class LdapAutomountHome(ldapdb.models.Model):
"""
Represents an LDAP automount with hardcoded 'auto.home' in the base_dn (!)
Ref: http://www.openldap.org/faq/data/cache/599.html
Ref: http://lists.bolloretelecom.eu/pipermail/django-ldapdb/2012-April/000113.html
"""
connection_name = 'ldap'
# LDAP meta-data
base_dn = 'ou=auto.home,{}'.format(settings.LDAP_AUTOMOUNT_DN)
object_classes = ['automount']
username = CharField(db_column='cn', primary_key=True)
automountInformation = CharField(db_column='automountInformation')
def set_automount_info(self, username=None):
krb5_automount_info = "-fstype=nfs4,rw,sec=krb5 {}:{}/{}".format(
settings.FILESERVER_HOST, settings.FILESERVER_HOME_PATH,
username if username is not None else self.username)
self.automountInformation = krb5_automount_info
def __str__(self):
return self.username
class Meta:
managed = False
def test_or(self):
where = WhereNode()
where.add((Constraint("cn", "cn", CharField()), 'exact', "foo"), AND)
where.add((Constraint("givenName", "givenName",
CharField()), 'exact', "bar"), OR)
self.assertEquals(where_as_ldap(where),
("(|(cn=foo)(givenName=bar))", []))
class Tag(ldapdb.models.Model):
"""
A Domesday tag.
"""
base_dn = "ou=tags,dc=mozillians,dc=org"
object_classes = ['groupOfNames']
name = CharField(db_column='cn', max_length=32768, primary_key=True)
members = ListField(db_column='member')
description = CharField(db_column='description', max_length=1024)
# Will eventually need a blesstag, and a field describing how to become
# blessed.
def members_as_people(self):
# XXX want to say:
# return [Person.objects.get(dn=dn) for dn in self.members]
return [Person.objects.get(uid=dn.split(',')[0].split("=")[1])
for dn in self.members]
def __str__(self):
return self.name
def __unicode__(self):
return self.name
class LdapGroup(ldapdb.models.Model):
"""
Class for representing an LDAP group entry.
"""
# LDAP meta-data
base_dn = "ou=group,dc=iapp-intern,dc=de"
object_classes = [
'posixGroup',
'extensibleObject',
]
# posixGroup
cn = CharField(db_column='cn', primary_key=True)
gidNumber = IntegerField(db_column='gidNumber', unique=True)
description = CharField(db_column='description', blank=True)
memberUid = ListField(db_column='memberUid')
# extensibleObject
owner = ListField(db_column='owner')
def __str__(self):
return self.cn
def __unicode__(self):
return self.cn
class LdapMaillist(ldapdb.models.Model):
"""
Class for representing an LDAP Maillist entry.
"""
# LDAP meta-data
base_dn = "ou=Mailinglists,dc=iapp-intern,dc=de"
object_classes = ['groupOfNames',
'extensibleObject',
]
# groupOfNames
cn = CharField(db_column='cn', primary_key=True)
description = CharField(db_column='description', blank=True)
member = ListField(db_column='member')
# extensibleObject
mail = CharField(db_column='mail')
owner = ListField(db_column='owner')
rfc822MailMember = ListField(db_column='rfc822MailMember', blank=True)
def __str__(self):
return self.cn
def __unicode__(self):
return self.cn
class Account(ldapdb.models.Model):
"""
An account on another system.
