def nonlocal_ldap_user_auth_and_sync(uid, password): sqlalchemy_session = db.session print 'Call nonlocal_ldap_user_auth_and_sync' auth_success = False ldap_search_result = get_ldap_objects() if ldap_search_result != None: user_found = False for distinguished_name, object_description in ldap_search_result: ldap_user_description = object_description if ldap_user_description != None: ldap_user_uid_list = ldap_user_description.get('uid') ldap_user_cn_list = ldap_user_description.get('cn') ldap_user_given_name_list = ldap_user_description.get('givenName') ldap_user_surname_list = ldap_user_description.get('sn') ldap_user_mail_list = ldap_user_description.get('mail') ldap_user_password_list = ldap_user_description.get('sambaNTPassword') if ldap_user_cn_list != None and ldap_user_uid_list != None and ldap_user_given_name_list != None and ldap_user_surname_list != None and ldap_user_mail_list != None: ldap_user_cn = ldap_user_cn_list[0] ldap_user_uid = ldap_user_uid_list[0] ldap_user_given_name = ldap_user_given_name_list[0] ldap_user_surname = ldap_user_surname_list[0] ldap_user_mail = ldap_user_mail_list[0] ldap_user_password = ldap_user_password_list[0] if ldap_user_uid == uid and ldap_auth(ldap_user_password, password): print 'User found' auth_success = True sqlalchemy_session.add(User(common_name=ldap_user_cn, uid=ldap_user_uid, given_name=ldap_user_given_name, surname=ldap_user_surname, mail=ldap_user_mail, role=CUSTOMER, auth_type=LDAP, password=hashlib.new( 'md4', password.encode('utf-16le')).digest().encode('hex').upper())) sqlalchemy_session.commit() break else: # Wrong LDAP user record. Is this real case? pass return auth_success
def ldap_sync(): sqlalchemy_session = db.session result_message = 'Sync done' ldap_search_result = get_ldap_objects() if ldap_search_result != None: new_users = [] users_to_delete = [] exists_users = [] ldap_users_dict = dict() ldap_users_dict_by_uid = dict() for distinguished_name, object_description in ldap_search_result: ldap_user_description = object_description if ldap_user_description != None: ldap_user_uid_list = ldap_user_description.get('uid') ldap_user_cn_list = ldap_user_description.get('cn') ldap_user_given_name_list = ldap_user_description.get('givenName') ldap_user_surname_list = ldap_user_description.get('sn') ldap_user_mail_list = ldap_user_description.get('mail') ldap_user_password_list = ldap_user_description.get('sambaNTPassword') if ldap_user_cn_list != None and ldap_user_uid_list != None and ldap_user_given_name_list != None and ldap_user_surname_list != None and ldap_user_mail_list != None: ldap_user_cn = ldap_user_cn_list[0] ldap_user_uid = ldap_user_uid_list[0] ldap_user_given_name = ldap_user_given_name_list[0] ldap_user_surname = ldap_user_surname_list[0] ldap_user_mail = ldap_user_mail_list[0] ldap_user_password = ldap_user_password_list[0] ldap_users_dict[ldap_user_cn] = {'ldap_user_uid' : ldap_user_uid, 'ldap_user_given_name' : ldap_user_given_name, 'ldap_user_surname' : ldap_user_surname, 'ldap_user_mail' : ldap_user_mail, 'ldap_user_password' : ldap_user_password } ldap_users_dict_by_uid[ldap_user_uid] = {'ldap_user_cn' : ldap_user_cn, 'ldap_user_given_name' : ldap_user_given_name, 'ldap_user_surname' : ldap_user_surname, 'ldap_user_mail' : ldap_user_mail, 'ldap_user_password' : ldap_user_password } all_ldap_auth_local_users = User.query.filter_by(auth_type=LDAP).all() ldap_auth_local_users_dict = {user.common_name : user for user in all_ldap_auth_local_users} local_users_cn_set = set(ldap_auth_local_users_dict.keys()) ldap_users_cn_set = set(ldap_users_dict.keys()) cn_to_delete_set = local_users_cn_set.difference(ldap_users_cn_set) cn_to_add_set = ldap_users_cn_set.difference(local_users_cn_set) for cn_to_delete in list(cn_to_delete_set): sqlalchemy_session.delete(ldap_auth_local_users_dict[cn_to_delete]) all_local_auth_users = User.query.filter_by(auth_type=LOCAL).all() local_auth_users_dict = {user.uid : user for user in all_local_auth_users} local_users_uid_set = set(local_auth_users_dict.keys()) ldap_users_uid_set = set(ldap_users_dict_by_uid.keys()) local_uids_to_delete_set = local_users_uid_set.intersection(ldap_users_uid_set) for uid_to_delete in list(local_uids_to_delete_set): sqlalchemy_session.delete(local_auth_users_dict[uid_to_delete]) sqlalchemy_session.commit() for cn_to_add in list(cn_to_add_set): ldap_user = ldap_users_dict[cn_to_add] sqlalchemy_session.add(User(common_name=cn_to_add, uid=ldap_user['ldap_user_uid'], given_name=ldap_user['ldap_user_given_name'], surname=ldap_user['ldap_user_surname'], mail=ldap_user['ldap_user_mail'], role=CUSTOMER, auth_type=LDAP, password=ldap_user['ldap_user_password'])) sqlalchemy_session.commit() return result_message