class RepositoryLdapUser(ldapdb.models.Model): """ Class for representing a repository user in LDAP """ # pylint: disable=W0222 # LDAP meta-data base_dn = settings.BORGHIVE['LDAP_USER_BASEDN'] object_classes = ['organizationalPerson', 'posixAccount', 'shadowAccount'] last_modified = fields.DateTimeField(db_column='modifyTimestamp') # posixAccount uid = fields.IntegerField(db_column='uidNumber', unique=True) group = fields.IntegerField(db_column='gidNumber') gecos = fields.CharField(db_column='gecos', default='Borghive Repo User') home = fields.CharField(db_column='homeDirectory', default=settings.BORGHIVE['REPO_PATH']) shell = fields.CharField(db_column='loginShell', default='/bin/bash') username = fields.CharField(db_column='uid', primary_key=True) sn = fields.CharField(db_column='sn', default='') cn = fields.CharField(db_column='cn', default='') def save(self, *args, **kwargs): self.home = os.path.join(settings.BORGHIVE['REPO_PATH'], self.username) self.sn = self.username self.cn = self.username super().save(*args, **kwargs) def __str__(self): return 'RepositoryLdapUser: {0.dn}: uid={0.uid} gid={0.group}'.format( self)
class LdapUser(ldapdb.models.Model): """ Class for representing an LDAP user entry. """ # LDAP meta-data base_dn = "ou=people,dc=example,dc=org" object_classes = ['posixAccount', 'shadowAccount', 'inetOrgPerson'] last_modified = fields.DateTimeField(db_column='modifyTimestamp') # inetOrgPerson first_name = fields.CharField(db_column='givenName', verbose_name="Prime name") last_name = fields.CharField("Final name", db_column='sn') full_name = fields.CharField(db_column='cn') email = fields.CharField(db_column='mail') phone = fields.CharField(db_column='telephoneNumber', blank=True) mobile_phone = fields.CharField(db_column='mobile', blank=True) photo = fields.ImageField(db_column='jpegPhoto') # posixAccount uid = fields.IntegerField(db_column='uidNumber', unique=True) group = fields.IntegerField(db_column='gidNumber') gecos = fields.CharField(db_column='gecos') home_directory = fields.CharField(db_column='homeDirectory') login_shell = fields.CharField(db_column='loginShell', default='/bin/bash') username = fields.CharField(db_column='uid', primary_key=True) password = fields.CharField(db_column='userPassword') # shadowAccount last_password_change = fields.TimestampField(db_column='shadowLastChange') def __str__(self): return self.username def __unicode__(self): return self.full_name
class Tool(ldapdb.models.Model): """A tool is a specially named LDAP group.""" base_dn = settings.TOOLS_TOOL_BASE_DN object_classes = ['posixGroup', 'groupOfNames'] objects = ToolManager() group_name = fields.CharField(db_column='cn', max_length=200, primary_key=True) gid = fields.IntegerField(db_column='gidNumber', unique=True) maintainer_ids = fields.ListField(db_column='member') @property def name(self): return self.group_name[6:] @name.setter def name(self, value): self.group_name = 'tools.{0!s}'.format(value) def maintainers(self): # OMG, this is horrible. You can't search LDAP by dn. return Maintainer.objects.filter( username__in=(dn.split(',')[0].split('=')[1] for dn in self.maintainer_ids)) def __str__(self): return self.name
class AbstractGroup(ldapdb.models.Model): class Meta: abstract = True object_classes = ['posixGroup'] gid = fields.IntegerField(db_column='gidNumber', unique=True) name = fields.CharField(db_column='cn', max_length=200, primary_key=True) usernames = fields.ListField(db_column='memberUid') def __str__(self): return self.name def __unicode__(self): return self.name
class RCLdapUser(ldapdb.models.Model): """ Class for representing an LDAP user entry. """ rdn_keys = ['username'] # LDAP meta-data base_dn = 'ou=users,dc=example,dc=org' object_classes = ['posixAccount', 'inetOrgPerson'] last_modified = fields.DateTimeField(db_column='modifyTimestamp') organization = fields.CharField(max_length=128,blank=False,null=False) # inetOrgPerson first_name = fields.CharField(db_column='givenName', verbose_name="Prime name") last_name = fields.CharField("Final name", db_column='sn') full_name = fields.CharField(db_column='cn') email = fields.CharField(db_column='mail') # posixAccount uid = fields.IntegerField(db_column='uidNumber', unique=True) group = fields.IntegerField(db_column='gidNumber') gecos = fields.CharField(db_column='gecos') home_directory = fields.CharField(db_column='homeDirectory') login_shell = fields.CharField(db_column='loginShell', default='/bin/bash') username = fields.CharField(db_column='uid') @property def organization(self): return self.org def __str__(self): return self.username def __unicode__(self): return self.full_name
class LdapGroup(ldapdb.models.Model): """ Class for representing an LDAP group entry. """ # LDAP meta-data base_dn = "ou=groups,dc=example,dc=org" object_classes = ['posixGroup'] # posixGroup attributes gid = fields.IntegerField(db_column='gidNumber', unique=True) name = fields.CharField(db_column='cn', max_length=200, primary_key=True) usernames = fields.ListField(db_column='memberUid') def __str__(self): return self.name def __unicode__(self): return self.name
class CuLdapUser(LdapUser): class Meta: managed = False base_dn = settings.LDAPCONFS['culdap']['people_dn'] object_classes = [] uid = ldap_fields.IntegerField(db_column='uidNumber', unique=True) # Used for automatic determination of role and affiliation. edu_affiliation = ldap_fields.ListField(db_column='eduPersonAffiliation') edu_primary_affiliation = ldap_fields.CharField(db_column='eduPersonPrimaryAffiliation') cu_primary_major = ldap_fields.CharField(db_column='cuEduPersonPrimaryMajor1') cu_home_department = ldap_fields.CharField(db_column='cuEduPersonHomeDepartment') @sensitive_variables('pwd') def authenticate(self,pwd): authed = ldap_utils.authenticate(self.dn,pwd,'culdap') logger = logging.getLogger('accounts') logger.info('CU user {} auth attempt: {}'.format(self.username, authed)) return authed
class RcLdapGroup(ldapdb.models.Model): class Meta: verbose_name = 'LDAP group' verbose_name_plural = 'LDAP groups' managed = False def __init__(self,*args,**kwargs): super(RcLdapGroup,self).__init__(*args,**kwargs) rdn = self.dn.lower().replace(self.base_dn.lower(), '') rdn_list = rdn.split(',') self.org = '' if len(rdn_list) > 1: ou = self.base_dn.lower().split(',')[0] __, org = ou.split('=') self.org = org self.base_dn = self.base_dn.lower() objects = RcLdapGroupManager() rdn_keys = ['name'] base_dn = settings.LDAPCONFS['rcldap']['group_dn'] object_classes = ['top','posixGroup'] # posixGroup attributes # gid = ldap_fields.IntegerField(db_column='gidNumber', unique=True) gid = ldap_fields.IntegerField(db_column='gidNumber',null=True,blank=True) name = ldap_fields.CharField(db_column='cn', max_length=200) members = ldap_fields.ListField(db_column='memberUid',blank=True,null=True) def __str__(self): return self.name def __str__(self): return self.name @property def organization(self): return self.org @property def effective_cn(self): suffixed_name = ldap_utils.get_suffixed_username(self.name,self.organization) return suffixed_name def _set_base_dn(self,org): if org in list(settings.ORGANIZATION_INFO.keys()): ou = 'ou={}'.format(org) self.org = org if ou not in self.base_dn.lower(): self.base_dn = ','.join([ou,self.base_dn]) else: raise ValueError('Invalid organization specified: {}'.format(org)) def save(self,*args,**kwargs): org = kwargs.pop('organization', None) if not org: raise ValueError('No organization specified.') self._set_base_dn(org) force_insert = kwargs.pop('force_insert',None) # If no GID specified, auto-assign if self.gid == None: id_tracker = IdTracker.objects.get(category='posix') gid = id_tracker.get_next_id() self.gid = gid logger = logging.getLogger('accounts') logger.info('Auto-assigned GID to group: {}, {}'.format(gid, self.name)) super(RcLdapGroup,self).save(*args,**kwargs)
class RcLdapUser(LdapUser): class Meta: verbose_name = 'LDAP user' verbose_name_plural = 'LDAP users' managed = False def __init__(self,*args,**kwargs): super(RcLdapUser,self).__init__(*args,**kwargs) rdn = self.dn.lower().replace(self.base_dn.lower(), '') rdn_list = rdn.split(',') self.org = '' if len(rdn_list) > 1: ou = self.base_dn.lower().split(',')[0] __, org = ou.split('=') self.org = org self.base_dn = self.base_dn.lower() objects = RcLdapUserManager() base_dn = str(settings.LDAPCONFS['rcldap']['people_dn']) object_classes = list(map(str, ['top','person','inetorgperson','posixaccount','curcPerson','shadowAccount'])) expires = ldap_fields.IntegerField(db_column='shadowExpire',blank=True,null=True) uid = ldap_fields.IntegerField(db_column='uidNumber',null=True,blank=True) gid = ldap_fields.IntegerField(db_column='gidNumber',null=True,blank=True) gecos = ldap_fields.CharField(db_column='gecos',default='') home_directory = ldap_fields.CharField(db_column='homeDirectory') login_shell = ldap_fields.CharField(db_column='loginShell', default='/bin/bash') #curcPerson attributes role = ldap_fields.ListField(db_column='curcRole',blank=True,null=True) affiliation = ldap_fields.ListField(db_column='curcAffiliation',blank=True,null=True) @property def organization(self): return self.org @property def effective_uid(self): suffixed_username = ldap_utils.get_suffixed_username(self.username,self.organization) return suffixed_username def _set_base_dn(self,org): if org in list(map(str, list(settings.ORGANIZATION_INFO.keys()))): ou = 'ou={}'.format(org) self.org = org if ou not in self.base_dn.lower(): self.base_dn = ','.join([ou,self.base_dn]) else: raise ValueError('Invalid organization specified: {}'.format(org)) def save(self,*args,**kwargs): org = str(kwargs.pop('organization', None)) if not org: raise ValueError('No organization specified.') self._set_base_dn(org) # If no UID/GID specified, auto-assign logger = logging.getLogger('accounts') if (self.uid == None) and (self.gid == None): id_tracker = IdTracker.objects.get(category='posix') uid = id_tracker.get_next_id() self.uid = uid self.gid = uid logger.info('Auto-assigning UID and GID to user: {}, {}'.format(uid, self.effective_uid)) elif self.uid == None: self.uid = self.gid logger.info('Auto-assigning UID to user: {}, {}'.format(self.gid, self.effective_uid)) elif self.gid == None: self.gid = self.uid logger.info('Auto-assigning GID to user: {}, {}'.format(self.uid, self.effective_uid)) super(RcLdapUser,self).save(*args,**kwargs)