def afterSetUp(self):
manage_addPloneLDAPMultiPlugin(self.folder, "ldap",
title="title", login_attr="uid", uid_attr="mail",
users_base="ou=Users", users_scope=0,
roles="CustomRole", groups_base="ou=Groups",
groups_scope=1, binduid="cn=admin", bindpwd="XXX",
rdn_attr="cn", LDAP_server=None)
def render(self):
portal = getSite()
# Delete the LDAPUPC if exists
if getattr(portal.acl_users, 'ldapUPC', None):
portal.acl_users.manage_delObjects('ldapUPC')
# try:
manage_addPloneLDAPMultiPlugin(portal.acl_users, "ldapexterns",
title="ldapexterns", use_ssl=1, login_attr="cn", uid_attr="cn", local_groups=0,
users_base="ou=users,ou=upcnet,dc=upcnet,dc=es", users_scope=2,
roles="Authenticated,Member", groups_base="ou=groups,ou=upcnet,dc=upcnet,dc=es",
groups_scope=2, read_only=True, binduid="cn=ldap,ou=upcnet,dc=upcnet,dc=es", bindpwd=LDAP_PASSWORD,
rdn_attr="cn", LDAP_server="ldap.upcnet.es", encryption="SSHA")
portal.acl_users.ldapexterns.acl_users.manage_edit("ldapexterns", "cn", "cn", "ou=users,ou=upcnet,dc=upcnet,dc=es", 2, "Authenticated,Member",
"ou=groups,ou=upcnet,dc=upcnet,dc=es", 2, "cn=ldap,ou=upcnet,dc=upcnet,dc=es", LDAP_PASSWORD, 1, "cn",
"top,person,inetOrgPerson", 0, 0, "SSHA", 0, '')
plugin = portal.acl_users['ldapexterns']
# Activate plugins (all)
plugin.manage_activateInterfaces(['IAuthenticationPlugin',
'ICredentialsResetPlugin',
'IGroupEnumerationPlugin',
'IGroupIntrospection',
'IGroupManagement',
'IGroupsPlugin',
'IUserAdderPlugin',
'IUserEnumerationPlugin',
'IUserManagement'])
# In case to have more than one server for fault tolerance
# LDAPUserFolder.manage_addServer(portal.acl_users.ldapUPC.acl_users, "ldap.upc.edu", '636', use_ssl=1)
# Redefine some schema properties
LDAPUserFolder.manage_deleteLDAPSchemaItems(portal.acl_users.ldapexterns.acl_users, ldap_names=['sn'], REQUEST=None)
LDAPUserFolder.manage_deleteLDAPSchemaItems(portal.acl_users.ldapexterns.acl_users, ldap_names=['cn'], REQUEST=None)
LDAPUserFolder.manage_addLDAPSchemaItem(portal.acl_users.ldapexterns.acl_users, ldap_name='sn', friendly_name='Last Name', public_name='fullname')
LDAPUserFolder.manage_addLDAPSchemaItem(portal.acl_users.ldapexterns.acl_users, ldap_name='cn', friendly_name='Canonical Name')
# Update the preference of the plugins
portal.acl_users.plugins.movePluginsUp(IUserAdderPlugin, ['ldapexterns'])
portal.acl_users.plugins.movePluginsUp(IGroupManagement, ['ldapexterns'])
# Move the ldapUPC to the top of the active plugins.
# Otherwise member.getProperty('email') won't work properly.
# from Products.PluggableAuthService.interfaces.plugins import IPropertiesPlugin
# portal.acl_users.plugins.movePluginsUp(IPropertiesPlugin, ['ldapUPC'])
# portal.acl_users.plugins.manage_movePluginsUp('IPropertiesPlugin', ['ldapUPC'], context.REQUEST.RESPONSE)
# except:
# pass
# Add LDAP plugin cache
plugin = portal.acl_users['ldapexterns']
plugin.ZCacheable_setManagerId('RAMCache')
return 'Done.'
def render(self):
portal = getSite()
if HAS_LDAP:
try:
manage_addPloneLDAPMultiPlugin(portal.acl_users, "ldapUPC",
title="ldapUPC", use_ssl=1, login_attr="cn", uid_attr="cn", local_groups=0,
users_base="ou=Users,dc=upc,dc=edu", users_scope=2,
roles="Authenticated", groups_base="ou=Groups,dc=upc,dc=edu",
groups_scope=2, read_only=True, binduid="cn=ldap.serveis,ou=users,dc=upc,dc=edu", bindpwd=LDAP_PASSWORD,
rdn_attr="cn", LDAP_server="ldap.upc.edu", encryption="SSHA")
portal.acl_users.ldapUPC.acl_users.manage_edit("ldapUPC", "cn", "cn", "ou=Users,dc=upc,dc=edu", 2, "Authenticated",
"ou=Groups,dc=upc,dc=edu", 2, "cn=ldap.serveis,ou=users,dc=upc,dc=edu", LDAP_PASSWORD, 1, "cn",
"top,person", 0, 0, "SSHA", 1, '')
plugin = portal.acl_users['ldapUPC']
plugin.manage_activateInterfaces(['IGroupEnumerationPlugin', 'IGroupsPlugin', 'IGroupIntrospection', 'IAuthenticationPlugin', 'IUserEnumerationPlugin'])
# Comentem la linia per a que no afegeixi
# LDAPUserFolder.manage_addServer(portal.acl_users.ldapUPC.acl_users, "ldap.upc.edu", '636', use_ssl=1)
LDAPUserFolder.manage_deleteLDAPSchemaItems(portal.acl_users.ldapUPC.acl_users, ldap_names=['sn'], REQUEST=None)
LDAPUserFolder.manage_addLDAPSchemaItem(portal.acl_users.ldapUPC.acl_users, ldap_name='sn', friendly_name='Last Name', public_name='name')
# Move the ldapUPC to the top of the active plugins.
# Otherwise member.getProperty('email') won't work properly.
# from Products.PluggableAuthService.interfaces.plugins import IPropertiesPlugin
# portal.acl_users.plugins.movePluginsUp(IPropertiesPlugin, ['ldapUPC'])
# portal.acl_users.plugins.manage_movePluginsUp('IPropertiesPlugin', ['ldapUPC'], context.REQUEST.RESPONSE)
except:
logger.debug("Something bad happened and the LDAP has not been created properly")
try:
plugin = portal.acl_users['ldapUPC']
plugin.ZCacheable_setManagerId('RAMCache')
portal_role_manager = portal.acl_users['portal_role_manager']
portal_role_manager.assignRolesToPrincipal(["Manager"], "UPC.Plone.Admins")
portal_role_manager.assignRolesToPrincipal(["Manager"], "UPCnet.Plone.Admins")
portal_role_manager.assignRolesToPrincipal(["Manager"], "UPCnet.ATIC")
portal_role_manager.assignRolesToPrincipal(["Manager"], "UPCNET.Frontoffice.2n.nivell")
except:
logger.debug("Something bad happened and the LDAP has not been configured properly")
else:
logger.debug("You do not have LDAP libraries in your current buildout configuration. POSOK.")
def afterSetUp(self):
manage_addPloneLDAPMultiPlugin(
self.folder,
"ldap",
title="title",
login_attr="uid",
uid_attr="mail",
users_base="ou=Users",
users_scope=0,
roles="CustomRole",
groups_base="ou=Groups",
groups_scope=1,
binduid="cn=admin",
bindpwd="XXX",
rdn_attr="cn",
LDAP_server=None,
)
def render(self):
portal = getSite()
if HAS_LDAP:
try:
manage_addPloneLDAPMultiPlugin(portal.acl_users, 'ldapUPC',
title='ldapUPC', use_ssl=1, login_attr='cn', uid_attr='cn', local_groups=0,
users_base='ou=Users,dc=upc,dc=edu', users_scope=2,
roles='Authenticated', groups_base='ou=Groups,dc=upc,dc=edu',
groups_scope=2, read_only=True, binduid='cn=ldap.serveis,ou=users,dc=upc,dc=edu', bindpwd=LDAP_PASSWORD,
rdn_attr='cn', LDAP_server='ldap.upc.edu', encryption='SSHA')
portal.acl_users.ldapUPC.acl_users.manage_edit('ldapUPC', 'cn', 'cn', 'ou=Users,dc=upc,dc=edu', 2, 'Authenticated',
'ou=Groups,dc=upc,dc=edu', 2, 'cn=ldap.serveis,ou=users,dc=upc,dc=edu', LDAP_PASSWORD, 1, 'cn',
'top,person', 0, 0, 'SSHA', 1, '')
plugin = portal.acl_users['ldapUPC']
plugin.manage_activateInterfaces(['IGroupEnumerationPlugin', 'IGroupsPlugin', 'IGroupIntrospection', 'IAuthenticationPlugin', 'IUserEnumerationPlugin'])
# Comentem la linia per a que no afegeixi
# LDAPUserFolder.manage_addServer(portal.acl_users.ldapUPC.acl_users, 'ldap.upc.edu', '636', use_ssl=1)
LDAPUserFolder.manage_deleteLDAPSchemaItems(portal.acl_users.ldapUPC.acl_users, ldap_names=['sn'], REQUEST=None)
LDAPUserFolder.manage_addLDAPSchemaItem(portal.acl_users.ldapUPC.acl_users, ldap_name='sn', friendly_name='Last Name', public_name='name')
# Move the ldapUPC to the top of the active plugins.
# Otherwise member.getProperty('email') won't work properly.
# from Products.PluggableAuthService.interfaces.plugins import IPropertiesPlugin
# portal.acl_users.plugins.movePluginsUp(IPropertiesPlugin, ['ldapUPC'])
# portal.acl_users.plugins.manage_movePluginsUp('IPropertiesPlugin', ['ldapUPC'], context.REQUEST.RESPONSE)
except:
logger.debug('Something bad happened and the LDAP has not been created properly')
try:
plugin = portal.acl_users['ldapUPC']
plugin.ZCacheable_setManagerId('RAMCache')
portal_role_manager = portal.acl_users['portal_role_manager']
portal_role_manager.assignRolesToPrincipal(['Manager'], 'UPC.Plone.Admins')
portal_role_manager.assignRolesToPrincipal(['Manager'], 'UPCnet.Plone.Admins')
portal_role_manager.assignRolesToPrincipal(['Manager'], 'UPCnet.ATIC')
except:
logger.debug('Something bad happened and the LDAP has not been configured properly')
else:
logger.debug('You do not have LDAP libraries in your current buildout configuration. POSOK.')
def setupVarious(context):
# Ordinarily, GenericSetup handlers check for the existence of XML files.
# Here, we are not parsing an XML file, but we use this text file as a
# flag to check that we actually meant for this import step to be run.
# The file is found in profiles/default.
if context.readDataFile('upc.genwebupc_various.txt') is None:
return
# Add additional setup code here
#
portal = context.getSite()
transforms = getToolByName(portal, 'portal_transforms')
transform = getattr(transforms, 'safe_html')
valid = transform.get_parameter_value('valid_tags')
nasty = transform.get_parameter_value('nasty_tags')
# GW4 Valid tags
gw4_valid = ['script', 'object', 'embed', 'param', 'iframe', 'applet']
for tag in gw4_valid:
# Acceptar a la llista de valides
valid[tag] = 1
# Eliminar de la llista no desitjades
if tag in nasty:
del nasty[tag]
stripped = transform.get_parameter_value('stripped_attributes')
# GW4 remove some stripped
for tag in ['cellspacing', 'cellpadding', 'valign']:
if tag in stripped:
stripped.remove(tag)
kwargs = {}
kwargs['valid_tags'] = valid
kwargs['nasty_tags'] = nasty
kwargs['stripped_attributes'] = stripped
for k in list(kwargs):
if isinstance(kwargs[k], dict):
v = kwargs[k]
kwargs[k + '_key'] = v.keys()
kwargs[k + '_value'] = [str(s) for s in v.values()]
del kwargs[k]
transform.set_parameters(**kwargs)
transform._p_changed = True
transform.reload()
try:
manage_addPloneLDAPMultiPlugin(
portal.acl_users,
"ldapUPC",
title="ldapUPC", use_ssl=1, login_attr="cn", uid_attr="cn", local_groups=0,
users_base="ou=Users,dc=upc,dc=edu", users_scope=2,
roles="Authenticated", groups_base="ou=Groups,dc=upc,dc=edu",
groups_scope=2, read_only=True, binduid="cn=ldap.upc,ou=Users,dc=upc,dc=edu", bindpwd=LDAP_PASSWORD,
rdn_attr="cn", LDAP_server="ldap.upc.edu", encryption="SSHA")
portal.acl_users.ldapUPC.acl_users.manage_edit(
"ldapUPC", "cn", "cn", "ou=Users,dc=upc,dc=edu", 2, "Authenticated",
"ou=Groups,dc=upc,dc=edu", 2, "cn=ldap.upc,ou=Users,dc=upc,dc=edu", LDAP_PASSWORD, 1, "cn",
"top,person", 0, 0, "SSHA", 1, '')
plugin = portal.acl_users['ldapUPC']
plugin.manage_activateInterfaces(['IGroupEnumerationPlugin', 'IGroupsPlugin', 'IPropertiesPlugin', 'IGroupIntrospection', 'IAuthenticationPlugin', 'IRolesPlugin', 'IUserEnumerationPlugin', 'IRoleEnumerationPlugin'])
#Comentem la linia per a que no afegeixi
#LDAPUserFolder.manage_addServer(portal.acl_users.ldapUPC.acl_users, "ldap.upc.edu", '636', use_ssl=1)
LDAPUserFolder.manage_deleteLDAPSchemaItems(portal.acl_users.ldapUPC.acl_users, ldap_names=['sn'], REQUEST=None)
LDAPUserFolder.manage_addLDAPSchemaItem(portal.acl_users.ldapUPC.acl_users, ldap_name='sn', friendly_name='Last Name', public_name='name')
# Move the ldapUPC to the top of the active plugins.
# Otherwise member.getProperty('email') won't work properly.
from Products.PluggableAuthService.interfaces.plugins import IPropertiesPlugin
portal.acl_users.plugins.movePluginsUp(IPropertiesPlugin, ['ldapUPC'])
#portal.acl_users.plugins.manage_movePluginsUp('IPropertiesPlugin', ['ldapUPC'], context.REQUEST.RESPONSE)
except:
pass
#try:
# Fora el sistema de cookies que fan buscar al LDAP cn=*
# portal.acl_users.manage_delObjects('credentials_cookie_auth')
#except:
# pass
plugin = portal.acl_users['ldapUPC']
plugin.ZCacheable_setManagerId('RAMCache')
portal_role_manager = portal.acl_users['portal_role_manager']
portal_role_manager.assignRolesToPrincipal(["Manager"], "UPC.Plone.Admins")
portal_role_manager.assignRolesToPrincipal(["Manager"], "UPCnet.Plone.Admins")
portal_role_manager.assignRolesToPrincipal(["Manager"], "UPCnet.ATIC")
portal_role_manager.assignRolesToPrincipal(["Manager"], "UPCNET.Frontoffice.2n.nivell")
# deshabilitem inline editing
site_properties = ISiteSchema(portal)
site_properties.enable_inline_editing = False
# configurem pagina per defecte
portal.setLayout("homepage")
# configurem els estats del calendari
pct = getToolByName(portal, 'portal_calendar')
pct.calendar_states = ('published', 'intranet')
# Fixem el primer dia de la setmana com dilluns (0)
pct.firstweekday = 0
transaction.commit()
def render(self):
portal = getSite()
ldap_name = self.request.form.get('ldap_name', 'ldap')
ldap_server = self.request.form.get('ldap_server')
branch_name = self.request.form.get('branch_name')
base_dn = self.request.form.get('base_dn')
branch_admin_cn = self.request.form.get('branch_admin_cn')
branch_admin_password = self.request.form.get('branch_admin_password')
allow_manage_users = self.request.form.get('allow_manage_users', False)
users_base = 'ou=users,ou={},{}'.format(branch_name, base_dn)
groups_base = 'ou=groups,ou={},{}'.format(branch_name, base_dn)
bind_uid = 'cn={},ou={},{}'.format(branch_admin_cn, branch_name, base_dn)
# Delete if exists
if getattr(portal.acl_users, ldap_name, None):
portal.acl_users.manage_delObjects('ldapUPC')
manage_addPloneLDAPMultiPlugin(
portal.acl_users, ldap_name,
use_ssl=1, login_attr='cn', uid_attr='cn', local_groups=0,
rdn_attr='cn', encryption='SSHA', read_only=True,
roles='Authenticated,Member', groups_scope=2, users_scope=2,
title=ldap_name,
LDAP_server=ldap_server,
users_base=users_base,
groups_base=groups_base,
binduid=bind_uid,
bindpwd=branch_admin_password)
ldap_acl_users = getattr(portal.acl_users, ldap_name).acl_users
ldap_acl_users.manage_edit(
ldap_name, 'cn', 'cn', users_base, 2, 'Authenticated,Member',
groups_base, 2, bind_uid, branch_admin_password, 1, 'cn',
'top,person,inetOrgPerson', 0, 0, 'SSHA', 0, '')
plugin = portal.acl_users[ldap_name]
active_plugins = [
'IAuthenticationPlugin', 'ICredentialsResetPlugin', 'IGroupEnumerationPlugin',
'IGroupIntrospection', 'IGroupManagement', 'IGroupsPlugin',
'IPropertiesPlugin', 'IRoleEnumerationPlugin', 'IRolesPlugin',
'IUserAdderPlugin', 'IUserEnumerationPlugin']
if allow_manage_users:
active_plugins.append('IUserManagement')
plugin.manage_activateInterfaces(active_plugins)
# Redefine some schema properties
LDAPUserFolder.manage_deleteLDAPSchemaItems(ldap_acl_users, ldap_names=['sn'], REQUEST=None)
LDAPUserFolder.manage_deleteLDAPSchemaItems(ldap_acl_users, ldap_names=['cn'], REQUEST=None)
LDAPUserFolder.manage_addLDAPSchemaItem(ldap_acl_users, ldap_name='sn', friendly_name='Last Name', public_name='fullname')
LDAPUserFolder.manage_addLDAPSchemaItem(ldap_acl_users, ldap_name='cn', friendly_name='Canonical Name')
# Update the preference of the plugins
portal.acl_users.plugins.movePluginsUp(IUserAdderPlugin, [ldap_name])
portal.acl_users.plugins.movePluginsUp(IGroupManagement, [ldap_name])
# Add LDAP plugin cache
plugin = portal.acl_users[ldap_name]
plugin.ZCacheable_setManagerId('RAMCache')
return 'Done.'
def render(self):
portal = getSite()
# Delete the LDAPUPC if exists
if getattr(portal.acl_users, 'ldapUPC', None):
portal.acl_users.manage_delObjects('ldapUPC')
# try:
manage_addPloneLDAPMultiPlugin(portal.acl_users, 'ldapexterns',
title='ldapexterns', use_ssl=1, login_attr='cn', uid_attr='cn', local_groups=0,
users_base='ou=users,ou=upcnet,dc=upcnet,dc=es', users_scope=2,
roles='Authenticated,Member', groups_base='ou=groups,ou=upcnet,dc=upcnet,dc=es',
groups_scope=2, read_only=True, binduid='cn=ldap,ou=upcnet,dc=upcnet,dc=es', bindpwd=LDAP_PASSWORD,
rdn_attr='cn', LDAP_server='ldap.upcnet.es', encryption='SSHA')
portal.acl_users.ldapexterns.acl_users.manage_edit('ldapexterns', 'cn', 'cn', 'ou=users,ou=upcnet,dc=upcnet,dc=es', 2, 'Authenticated,Member',
'ou=groups,ou=upcnet,dc=upcnet,dc=es', 2, 'cn=ldap,ou=upcnet,dc=upcnet,dc=es', LDAP_PASSWORD, 1, 'cn',
'top,person,inetOrgPerson', 0, 0, 'SSHA', 0, '')
plugin = portal.acl_users['ldapexterns']
# Activate plugins (all)
plugin.manage_activateInterfaces(['IAuthenticationPlugin',
'ICredentialsResetPlugin',
'IGroupEnumerationPlugin',
'IGroupIntrospection',
'IGroupManagement',
'IGroupsPlugin',
'IUserAdderPlugin',
'IUserEnumerationPlugin',
'IUserManagement',
'IPropertiesPlugin',
'IRoleEnumerationPlugin',
'IRolesPlugin'])
# In case to have more than one server for fault tolerance
# LDAPUserFolder.manage_addServer(portal.acl_users.ldapUPC.acl_users, "ldap.upc.edu", '636', use_ssl=1)
# Redefine some schema properties
LDAPUserFolder.manage_deleteLDAPSchemaItems(portal.acl_users.ldapexterns.acl_users, ldap_names=['sn'], REQUEST=None)
LDAPUserFolder.manage_deleteLDAPSchemaItems(portal.acl_users.ldapexterns.acl_users, ldap_names=['cn'], REQUEST=None)
LDAPUserFolder.manage_addLDAPSchemaItem(portal.acl_users.ldapexterns.acl_users, ldap_name='sn', friendly_name='Last Name', public_name='fullname')
LDAPUserFolder.manage_addLDAPSchemaItem(portal.acl_users.ldapexterns.acl_users, ldap_name='cn', friendly_name='Canonical Name')
# Update the preference of the plugins
portal.acl_users.plugins.movePluginsUp(IUserAdderPlugin, ['ldapexterns'])
portal.acl_users.plugins.movePluginsUp(IGroupManagement, ['ldapexterns'])
# Move the ldapUPC to the top of the active plugins.
# Otherwise member.getProperty('email') won't work properly.
# from Products.PluggableAuthService.interfaces.plugins import IPropertiesPlugin
# portal.acl_users.plugins.movePluginsUp(IPropertiesPlugin, ['ldapUPC'])
# portal.acl_users.plugins.manage_movePluginsUp('IPropertiesPlugin', ['ldapUPC'], context.REQUEST.RESPONSE)
# except:
# pass
# Add LDAP plugin cache
plugin = portal.acl_users['ldapexterns']
plugin.ZCacheable_setManagerId('RAMCache')
#Configuracion por defecto de los grupos de LDAP de externs
groups_query = u'(&(objectClass=groupOfUniqueNames))'
user_groups_query = u'(&(objectClass=groupOfUniqueNames)(uniqueMember=%s))'
api.portal.set_registry_record('genweb.controlpanel.core.IGenwebCoreControlPanelSettings.groups_query', groups_query)
api.portal.set_registry_record('genweb.controlpanel.core.IGenwebCoreControlPanelSettings.user_groups_query', user_groups_query)
return 'Done. groupOfUniqueNames in LDAP Controlpanel Search'