To get the accounts for just a single person, use the scoped() method
to add the person's Domesday uid, e.g.:
Account.scoped("uid=%s,%s" % (self.uid, Account.base_dn))
"""
base_dn = "ou=people,dc=mozillians,dc=org"
object_classes = ['account']
domain = CharField(db_column='host', max_length=256, primary_key=True)
userid = CharField(db_column='uid', max_length=256)
def _get_owner(self):
uid = re.search(',uid=(\d+),', self.dn).group(1)
p = Person.objects.filter(pk=uid)
return p
owner = property(_get_owner)
def __str__(self):
return "%s: %s" % (self.domain, self.userid)
def __unicode__(self):
return "%s: %s" % (self.domain, self.userid)
class Group(BaseLdapModel):
base_dn = force_text('ou=Groups,' + settings.LDAP_BASE_DN)
object_classes = force_bytestrings(['posixGroup', 'sambaGroupMapping'])
# posixGroup attributes
name = CharField(db_column=force_text('cn'), max_length=200, primary_key=True,
validators=list(name_validators))
gid = IntegerField(db_column=force_text('gidNumber'), unique=True)
members = ListField(db_column=force_text('memberUid'))
description = CharField(db_column=force_text('description'), max_length=500, blank=True, default='')
group_type = IntegerField(db_column=force_text('sambaGroupType'), default=None)
samba_sid = CharField(db_column=force_text('sambaSID'), unique=True, default='')
def save(self, using=None):
self.group_type = 2
self.set_next_free_value('gid', default=10000)
# noinspection PyStringFormat
self.samba_sid = '%s-%d' % (get_samba_sid(), self.gid)
super(Group, self).save(using=using)
group_of_names = list(GroupOfNames.objects.filter(name=self.name)[0:1])
if not group_of_names:
group = GroupOfNames(name=self.name, members=['cn=admin,' + settings.LDAP_BASE_DN])
group.save()
else:
group = group_of_names[0]
new_members = ['cn=admin,' + settings.LDAP_BASE_DN] + ['uid=%s,%s' % (x, User.base_dn) for x in self.members]
if new_members != group.members:
group.members = new_members
group.save()
def test_char_field_in(self):
where = WhereNode()
where.add((Constraint("cn", "cn", CharField()), 'in', ["foo", "bar"]), AND)
self.assertEquals(where_as_ldap(where), ("(|(cn=foo)(cn=bar))", []))
where = WhereNode()
where.add((Constraint("cn", "cn", CharField()), 'in', ["(foo)", "(bar)"]), AND)
self.assertEquals(where_as_ldap(where), ("(|(cn=\\28foo\\29)(cn=\\28bar\\29))", []))
def test_char_field_contains(self):
where = WhereNode()
where.add((Constraint("cn", "cn", CharField()), 'contains', "test"), AND)
self.assertEquals(where_as_ldap(where), ("(cn=*test*)", []))
where = WhereNode()
where.add((Constraint("cn", "cn", CharField()), 'contains', "te*st"), AND)
self.assertEquals(where_as_ldap(where), ("(cn=*te\\2ast*)", []))
def test_char_field_exact(self):
where = WhereNode()
where.add((Constraint("cn", "cn", CharField()), 'exact', "test"), AND)
self.assertEquals(where_as_ldap(where), ("(cn=test)", []))
where = WhereNode()
where.add((Constraint("cn", "cn", CharField()), 'exact', "(test)"), AND)
self.assertEquals(where_as_ldap(where), ("(cn=\\28test\\29)", []))
def test_char_field_startswith(self):
where = WhereNode()
where.add((Constraint("cn", "cn", CharField()), 'startswith', "test"),
AND)
self.assertEqual(where_as_ldap(where), ("(cn=test*)", []))
where = WhereNode()
where.add((Constraint("cn", "cn", CharField()), 'startswith', "te*st"),
AND)
self.assertEqual(where_as_ldap(where), ("(cn=te\\2ast*)", []))
def test_char_field_endswith(self):
where = WhereNode()
where.add((Constraint("cn", "cn", CharField()), 'endswith', "test"),
AND)
self.assertEquals(where.as_sql(), ("(cn=*test)", []))
where = WhereNode()
where.add((Constraint("cn", "cn", CharField()), 'endswith', "te*st"),
AND)
self.assertEquals(where.as_sql(), ("(cn=*te\\2ast)", []))
class LdapUser(Model):
"""
Class for representing an LDAP user entry.
"""
class Meta:
managed = False
base_dn = settings.AUTH_LDAP_BASE
object_classes = [
'posixAccount', 'shadowAccount', 'inetOrgPerson', 'top', 'person',
'organizationalPerson'
]
first_name = CharField(db_column='givenName')
last_name = CharField(db_column='sn')
full_name = CharField(db_column='cn')
email = CharField(db_column='mail')
username = CharField(db_column='uid', primary_key=True)
password = CharField(db_column='userPassword')
uid = IntegerField(db_column='uidNumber', unique=True)
group = IntegerField(db_column='gidNumber')
home_directory = CharField(db_column='homeDirectory')
login_shell = CharField(db_column='loginShell', default='/bin/bash')
description = CharField(db_column='description')
def __str__(self):
return self.uid
def __unicode__(self):
return self.full_name
class LdapGroup(ldapdb.models.Model):
"""
Class for representing an LDAP group entry.
This is a memberOf bind
http://www.openldap.org/software/man.cgi?query=slapo-memberof&sektion=5&apropos=0&manpath=OpenLDAP+2.4-Release
"""
# LDAP meta-data
base_dn = "ou=groups,{}".format(settings.LDAP_BASEDN)
object_classes = [
'groupOfNames',
]
cn = CharField(db_column='cn', primary_key=True)
member = ListField(db_column='member', default=[])
class Meta:
verbose_name = _('LDAP MemberOf Group')
verbose_name_plural = _('LDAP MemberOf Groups')
def add_member(self, member_dn_obj):
members = self.member.split(os.linesep)
if not member_dn_obj in members:
members.append(member_dn_obj.dn.strip())
self.member = os.linesep.join(members)
self.save()
def remove_member(self, member_dn_obj):
members = self.member.split(os.linesep)
if member_dn_obj.dn in members:
members = [i for i in members if i != member_dn_obj.dn]
self.member = os.linesep.join(members)
self.save()
def __str__(self):
return self.cn
class LdapOA(ldapdb.models.Model):
base_dn = "cn=OA,ou=Roles,dc=xiaoneng,dc=cn"
object_classes = ['groupOfUniqueNames']
cn = CharField(db_column='cn', max_length=200, primary_key=True)
uniqueMember = ListField(db_column='uniqueMember')
class LdapGroup(ldapdb.models.Model):
"""
Class for representing an LDAP group entry.
