def get_ldap_user_properties(ldap_user):
"""Searches LDAP based on the parameters in settings.conf and returns LDAP
user properties as a dictionary, eg:
{uid: 'senthil.kumaran',
mail: '*****@*****.**',
sn: 'Kumaran',
given_name: 'Senthil'
}
If given ldap_user does not exist, then raise ldap.NO_SUCH_OBJECT
"""
settings = Settings("lava-server")
server_uri = settings.get_setting("AUTH_LDAP_SERVER_URI", None)
bind_dn = settings.get_setting("AUTH_LDAP_BIND_DN", None)
bind_password = settings.get_setting("AUTH_LDAP_BIND_PASSWORD", None)
user_dn_template = settings.get_setting("AUTH_LDAP_USER_DN_TEMPLATE", None)
user_search = settings.get_setting("AUTH_LDAP_USER_SEARCH", None)
search_scope = ldap.SCOPE_SUBTREE
attributes = ['uid', 'givenName', 'sn', 'mail']
search_filter = "cn=*"
if user_dn_template:
user_dn = user_dn_template % {'user': ldap_user}
if user_search:
from django_auth_ldap.config import LDAPSearch
search = eval(user_search)
user_dn = search.base_dn
search_filter = search.filterstr % {'user': ldap_user}
user_properties = {}
if server_uri is not None:
conn = ldap.initialize(server_uri)
if bind_dn and bind_password:
conn.simple_bind_s(bind_dn, bind_password)
try:
result = conn.search_s(user_dn, search_scope, search_filter,
attributes)
if len(result) == 1:
result_type, result_data = result[0]
user_properties['uid'] = result_data.get('uid', [None])[0]
user_properties['mail'] = result_data.get('mail',
[None])[0]
user_properties['sn'] = result_data.get('sn', [None])[0]
user_properties['given_name'] = result_data.get(
'givenName', [None])[0]
return user_properties
except ldap.NO_SUCH_OBJECT:
raise
def get_ldap_user_properties(ldap_user):
"""Searches LDAP based on the parameters in settings.conf and returns LDAP
user properties as a dictionary, eg:
{uid: 'senthil.kumaran',
mail: '*****@*****.**',
sn: 'Kumaran',
given_name: 'Senthil'
}
If given ldap_user does not exist, then raise ldap.NO_SUCH_OBJECT
"""
settings = Settings("lava-server")
server_uri = settings.get_setting("AUTH_LDAP_SERVER_URI", None)
bind_dn = settings.get_setting("AUTH_LDAP_BIND_DN", None)
bind_password = settings.get_setting("AUTH_LDAP_BIND_PASSWORD", None)
user_dn_template = settings.get_setting("AUTH_LDAP_USER_DN_TEMPLATE", None)
user_search = settings.get_setting("AUTH_LDAP_USER_SEARCH", None)
search_scope = ldap.SCOPE_SUBTREE
attributes = ['uid', 'givenName', 'sn', 'mail']
search_filter = "cn=*"
if user_dn_template:
user_dn = user_dn_template % {'user': ldap_user}
if user_search:
from django_auth_ldap.config import LDAPSearch
search = eval(user_search)
user_dn = search.base_dn
search_filter = search.filterstr % {'user': ldap_user}
user_properties = {}
if server_uri is not None:
conn = ldap.initialize(server_uri)
if bind_dn and bind_password:
conn.simple_bind_s(bind_dn, bind_password)
try:
result = conn.search_s(user_dn, search_scope,
search_filter, attributes)
if len(result) == 1:
result_type, result_data = result[0]
user_properties['uid'] = result_data.get('uid', [None])[0]
user_properties['mail'] = result_data.get('mail',
[None])[0]
user_properties['sn'] = result_data.get('sn', [None])[0]
user_properties['given_name'] = result_data.get('givenName',
[None])[0]
return user_properties
except ldap.NO_SUCH_OBJECT:
raise
def handle(self, *args, **options):
filename = None
if len(args) > 0:
filename = args[0]
else:
self.stderr.write("filename not specified, writing to stdout")
settings = Settings("lava-server")
server_uri = settings.get_setting("AUTH_LDAP_SERVER_URI", None)
self.stdout.write("Trying to access %s ..." % server_uri)
if LDAP_SERVER_HOST not in server_uri:
self.stderr.write("This is a very rarely used management command, "
