def delete(self, mails): if mails is None or len(mails) == 0: return (False, "NO_ACCOUNT_SELECTED") result = {} for mail in mails: self.mail = web.safestr(mail) dn = ldaputils.convert_keyword_to_dn(self.mail, accountType="admin") if dn[0] is False: return dn try: deltree.DelTree(self.conn, dn, ldap.SCOPE_SUBTREE) web.logger(msg="Delete admin: %s." % (self.mail,), event="delete") except ldap.NO_SUCH_OBJECT: # This is a mail user admin dn = ldaputils.convert_keyword_to_dn(self.mail, accountType="user") try: connutils = connUtils.Utils() # Delete enabledService=domainadmin connutils.addOrDelAttrValue(dn=dn, attr="enabledService", value="domainadmin", action="delete") # Delete domainGlobalAdmin=yes connutils.addOrDelAttrValue(dn=dn, attr="domainGlobalAdmin", value="yes", action="delete") web.logger(msg="Delete admin: %s." % (self.mail), event="delete") except Exception, e: result[self.mail] = str(e) except ldap.LDAPError, e: result[self.mail] = str(e)
def profile(self, domain, mail, accountType="user"): self.mail = web.safestr(mail) self.domain = self.mail.split("@", 1)[-1] if self.domain != domain: raise web.seeother("/domains?msg=PERMISSION_DENIED") self.filter = "(&(objectClass=mailUser)(mail=%s))" % (self.mail,) if accountType == "catchall": self.filter = "(&(objectClass=mailUser)(mail=@%s))" % (self.mail,) else: if not self.mail.endswith("@" + self.domain): raise web.seeother("/domains?msg=PERMISSION_DENIED") if attrs.RDN_USER == "mail": self.searchdn = ldaputils.convert_keyword_to_dn(self.mail, accountType=accountType) self.scope = ldap.SCOPE_BASE if self.searchdn[0] is False: return self.searchdn else: domain_dn = ldaputils.convert_keyword_to_dn(self.domain, accountType="domain") if domain_dn[0] is False: return domain_dn self.searchdn = attrs.DN_BETWEEN_USER_AND_DOMAIN + domain_dn self.scope = ldap.SCOPE_SUBTREE try: self.user_profile = self.conn.search_s(self.searchdn, self.scope, self.filter, attrs.USER_ATTRS_ALL) return (True, self.user_profile) except Exception, e: return (False, ldaputils.getExceptionDesc(e))
def enableOrDisableAccount(self, domain, mails, action, attr="accountStatus"): if mails is None or len(mails) == 0: return (False, "NO_ACCOUNT_SELECTED") self.mails = [str(v) for v in mails if iredutils.is_email(v) and str(v).endswith("@" + str(domain))] result = {} connutils = connUtils.Utils() for mail in self.mails: self.mail = web.safestr(mail) if not iredutils.is_email(self.mail): continue self.domain = self.mail.split("@")[-1] self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType="user") if self.dn[0] is False: result[self.mail] = self.dn[1] continue try: connutils.enableOrDisableAccount( domain=self.domain, account=self.mail, dn=self.dn, action=web.safestr(action).strip().lower(), accountTypeInLogger="user", ) except ldap.LDAPError, e: result[self.mail] = str(e)
def deleteSingleUser(self, mail, deleteFromGroups=True): self.mail = web.safestr(mail) if not iredutils.is_email(self.mail): return (False, "INVALID_MAIL") # Get domain name of this account. self.domain = self.mail.split("@")[-1] # Get dn of mail user and domain. self.dnUser = ldaputils.convert_keyword_to_dn(self.mail, accountType="user") if self.dnUser[0] is False: return self.dnUser # Delete user object. try: # Delete single object. # self.conn.delete_s(self.dnUser) # Delete object and its subtree. deltree.DelTree(self.conn, self.dnUser, ldap.SCOPE_SUBTREE) if deleteFromGroups: self.deleteSingleUserFromGroups(self.mail) # Delete record from SQL database: real-time used quota. try: connUtils.deleteAccountFromUsedQuota([self.mail]) except Exception, e: pass # Log delete action. web.logger(msg="Delete user: %s." % (self.mail), domain=self.domain, event="delete") return (True,)
def enableOrDisableAccount(self, mails, action, attr='accountStatus',): if mails is None or len(mails) == 0: return (False, 'NO_ACCOUNT_SELECTED') result = {} connutils = connUtils.Utils() for mail in mails: self.mail = web.safestr(mail).strip().lower() if not iredutils.is_email(self.mail): continue self.domain = self.mail.split('@')[-1] self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType='admin') if self.dn[0] is False: return self.dn try: connutils.enableOrDisableAccount( domain=self.domain, account=self.mail, dn=self.dn, action=web.safestr(action).strip().lower(), accountTypeInLogger='admin', ) except ldap.LDAPError, e: result[self.mail] = str(e)