"""
# LDAP meta-data
base_dn = "ou=Users,dc=xiaoneng,dc=cn"
object_classes = ['organizationalUnit']
ou = CharField(db_column='ou', max_length=200, primary_key=True)
name = CharField(db_column='businessCategory', max_length=200)
def __str__(self):
return self.ou
def __unicode__(self):
return self.ou
class FakeModel(models.Model):
class Meta:
abstract = True
base_dn = 'ou=test,dc=example,dc=org'
object_classes = ['inetOrgPerson']
name = CharField(db_column='cn')
class LdapStructure(ldapdb.models.Model):
base_dn = "ou=Users,dc=xiaoneng,dc=cn"
object_classes = ['organizationalUnit']
ou = CharField(db_column='ou', max_length=200, primary_key=True)
def __str__(self):
return self.ou
class LdapUser(ldapdb.models.Model):
# LDAP meta-data
base_dn = "dc=at"
object_classes = ['inetOrgPerson']
first_name = CharField(db_column='givenName')
last_name = CharField("surname", db_column='sn')
full_name = CharField(db_column='cn')
email = CharField(db_column='mail', primary_key=True)
#ordering = ['last_name']
def __str__(self):
return self.full_name
def __unicode__(self):
return self.full_name
class GroupOfNames(BaseLdapModel):
# a copy of Group, but based on different object classes.
# required by nslcd!
base_dn = 'ou=CoreGroups,' + settings.LDAP_BASE_DN
object_classes = force_bytestrings(['groupOfNames'])
name = CharField(db_column=force_text('cn'), max_length=200, primary_key=True,
validators=list(name_validators))
members = ListField(db_column=force_text('member'))
class ServiceAccount(BaseLdapModel):
# description used as description for primary groups of users
base_dn = 'ou=Services,' + settings.LDAP_BASE_DN
object_classes = force_bytestrings(['posixAccount', 'shadowAccount', 'inetOrgPerson', 'person'])
fqdn = CharField(db_column=force_text('uid'), max_length=200, primary_key=True,
validators=list(name_validators))
uid_number = IntegerField(db_column=force_text('uidNumber'), default=None, unique=True)
gid_number = IntegerField(db_column=force_text('gidNumber'), default=None)
# forced values
display_name = CharField(db_column=force_text('displayName'), max_length=200)
mail = CharField(db_column=force_text('mail'), default=None)
gecos = CharField(db_column=force_text('gecos'), max_length=200, default=None)
cn = CharField(db_column=force_text('cn'), max_length=200, default=None, validators=list(name_validators))
sn = CharField(db_column=force_text('sn'), max_length=200, default=None, validators=list(name_validators))
# password values
user_password = CharField(db_column=force_text('userPassword'), default=None)
# samba_nt_password = CharField(db_column=force_text('sambaNTPassword'), default=None)
def save(self, using=None):
self.cn = self.fqdn
self.sn = self.fqdn
self.display_name = self.fqdn
self.gecos = self.fqdn
self.mail = '%s@%s' % (self.fqdn, settings.PENATES_DOMAIN)
self.set_next_free_value('uid_number')
self.gid_number = self.uid_number
super(ServiceAccount, self).save(using=using)
def set_password(self, password):
self.user_password = password_hash(password)
self.save()
class Principal(BaseLdapModel):
base_dn = 'cn=krbContainer,' + settings.LDAP_BASE_DN
object_classes = force_bytestrings(['krbPrincipal', 'krbPrincipalAux', 'krbTicketPolicyAux'])
name = CharField(db_column=force_text('krbPrincipalName'), primary_key=True)
flags = IntegerField(db_column=force_text('krbTicketFlags'), default=None)
def save(self, using=None):
self.flags = 128
super(Principal, self).save(using=using)
class LdapRoom(ldapdb.models.Model):
"""
Class for representing an LDAP roon entry.
"""
# LDAP meta-data
base_dn = "ou=rooms,dc=iapp-intern,dc=de"
object_classes = ['room']
# posixGroup
cn = CharField(db_column='cn', primary_key=True)
description = CharField(db_column='description')
telephoneNumber = CharField(db_column='telephoneNumber')
def __str__(self):
return self.cn
def __unicode__(self):
return self.cn
class LDAPPosixUser(LDAPModel):
"""
Class for representing an LDAP user entry.