"hence many parameters within this command are "
"harcoded. The best way to use this command is"
" to copy and edit the python script '%s' to "
"work with other LDAP systems." %
_get_script_path())
sys.exit(1)
bind_dn = settings.get_setting("AUTH_LDAP_BIND_DN", None)
bind_password = settings.get_setting("AUTH_LDAP_BIND_PASSWORD", None)
user_dn = USER_DN
search_scope = SEARCH_SCOPE
attributes = ATTRIBUTES
search_filter = SEARCH_FILTER
if server_uri is not None:
conn = ldap.initialize(server_uri)
if bind_dn and bind_password:
conn.simple_bind_s(bind_dn, bind_password)
results = conn.search_s(user_dn, search_scope, search_filter,
attributes)
if filename:
with open(filename, 'wb') as csvfile:
file_handle = csv.writer(csvfile,
delimiter=',',
quotechar='|',
quoting=csv.QUOTE_MINIMAL)
for result in results:
result_type, result_data = result
file_handle.writerow([result_data['uid'][0]])
else:
for result in results:
result_type, result_data = result
self.stdout.write(result_data['uid'][0])
self.stdout.write('Total "%d" LDAP users' % len(results))
def handle(self, *args, **options):
filename = None
if len(args) > 0:
filename = args[0]
else:
self.stderr.write("filename not specified, writing to stdout")
settings = Settings("lava-server")
server_uri = settings.get_setting("AUTH_LDAP_SERVER_URI", None)
self.stdout.write("Trying to access %s ..." % server_uri)
if LDAP_SERVER_HOST not in server_uri:
self.stderr.write("This is a very rarely used management command, "
"hence many parameters within this command are "
"harcoded. The best way to use this command is"
" to copy and edit the python script '%s' to "
"work with other LDAP systems."
% _get_script_path())
sys.exit(1)
bind_dn = settings.get_setting("AUTH_LDAP_BIND_DN", None)
bind_password = settings.get_setting("AUTH_LDAP_BIND_PASSWORD", None)
user_dn = USER_DN
search_scope = SEARCH_SCOPE
attributes = ATTRIBUTES
search_filter = SEARCH_FILTER
if server_uri is not None:
conn = ldap.initialize(server_uri)
if bind_dn and bind_password:
conn.simple_bind_s(bind_dn, bind_password)
results = conn.search_s(user_dn, search_scope, search_filter,
attributes)
if filename:
with open(filename, 'wb') as csvfile:
file_handle = csv.writer(csvfile, delimiter=',',
quotechar='|',
quoting=csv.QUOTE_MINIMAL)
for result in results:
result_type, result_data = result
file_handle.writerow([result_data['uid'][0]])
else:
for result in results:
result_type, result_data = result
self.stdout.write(result_data['uid'][0])
self.stdout.write('Total "%d" LDAP users' % len(results))
# A tuple in the same format as ADMINS that specifies who should get
# broken-link notifications when BrokenLinkEmailsMiddleware is enabled
MANAGERS = distro_settings.MANAGERS
# LOG_SIZE_LIMIT in megabytes
LOG_SIZE_LIMIT = distro_settings.LOG_SIZE_LIMIT
# URL of the login page
LOGIN_URL = distro_settings.LOGIN_URL
# URL of the page you get redirected to after logging in
LOGIN_REDIRECT_URL = distro_settings.LOGIN_REDIRECT_URL
# The email address that error messages come from, such as those sent to
# ADMINS and MANAGERS.
if distro_settings.get_setting("SERVER_EMAIL"):
SERVER_EMAIL = distro_settings.get_setting("SERVER_EMAIL")
# Atlassian Crowd authentication config
AUTH_CROWD_SERVER_REST_URI = distro_settings.get_setting(
"AUTH_CROWD_SERVER_REST_URI")
if AUTH_CROWD_SERVER_REST_URI:
# If Crowd server URL is configured, disable OpenID and
# enable Crowd auth backend
INSTALLED_APPS.append('crowdrest')
AUTHENTICATION_BACKENDS = ['crowdrest.backend.CrowdRestBackend'] + \
[x for x in AUTHENTICATION_BACKENDS if "OpenID" not in x]
# Load credentials from a separate file
from lava_server.settings.config_file import ConfigFile
pathname = distro_settings._get_pathname("crowd")