def listAccounts(self, domain): self.domain = domain self.domainDN = ldaputils.convert_keyword_to_dn(self.domain, accountType="domain") if self.domainDN[0] is False: return self.domainDN try: # Use '(!([email protected]))' to hide catch-all account. self.users = self.conn.search_s( attrs.DN_BETWEEN_USER_AND_DOMAIN + self.domainDN, ldap.SCOPE_SUBTREE, "(&(objectClass=mailUser)(!(mail=@%s)))" % self.domain, attrs.USER_SEARCH_ATTRS, ) connutils = connUtils.Utils() connutils.updateAttrSingleValue(self.domainDN, "domainCurrentUserNumber", len(self.users)) return (True, self.users) except ldap.NO_SUCH_OBJECT: # self.conn.add_s( # attrs.DN_BETWEEN_USER_AND_DOMAIN + self.domainDN, # iredldif.ldif_group(attrs.GROUP_USERS), # ) return (False, "NO_SUCH_OBJECT") except ldap.SIZELIMIT_EXCEEDED: return (False, "EXCEEDED_LDAP_SERVER_SIZELIMIT") except Exception, e: return (False, ldaputils.getExceptionDesc(e))
def getDomainDefaultUserQuota(self, domain, domainAccountSetting=None,): # Return 0 as unlimited. self.domain = web.safestr(domain) self.dn = ldaputils.convert_keyword_to_dn(self.domain, accountType='domain') if self.dn[0] is False: return self.dn if domainAccountSetting is not None: if 'defaultQuota' in domainAccountSetting.keys(): return int(domainAccountSetting['defaultQuota']) else: return 0 else: try: result = self.conn.search_s( self.dn, ldap.SCOPE_BASE, '(domainName=%s)' % self.domain, ['domainName', 'accountSetting'], ) settings = ldaputils.getAccountSettingFromLdapQueryResult(result, key='domainName',) if 'defaultQuota' in settings[self.domain].keys(): return int(settings[self.domain]['defaultQuota']) else: return 0 except Exception: return 0
def add(self, data): # msg: {key: value} msg = {} self.domain = web.safestr(data.get('domainName', '')).strip().lower() # Check domain name. if not iredutils.is_domain(self.domain): return (False, 'INVALID_DOMAIN_NAME') # Check whether domain name already exist (domainName, domainAliasName). connutils = connUtils.Utils() if connutils.is_domain_exists(self.domain): return (False, 'ALREADY_EXISTS') self.dn = ldaputils.convert_keyword_to_dn(self.domain, accountType='domain') if self.dn[0] is False: return self.dn self.cn = data.get('cn', None) ldif = iredldif.ldif_maildomain(domain=self.domain, cn=self.cn,) # Add domain dn. try: result = self.conn.add_s(self.dn, ldif) web.logger(msg="Create domain: %s." % (self.domain), domain=self.domain, event='create',) except ldap.ALREADY_EXISTS: msg[self.domain] = 'ALREADY_EXISTS' except ldap.LDAPError, e: msg[self.domain] = str(e)
def deleteSingleUserFromGroups(self, mail): self.mail = web.safestr(mail) if not iredutils.is_email(self.mail): return (False, "INVALID_MAIL") # Get domain name of this account. self.domain = self.mail.split("@")[-1] # Get dn of mail user and domain. self.dnUser = ldaputils.convert_keyword_to_dn(self.mail, accountType="user") self.dnDomain = ldaputils.convert_keyword_to_dn(self.domain, accountType="domain") if self.dnUser[0] is False: return self.dnUser if self.dnDomain[0] is False: return self.dnDomain try: # Get accounts which contains destination email. objsHasUser = self.conn.search_s( self.dnDomain, ldap.SCOPE_SUBTREE, self.getFilterOfDeleteUserFromGroups(self.mail), ["dn"] ) if len(objsHasUser) >= 1: connutils = connUtils.Utils() for obj in objsHasUser: if obj[0].endswith(attrs.DN_BETWEEN_ALIAS_AND_DOMAIN + self.dnDomain) or obj[0].endswith( attrs.DN_BETWEEN_USER_AND_DOMAIN + self.dnDomain ): # Remove address from alias and user. connutils.addOrDelAttrValue( dn=obj[0], attr="mailForwardingAddress", value=self.mail, action="delete" ) elif obj[0].endswith("ou=Externals," + self.domaindn): # Remove address from external member list. connutils.addOrDelAttrValue(dn=obj[0], attr="mail", value=self.mail, action="delete") else: pass else: pass return (True,) except Exception, e: return (False, ldaputils.getExceptionDesc(e))