"""
objects = LDAPPosixUserManager()
# LDAP meta-data
base_dn = settings.LDAP_SYNC_USER_BASE_DN
object_classes = ['top', 'posixAccount', 'inetOrgPerson']
# inetOrgPerson
first_name = CharField(db_column='givenName', verbose_name="Prime name")
last_name = CharField("Final name", db_column='sn')
common_name = CharField(db_column='cn')
email = ListField(db_column='mail')
# posixAccount
uid = IntegerField(db_column='uidNumber', default=1000)
group = IntegerField(db_column='gidNumber')
home_directory = CharField(db_column='homeDirectory')
login_shell = CharField(db_column='loginShell', default='/bin/bash')
nadine_id = CharField(db_column='uid', primary_key=True)
password = CharField(db_column='userPassword')
if hasattr(settings, 'LDAP_SYNC_USER_HOME_DIR_TEMPLATE'):
HOME_DIR_TEMPLATE = settings.LDAP_SYNC_USER_HOME_DIR_TEMPLATE
else:
HOME_DIR_TEMPLATE = "/home/{}"
def ensure_gid(self):
"""
If no group is set then perform a get_or_create() for default members
group.
"""
if self.group is None:
members_group, _ = LDAPPosixGroup.objects.get_or_create(
name=settings.LDAP_SYNC_MEMBERS_GROUP_CN)
self.group = members_group.gid
def ensure_home_directory(self):
"""
If no home_directory is set then LDAP complains, we can auto-populate.
"""
if not self.home_directory:
self.home_directory = self.HOME_DIR_TEMPLATE.format(self.uid)
def save(self, *args, **kwargs):
self.ensure_gid()
self.ensure_home_directory()
return super(LDAPPosixUser, self).save(*args, **kwargs)
def __str__(self):
return "{}:{}".format(self.nadine_id, self.common_name)
def __str__(self):
return self.full_name
class Tag(ldapdb.models.Model):
"""
A Domesday tag.
"""
base_dn = "ou=tags,dc=mozillians,dc=org"
object_classes = ['groupOfNames']
name = CharField(db_column='cn', max_length=32768, primary_key=True)
members = ListField(db_column='member')
def __str__(self):
return self.name
def __unicode__(self):
return self.name
class LdapOU(ldapdb.models.Model):
"""
Class for representing an LDAP organizational unit.
"""
# LDAP meta-data
# this ONLY works in dev (which is the way it should be). Note that base_dn = settings.LDAP_BASE_SEARCH_DN does
# NOT work because base_dn = settings.LDAP_BASE_SEARCH_DN now contains the ou!"
base_dn = "dc=agaveapi"
object_classes = ['organizationalUnit']
ou = CharField(db_column='ou', blank=True, primary_key=True)
def __str__(self):
return self.ou
def __unicode__(self):
return self.ou
class LdapGroup(ldapdb.models.Model):
"""
Class for representing an LDAP group entry.
"""
# LDAP meta-data
base_dn = "ou=groups,dc=nodomain"
object_classes = ['posixGroup']
# posixGroup attributes
gid = IntegerField(db_column='gidNumber', unique=True)
name = CharField(db_column='cn', max_length=200, primary_key=True)
usernames = ListField(db_column='memberUid')
def __str__(self):
return self.name
def __unicode__(self):
return self.name
class LdapUser(ldapdb.models.Model):
base_dn = "ou=Users,dc=xiaoneng,dc=cn"
object_classes = ['inetOrgPerson']
username = CharField(db_column='cn', primary_key=True)
user_sn = CharField(db_column='sn')
email = CharField(db_column='mail', blank=True)
phone = CharField(db_column='telephoneNumber', blank=True)
password = CharField(db_column='userPassword')
sshpublickey = CharField(db_column='sshpublickey', blank=True)
def __str__(self):
return self.username
class LdapGroup(ldapdb.models.Model):
""" Represents an LDAP posixGroup entry. """
connection_name = 'ldap'
# LDAP meta-data
base_dn = settings.LDAP_GROUP_DN
object_classes = ['posixGroup']
# posixGroup attributes
gid = IntegerField(db_column='gidNumber', unique=True)
name = CharField(db_column='cn', max_length=200, primary_key=True)
members = ListField(db_column='memberUid')
def __str__(self):
return self.name
class Meta:
managed = False
class LdapAutomountMap(ldapdb.models.Model):
"""
Represents an LDAP automountMap
Ref: http://www.openldap.org/faq/data/cache/599.html
"""
connection_name = 'ldap'
# LDAP meta-data
base_dn = settings.LDAP_AUTOMOUNT_DN
object_classes = ['automountMap']
ou = CharField(db_column='ou', primary_key=True) # F.ex auto.home
def __str__(self):
return self.ou
class Meta:
managed = False