# A tuple in the same format as ADMINS that specifies who should get
# broken-link notifications when BrokenLinkEmailsMiddleware is enabled
MANAGERS = distro_settings.MANAGERS
# LOG_SIZE_LIMIT in megabytes
LOG_SIZE_LIMIT = distro_settings.LOG_SIZE_LIMIT
# URL of the login page
LOGIN_URL = distro_settings.LOGIN_URL
# URL of the page you get redirected to after logging in
LOGIN_REDIRECT_URL = distro_settings.LOGIN_REDIRECT_URL
# The email address that error messages come from, such as those sent to
# ADMINS and MANAGERS.
if distro_settings.get_setting("SERVER_EMAIL"):
SERVER_EMAIL = distro_settings.get_setting("SERVER_EMAIL")
AUTH_DEBIAN_SSO = distro_settings.get_setting("AUTH_DEBIAN_SSO")
# LDAP authentication config
AUTH_LDAP_SERVER_URI = distro_settings.get_setting("AUTH_LDAP_SERVER_URI")
if AUTH_LDAP_SERVER_URI:
INSTALLED_APPS.append('ldap')
INSTALLED_APPS.append('django_auth_ldap')
import ldap
from django_auth_ldap.config import (LDAPSearch, LDAPSearchUnion)
def get_ldap_group_types():
"""Return a list of all LDAP group types supported by django_auth_ldap module"""
import django_auth_ldap.config
# A tuple in the same format as ADMINS that specifies who should get
# broken-link notifications when BrokenLinkEmailsMiddleware is enabled
MANAGERS = distro_settings.MANAGERS
# LOG_SIZE_LIMIT in megabytes
LOG_SIZE_LIMIT = distro_settings.LOG_SIZE_LIMIT
# URL of the login page
LOGIN_URL = distro_settings.LOGIN_URL
# URL of the page you get redirected to after logging in
LOGIN_REDIRECT_URL = distro_settings.LOGIN_REDIRECT_URL
# The email address that error messages come from, such as those sent to
# ADMINS and MANAGERS.
if distro_settings.get_setting("SERVER_EMAIL"):
SERVER_EMAIL = distro_settings.get_setting("SERVER_EMAIL")
# Atlassian Crowd authentication config
AUTH_CROWD_SERVER_REST_URI = distro_settings.get_setting("AUTH_CROWD_SERVER_REST_URI")
if AUTH_CROWD_SERVER_REST_URI:
# If Crowd server URL is configured, disable OpenID and
# enable Crowd auth backend
INSTALLED_APPS.append('crowdrest')
AUTHENTICATION_BACKENDS = ['crowdrest.backend.CrowdRestBackend'] + \
[x for x in AUTHENTICATION_BACKENDS if "OpenID" not in x]
# Load credentials from a separate file
from lava_server.settings.config_file import ConfigFile
pathname = distro_settings._get_pathname("crowd")
crowd_config = ConfigFile.load(pathname)
# Whether to send an e-mail to the MANAGERS each time somebody visits a
# Django-powered page that is 404ed with a non-empty referer (i.e., a broken
# link). This is only used if CommonMiddleware is installed (see Middleware.
# See also IGNORABLE_404_STARTS, IGNORABLE_404_ENDS and Error reporting via
# e-mail.
SEND_BROKEN_LINK_EMAILS = distro_settings.SEND_BROKEN_LINK_EMAILS
# URL of the login page
LOGIN_URL = distro_settings.LOGIN_URL
# URL of the page you get redirected to after logging in
LOGIN_REDIRECT_URL = distro_settings.LOGIN_REDIRECT_URL
# The email address that error messages come from, such as those sent to
# ADMINS and MANAGERS.
if distro_settings.get_setting("SERVER_EMAIL"):
SERVER_EMAIL = distro_settings.get_setting("SERVER_EMAIL")
# Allow OpenID redirect domains to be configurable
if distro_settings.get_setting("ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS"):
ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS = distro_settings.get_setting("ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS")
if distro_settings.get_setting("OPENID_LAUNCHPAD_TEAMS_MAPPING"):
OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO = False
OPENID_LAUNCHPAD_TEAMS_MAPPING = distro_settings.get_setting("OPENID_LAUNCHPAD_TEAMS_MAPPING")
# Atlassian Crowd authentication config
AUTH_CROWD_SERVER_REST_URI = distro_settings.get_setting("AUTH_CROWD_SERVER_REST_URI")
if AUTH_CROWD_SERVER_REST_URI:
