def is_admin(self, args): user_list = args user_list.remove('is_admin') completed = True for user in user_list: is_adm = ldap.is_admin(user) if is_adm: L.info(t("The user %s is admin") % user) else: L.info(t("The user %s is NOT admin") % user) completed &= is_adm return completed
from uwsas.common import * from uwsas.helpers import unix from uwsas.helpers import ldap from uwsas.core import CONF_MAP from uwsas.core import L from uwsas import core if __name__ == "__main__": pam_user = os.getenv("PAM_USER") is_admin = unix.is_admin(pam_user) try: if not is_admin and CONF_MAP("ldap", "enabled"): is_admin |= ldap.is_admin(pam_user) if ( not is_admin and unix.is_notunix_user(pam_user) and CONF_MAP("ldap", "enabled") and CONF_MAP("centrify", "pam_allow_workaround") ): is_allowed_to_login = False with open("/etc/centrifydc/groups.allow", "r") as f: for group in f: group = group.strip() if group: print pam_user, group, ldap.is_member_of(pam_user, group, "") is_allowed_to_login |= ldap.is_member_of(pam_user, group, "") if not is_allowed_to_login: