def get_ldap_user_properties(ldap_user): """Searches LDAP based on the parameters in settings.conf and returns LDAP user properties as a dictionary, eg: {uid: 'senthil.kumaran', mail: '*****@*****.**', sn: 'Kumaran', given_name: 'Senthil' } If given ldap_user does not exist, then raise ldap.NO_SUCH_OBJECT """ settings = Settings("lava-server") server_uri = settings.get_setting("AUTH_LDAP_SERVER_URI", None) bind_dn = settings.get_setting("AUTH_LDAP_BIND_DN", None) bind_password = settings.get_setting("AUTH_LDAP_BIND_PASSWORD", None) user_dn_template = settings.get_setting("AUTH_LDAP_USER_DN_TEMPLATE", None) user_search = settings.get_setting("AUTH_LDAP_USER_SEARCH", None) search_scope = ldap.SCOPE_SUBTREE attributes = ['uid', 'givenName', 'sn', 'mail'] search_filter = "cn=*" if user_dn_template: user_dn = user_dn_template % {'user': ldap_user} if user_search: from django_auth_ldap.config import LDAPSearch search = eval(user_search) user_dn = search.base_dn search_filter = search.filterstr % {'user': ldap_user} user_properties = {} if server_uri is not None: conn = ldap.initialize(server_uri) if bind_dn and bind_password: conn.simple_bind_s(bind_dn, bind_password) try: result = conn.search_s(user_dn, search_scope, search_filter, attributes) if len(result) == 1: result_type, result_data = result[0] user_properties['uid'] = result_data.get('uid', [None])[0] user_properties['mail'] = result_data.get('mail', [None])[0] user_properties['sn'] = result_data.get('sn', [None])[0] user_properties['given_name'] = result_data.get( 'givenName', [None])[0] return user_properties except ldap.NO_SUCH_OBJECT: raise
def get_ldap_user_properties(ldap_user): """Searches LDAP based on the parameters in settings.conf and returns LDAP user properties as a dictionary, eg: {uid: 'senthil.kumaran', mail: '*****@*****.**', sn: 'Kumaran', given_name: 'Senthil' } If given ldap_user does not exist, then raise ldap.NO_SUCH_OBJECT """ settings = Settings("lava-server") server_uri = settings.get_setting("AUTH_LDAP_SERVER_URI", None) bind_dn = settings.get_setting("AUTH_LDAP_BIND_DN", None) bind_password = settings.get_setting("AUTH_LDAP_BIND_PASSWORD", None) user_dn_template = settings.get_setting("AUTH_LDAP_USER_DN_TEMPLATE", None) user_search = settings.get_setting("AUTH_LDAP_USER_SEARCH", None) search_scope = ldap.SCOPE_SUBTREE attributes = ['uid', 'givenName', 'sn', 'mail'] search_filter = "cn=*" if user_dn_template: user_dn = user_dn_template % {'user': ldap_user} if user_search: from django_auth_ldap.config import LDAPSearch search = eval(user_search) user_dn = search.base_dn search_filter = search.filterstr % {'user': ldap_user} user_properties = {} if server_uri is not None: conn = ldap.initialize(server_uri) if bind_dn and bind_password: conn.simple_bind_s(bind_dn, bind_password) try: result = conn.search_s(user_dn, search_scope, search_filter, attributes) if len(result) == 1: result_type, result_data = result[0] user_properties['uid'] = result_data.get('uid', [None])[0] user_properties['mail'] = result_data.get('mail', [None])[0] user_properties['sn'] = result_data.get('sn', [None])[0] user_properties['given_name'] = result_data.get('givenName', [None])[0] return user_properties except ldap.NO_SUCH_OBJECT: raise
def handle(self, *args, **options): filename = None if len(args) > 0: filename = args[0] else: self.stderr.write("filename not specified, writing to stdout") settings = Settings("lava-server") server_uri = settings.get_setting("AUTH_LDAP_SERVER_URI", None) self.stdout.write("Trying to access %s ..." % server_uri) if LDAP_SERVER_HOST not in server_uri: self.stderr.write("This is a very rarely used management command, " "hence many parameters within this command are " "harcoded. The best way to use this command is" " to copy and edit the python script '%s' to " "work with other LDAP systems." % _get_script_path()) sys.exit(1) bind_dn = settings.get_setting("AUTH_LDAP_BIND_DN", None) bind_password = settings.get_setting("AUTH_LDAP_BIND_PASSWORD", None) user_dn = USER_DN search_scope = SEARCH_SCOPE attributes = ATTRIBUTES search_filter = SEARCH_FILTER if server_uri is not None: conn = ldap.initialize(server_uri) if bind_dn and bind_password: conn.simple_bind_s(bind_dn, bind_password) results = conn.search_s(user_dn, search_scope, search_filter, attributes) if filename: with open(filename, 'wb') as csvfile: file_handle = csv.writer(csvfile, delimiter=',', quotechar='|', quoting=csv.QUOTE_MINIMAL) for result in results: result_type, result_data = result file_handle.writerow([result_data['uid'][0]]) else: for result in results: result_type, result_data = result self.stdout.write(result_data['uid'][0]) self.stdout.write('Total "%d" LDAP users' % len(results))
def handle(self, *args, **options): filename = None if len(args) > 0: filename = args[0] else: self.stderr.write("filename not specified, writing to stdout") settings = Settings("lava-server") server_uri = settings.get_setting("AUTH_LDAP_SERVER_URI", None) self.stdout.write("Trying to access %s ..." % server_uri) if LDAP_SERVER_HOST not in server_uri: self.stderr.write("This is a very rarely used management command, " "hence many parameters within this command are " "harcoded. The best way to use this command is" " to copy and edit the python script '%s' to " "work with other LDAP systems." % _get_script_path()) sys.exit(1) bind_dn = settings.get_setting("AUTH_LDAP_BIND_DN", None) bind_password = settings.get_setting("AUTH_LDAP_BIND_PASSWORD", None) user_dn = USER_DN search_scope = SEARCH_SCOPE attributes = ATTRIBUTES search_filter = SEARCH_FILTER if server_uri is not None: conn = ldap.initialize(server_uri) if bind_dn and bind_password: conn.simple_bind_s(bind_dn, bind_password) results = conn.search_s(user_dn, search_scope, search_filter, attributes) if filename: with open(filename, 'wb') as csvfile: file_handle = csv.writer(csvfile, delimiter=',', quotechar='|', quoting=csv.QUOTE_MINIMAL) for result in results: result_type, result_data = result file_handle.writerow([result_data['uid'][0]]) else: for result in results: result_type, result_data = result self.stdout.write(result_data['uid'][0]) self.stdout.write('Total "%d" LDAP users' % len(results))
# A tuple in the same format as ADMINS that specifies who should get # broken-link notifications when BrokenLinkEmailsMiddleware is enabled MANAGERS = distro_settings.MANAGERS # LOG_SIZE_LIMIT in megabytes LOG_SIZE_LIMIT = distro_settings.LOG_SIZE_LIMIT # URL of the login page LOGIN_URL = distro_settings.LOGIN_URL # URL of the page you get redirected to after logging in LOGIN_REDIRECT_URL = distro_settings.LOGIN_REDIRECT_URL # The email address that error messages come from, such as those sent to # ADMINS and MANAGERS. if distro_settings.get_setting("SERVER_EMAIL"): SERVER_EMAIL = distro_settings.get_setting("SERVER_EMAIL") # Atlassian Crowd authentication config AUTH_CROWD_SERVER_REST_URI = distro_settings.get_setting( "AUTH_CROWD_SERVER_REST_URI") if AUTH_CROWD_SERVER_REST_URI: # If Crowd server URL is configured, disable OpenID and # enable Crowd auth backend INSTALLED_APPS.append('crowdrest') AUTHENTICATION_BACKENDS = ['crowdrest.backend.CrowdRestBackend'] + \ [x for x in AUTHENTICATION_BACKENDS if "OpenID" not in x] # Load credentials from a separate file from lava_server.settings.config_file import ConfigFile pathname = distro_settings._get_pathname("crowd")
# A tuple in the same format as ADMINS that specifies who should get # broken-link notifications when BrokenLinkEmailsMiddleware is enabled MANAGERS = distro_settings.MANAGERS # LOG_SIZE_LIMIT in megabytes LOG_SIZE_LIMIT = distro_settings.LOG_SIZE_LIMIT # URL of the login page LOGIN_URL = distro_settings.LOGIN_URL # URL of the page you get redirected to after logging in LOGIN_REDIRECT_URL = distro_settings.LOGIN_REDIRECT_URL # The email address that error messages come from, such as those sent to # ADMINS and MANAGERS. if distro_settings.get_setting("SERVER_EMAIL"): SERVER_EMAIL = distro_settings.get_setting("SERVER_EMAIL") AUTH_DEBIAN_SSO = distro_settings.get_setting("AUTH_DEBIAN_SSO") # LDAP authentication config AUTH_LDAP_SERVER_URI = distro_settings.get_setting("AUTH_LDAP_SERVER_URI") if AUTH_LDAP_SERVER_URI: INSTALLED_APPS.append('ldap') INSTALLED_APPS.append('django_auth_ldap') import ldap from django_auth_ldap.config import (LDAPSearch, LDAPSearchUnion) def get_ldap_group_types(): """Return a list of all LDAP group types supported by django_auth_ldap module""" import django_auth_ldap.config
# A tuple in the same format as ADMINS that specifies who should get # broken-link notifications when BrokenLinkEmailsMiddleware is enabled MANAGERS = distro_settings.MANAGERS # LOG_SIZE_LIMIT in megabytes LOG_SIZE_LIMIT = distro_settings.LOG_SIZE_LIMIT # URL of the login page LOGIN_URL = distro_settings.LOGIN_URL # URL of the page you get redirected to after logging in LOGIN_REDIRECT_URL = distro_settings.LOGIN_REDIRECT_URL # The email address that error messages come from, such as those sent to # ADMINS and MANAGERS. if distro_settings.get_setting("SERVER_EMAIL"): SERVER_EMAIL = distro_settings.get_setting("SERVER_EMAIL") # Atlassian Crowd authentication config AUTH_CROWD_SERVER_REST_URI = distro_settings.get_setting("AUTH_CROWD_SERVER_REST_URI") if AUTH_CROWD_SERVER_REST_URI: # If Crowd server URL is configured, disable OpenID and # enable Crowd auth backend INSTALLED_APPS.append('crowdrest') AUTHENTICATION_BACKENDS = ['crowdrest.backend.CrowdRestBackend'] + \ [x for x in AUTHENTICATION_BACKENDS if "OpenID" not in x] # Load credentials from a separate file from lava_server.settings.config_file import ConfigFile pathname = distro_settings._get_pathname("crowd") crowd_config = ConfigFile.load(pathname)
# Whether to send an e-mail to the MANAGERS each time somebody visits a # Django-powered page that is 404ed with a non-empty referer (i.e., a broken # link). This is only used if CommonMiddleware is installed (see Middleware. # See also IGNORABLE_404_STARTS, IGNORABLE_404_ENDS and Error reporting via # e-mail. SEND_BROKEN_LINK_EMAILS = distro_settings.SEND_BROKEN_LINK_EMAILS # URL of the login page LOGIN_URL = distro_settings.LOGIN_URL # URL of the page you get redirected to after logging in LOGIN_REDIRECT_URL = distro_settings.LOGIN_REDIRECT_URL # The email address that error messages come from, such as those sent to # ADMINS and MANAGERS. if distro_settings.get_setting("SERVER_EMAIL"): SERVER_EMAIL = distro_settings.get_setting("SERVER_EMAIL") # Allow OpenID redirect domains to be configurable if distro_settings.get_setting("ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS"): ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS = distro_settings.get_setting("ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS") if distro_settings.get_setting("OPENID_LAUNCHPAD_TEAMS_MAPPING"): OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO = False OPENID_LAUNCHPAD_TEAMS_MAPPING = distro_settings.get_setting("OPENID_LAUNCHPAD_TEAMS_MAPPING") # Atlassian Crowd authentication config AUTH_CROWD_SERVER_REST_URI = distro_settings.get_setting("AUTH_CROWD_SERVER_REST_URI") if AUTH_CROWD_SERVER_REST_URI: # If Crowd server URL is configured, disable OpenID and # enable Crowd auth backend
# LOG_SIZE_LIMIT in megabytes LOG_SIZE_LIMIT = distro_settings.LOG_SIZE_LIMIT # URL of the login page LOGIN_URL = distro_settings.LOGIN_URL # URL of the page you get redirected to after logging in LOGIN_REDIRECT_URL = distro_settings.LOGIN_REDIRECT_URL # read which openID provider to use from the settings.conf OPENID_SSO_SERVER_URL = distro_settings.OPENID_SSO_SERVER_URL # The email address that error messages come from, such as those sent to # ADMINS and MANAGERS. if distro_settings.get_setting("SERVER_EMAIL"): SERVER_EMAIL = distro_settings.get_setting("SERVER_EMAIL") # Allow OpenID redirect domains to be configurable if distro_settings.get_setting("ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS"): ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS = distro_settings.get_setting( "ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS") if distro_settings.get_setting("OPENID_LAUNCHPAD_TEAMS_MAPPING"): OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO = False OPENID_LAUNCHPAD_TEAMS_MAPPING = distro_settings.get_setting( "OPENID_LAUNCHPAD_TEAMS_MAPPING") # Atlassian Crowd authentication config AUTH_CROWD_SERVER_REST_URI = distro_settings.get_setting( "AUTH_CROWD_SERVER_REST_URI")
# Whether to send an e-mail to the MANAGERS each time somebody visits a # Django-powered page that is 404ed with a non-empty referer (i.e., a broken # link). This is only used if CommonMiddleware is installed (see Middleware. # See also IGNORABLE_404_STARTS, IGNORABLE_404_ENDS and Error reporting via # e-mail. SEND_BROKEN_LINK_EMAILS = distro_settings.SEND_BROKEN_LINK_EMAILS # URL of the login page LOGIN_URL = distro_settings.LOGIN_URL # URL of the page you get redirected to after logging in LOGIN_REDIRECT_URL = distro_settings.LOGIN_REDIRECT_URL # The email address that error messages come from, such as those sent to # ADMINS and MANAGERS. if distro_settings.get_setting("SERVER_EMAIL"): SERVER_EMAIL = distro_settings.get_setting("SERVER_EMAIL") # Allow OpenID redirect domains to be configurable if distro_settings.get_setting("ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS"): ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS = distro_settings.get_setting( "ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS") if distro_settings.get_setting("OPENID_LAUNCHPAD_TEAMS_MAPPING"): OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO = False OPENID_LAUNCHPAD_TEAMS_MAPPING = distro_settings.get_setting( "OPENID_LAUNCHPAD_TEAMS_MAPPING") # Atlassian Crowd authentication config AUTH_CROWD_SERVER_REST_URI = distro_settings.get_setting( "AUTH_CROWD_SERVER_REST_URI")
# LOG_SIZE_LIMIT in megabytes LOG_SIZE_LIMIT = distro_settings.LOG_SIZE_LIMIT # URL of the login page LOGIN_URL = distro_settings.LOGIN_URL # URL of the page you get redirected to after logging in LOGIN_REDIRECT_URL = distro_settings.LOGIN_REDIRECT_URL # read which openID provider to use from the settings.conf OPENID_SSO_SERVER_URL = distro_settings.OPENID_SSO_SERVER_URL # The email address that error messages come from, such as those sent to # ADMINS and MANAGERS. if distro_settings.get_setting("SERVER_EMAIL"): SERVER_EMAIL = distro_settings.get_setting("SERVER_EMAIL") # Allow OpenID redirect domains to be configurable if distro_settings.get_setting("ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS"): ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS = distro_settings.get_setting("ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS") if distro_settings.get_setting("OPENID_LAUNCHPAD_TEAMS_MAPPING"): OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO = False OPENID_LAUNCHPAD_TEAMS_MAPPING = distro_settings.get_setting("OPENID_LAUNCHPAD_TEAMS_MAPPING") # Atlassian Crowd authentication config AUTH_CROWD_SERVER_REST_URI = distro_settings.get_setting("AUTH_CROWD_SERVER_REST_URI") if AUTH_CROWD_SERVER_REST_URI: # If Crowd server URL is configured, disable OpenID and # enable Crowd auth backend