# If Crowd server URL is configured, disable OpenID and
# enable Crowd auth backend
# LOG_SIZE_LIMIT in megabytes
LOG_SIZE_LIMIT = distro_settings.LOG_SIZE_LIMIT
# URL of the login page
LOGIN_URL = distro_settings.LOGIN_URL
# URL of the page you get redirected to after logging in
LOGIN_REDIRECT_URL = distro_settings.LOGIN_REDIRECT_URL
# read which openID provider to use from the settings.conf
OPENID_SSO_SERVER_URL = distro_settings.OPENID_SSO_SERVER_URL
# The email address that error messages come from, such as those sent to
# ADMINS and MANAGERS.
if distro_settings.get_setting("SERVER_EMAIL"):
SERVER_EMAIL = distro_settings.get_setting("SERVER_EMAIL")
# Allow OpenID redirect domains to be configurable
if distro_settings.get_setting("ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS"):
ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS = distro_settings.get_setting(
"ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS")
if distro_settings.get_setting("OPENID_LAUNCHPAD_TEAMS_MAPPING"):
OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO = False
OPENID_LAUNCHPAD_TEAMS_MAPPING = distro_settings.get_setting(
"OPENID_LAUNCHPAD_TEAMS_MAPPING")
# Atlassian Crowd authentication config
AUTH_CROWD_SERVER_REST_URI = distro_settings.get_setting(
"AUTH_CROWD_SERVER_REST_URI")
# Whether to send an e-mail to the MANAGERS each time somebody visits a
# Django-powered page that is 404ed with a non-empty referer (i.e., a broken
# link). This is only used if CommonMiddleware is installed (see Middleware.
# See also IGNORABLE_404_STARTS, IGNORABLE_404_ENDS and Error reporting via
# e-mail.
SEND_BROKEN_LINK_EMAILS = distro_settings.SEND_BROKEN_LINK_EMAILS
# URL of the login page
LOGIN_URL = distro_settings.LOGIN_URL
# URL of the page you get redirected to after logging in
LOGIN_REDIRECT_URL = distro_settings.LOGIN_REDIRECT_URL
# The email address that error messages come from, such as those sent to
# ADMINS and MANAGERS.
if distro_settings.get_setting("SERVER_EMAIL"):
SERVER_EMAIL = distro_settings.get_setting("SERVER_EMAIL")
# Allow OpenID redirect domains to be configurable
if distro_settings.get_setting("ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS"):
ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS = distro_settings.get_setting(
"ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS")
if distro_settings.get_setting("OPENID_LAUNCHPAD_TEAMS_MAPPING"):
OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO = False
OPENID_LAUNCHPAD_TEAMS_MAPPING = distro_settings.get_setting(
"OPENID_LAUNCHPAD_TEAMS_MAPPING")
# Atlassian Crowd authentication config
AUTH_CROWD_SERVER_REST_URI = distro_settings.get_setting(
"AUTH_CROWD_SERVER_REST_URI")
# LOG_SIZE_LIMIT in megabytes
LOG_SIZE_LIMIT = distro_settings.LOG_SIZE_LIMIT
# URL of the login page
LOGIN_URL = distro_settings.LOGIN_URL
# URL of the page you get redirected to after logging in
LOGIN_REDIRECT_URL = distro_settings.LOGIN_REDIRECT_URL
# read which openID provider to use from the settings.conf
OPENID_SSO_SERVER_URL = distro_settings.OPENID_SSO_SERVER_URL
# The email address that error messages come from, such as those sent to
# ADMINS and MANAGERS.
if distro_settings.get_setting("SERVER_EMAIL"):
SERVER_EMAIL = distro_settings.get_setting("SERVER_EMAIL")
# Allow OpenID redirect domains to be configurable
if distro_settings.get_setting("ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS"):
ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS = distro_settings.get_setting("ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS")
if distro_settings.get_setting("OPENID_LAUNCHPAD_TEAMS_MAPPING"):
OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO = False
OPENID_LAUNCHPAD_TEAMS_MAPPING = distro_settings.get_setting("OPENID_LAUNCHPAD_TEAMS_MAPPING")
# Atlassian Crowd authentication config
AUTH_CROWD_SERVER_REST_URI = distro_settings.get_setting("AUTH_CROWD_SERVER_REST_URI")
if AUTH_CROWD_SERVER_REST_URI:
# If Crowd server URL is configured, disable OpenID and
# enable Crowd auth backend
