            "LDAP URI must start either with 'file://', 'ldap://' or 'ldaps://'"
        )
        sys.exit(1)

    ### Step 2) Get a connection to the local LDAP server with admin credentials
    access_to_local_ldap, pos = get_admin_connection()
    pos.setDn('cn=users')

    ### Initialize the UDM module users/user, to create user objects
    udm_modules.update(
    )  # required to load all modules and extended attributes
    udm_users = udm_modules.get('users/user')

    ### Create queue and start UDM writers as subprocesses
    queue = Queue(LDAP_OBJECTS_QUEUE_SIZE)
    udm_workers = list()
    for i in range(UDM_WRITERS):
        p = Process(target=ldap_object_consumer,
                    args=(queue, i, access_to_local_ldap, pos, udm_users))
        p.start()
        udm_workers.append(p)

    print("Ok, here we go, starting import")
    if remote_ldap_uri.startswith('file://'):
        ldif_file_object_reader(queue, remote_ldap_uri[7:])
    else:
        reconnect_paged_remote_ldap_object_reader(queue, access_to_source_ldap)
    print("All data read, waiting for workers to finish")
    for p in udm_workers:
        p.join()
コード例 #7
0
ファイル: __init__.py プロジェクト: spaceone/ucs-school 
 def show(self, progress, file_id, columns):
     result = {}
     progress.title = _('Checking users from CSV file')
     file_info = self._get_info(file_id)
     if ucr.is_true(
             'ucsschool/wizards/schoolwizards/workaround/admin-connection'):
         lo, po = get_admin_connection()
     else:
         lo, po = get_user_connection(bind=self.bind_user_connection,
                                      write=False)
     with open(file_info.filename, 'rb') as f:
         lines = f.readlines()
         if file_info.has_header:
             lines = lines[1:]
     reader = csv.DictReader(lines, columns, dialect=file_info.dialect)
     users = []
     date_pattern = 'yyyy-MMM-dd'
     if locale.getlocale()[0] == 'de':
         date_pattern = 'dd.MMM.yyyy'
     python_date_format = None
     line_no = 1
     if file_info.has_header:
         line_no = 2
     for line in reader:
         if 'birthday' in columns:
             date_pattern, python_date_format = self._guess_date_format(
                 date_pattern, python_date_format, line['birthday'])
         user = file_info.user_klass.from_csv_line(line, file_info.school,
                                                   python_date_format,
                                                   line_no, lo)
         user.validate(lo)
         users.append(user)
         line_no += 1
         progress.progress(message=user.name)
     if 'name' not in columns:
         # add username here:
         # 1. it has to be presented and will be populated by a guess
         # 2. do it before adding the to_be_deleted, as they need it
         # in the columns, otherwise their real username gets overwritten
         columns.insert(0, 'name')
     if file_info.delete_not_mentioned:
         mentioned_usernames = map(lambda u: u.name, users)
         progress.title = _('Checking users from database')
         progress.message = ''
         existing_users = file_info.user_klass.get_all(lo, file_info.school)
         for user in existing_users:
             if user.name not in mentioned_usernames:
                 if 'birthday' in columns:
                     date_pattern, python_date_format = self._guess_date_format(
                         date_pattern, python_date_format, user.birthday)
                 user.action = 'delete'
                 user.line = ''
                 users.append(user)
                 progress.progress(message=user.name)
     file_info.date_format = python_date_format
     file_info.columns = columns
     result['date_pattern'] = date_pattern
     result['columns'] = file_info.user_klass.get_columns_for_spreadsheet(
         columns)
     result['required_columns'] = file_info.user_klass.get_required_columns(
     )
     result['users'] = [
         user.to_dict(file_info.date_format) for user in users
     ]
     result['license_error'] = license_check(users)
     return result