def getSizelimitFromAccountLists(self, accountList, sizelimit=50, curPage=1, domain=None, accountType=None): # Return a dict which contains: # - totalAccounts: number of total accounts # - accountList: list of accounts used to display in current page # - totalPages: number of total pages show be showed in account list page. # - totalQuota: number of domain quota size. Only available when accountType=='user'. # Initial a dict to set default values. result = { "totalAccounts": 0, # Integer "accountList": [], # List "totalPages": 0, # Integer "totalQuota": 0, # Integer "currentQuota": {}, # Dict } # Get total accounts. totalAccounts = len(accountList) result["totalAccounts"] = totalAccounts # Get number of actual pages. if totalAccounts % sizelimit == 0: totalPages = totalAccounts / sizelimit else: totalPages = (totalAccounts / sizelimit) + 1 result["totalPages"] = totalPages if curPage >= totalPages: curPage = totalPages # Sort accounts in place. if isinstance(accountList, list): accountList.sort() else: pass # Get total domain mailbox quota. if accountType == "user": counter = 0 for i in accountList: quota = i[1].get("mailQuota", ["0"])[0] if quota.isdigit(): result["totalQuota"] += int(quota) counter += 1 # Update number of current domain quota size in LDAP (@attrs.ATTR_DOMAIN_CURRENT_QUOTA_SIZE). if domain is not None: # Update number of current domain quota size in LDAP. try: dnDomain = ldaputils.convert_keyword_to_dn(domain, accountType="domain") self.updateAttrSingleValue( dn=dnDomain, attr=attrs.ATTR_DOMAIN_CURRENT_QUOTA_SIZE, value=str(result["totalQuota"]) ) except Exception, e: pass
def update(self, profile_type, domain, data): self.profile_type = web.safestr(profile_type) self.domain = web.safestr(domain) self.domaindn = ldaputils.convert_keyword_to_dn(self.domain, accountType='domain') if self.domaindn[0] is False: return self.domaindn connutils = connUtils.Utils() self.accountSetting = [] mod_attrs = [] # Allow normal admin to update profiles. if self.profile_type == 'general': cn = data.get('cn', None) mod_attrs += ldaputils.getSingleModAttr(attr='cn', value=cn, default=self.domain) # Allow global admin to update profiles. if session.get('domainGlobalAdmin') is True: if self.profile_type == 'general': # Get accountStatus. if 'accountStatus' in data.keys(): accountStatus = 'active' else: accountStatus = 'disabled' mod_attrs += [(ldap.MOD_REPLACE, 'accountStatus', accountStatus)] try: dn = ldaputils.convert_keyword_to_dn(self.domain, accountType='domain') if dn[0] is False: return dn self.conn.modify_s(dn, mod_attrs) web.logger(msg="Update domain profile: %s (%s)." % (domain, profile_type), domain=domain, event='update', ) return (True,) except Exception, e: return (False, ldaputils.getExceptionDesc(e))
def update(self, profile_type, mail, data): self.profile_type = web.safestr(profile_type) self.mail = web.safestr(mail) self.username, self.domain = self.mail.split('@', 1) if session.get('domainGlobalAdmin') is not True and session.get('username') != self.mail: # Don't allow to view/update other admins' profile. return (False, 'PERMISSION_DENIED') self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType='admin') if self.dn[0] is False: return self.dn mod_attrs = [] if self.profile_type == 'general': # Get preferredLanguage. lang = web.safestr(data.get('preferredLanguage', 'en_US')) mod_attrs += [(ldap.MOD_REPLACE, 'preferredLanguage', lang)] # Get cn. cn = data.get('cn', None) mod_attrs += ldaputils.getSingleModAttr(attr='cn', value=cn, default=self.username) first_name = data.get('first_name', '') mod_attrs += ldaputils.getSingleModAttr(attr='givenName', value=first_name, default=self.username) last_name = data.get('last_name', '') mod_attrs += ldaputils.getSingleModAttr(attr='sn', value=last_name, default=self.username) # Get accountStatus. if 'accountStatus' in data.keys(): accountStatus = 'active' else: accountStatus = 'disabled' mod_attrs += [(ldap.MOD_REPLACE, 'accountStatus', accountStatus)] try: # Modify profiles. self.conn.modify_s(self.dn, mod_attrs) if session.get('username') == self.mail and \ session.get('lang', 'en_US') != lang: session['lang'] = lang except ldap.LDAPError, e: return (False, ldaputils.getExceptionDesc(e))
def profile(self, mail, attributes=attrs.ADMIN_ATTRS_ALL): self.mail = web.safestr(mail) self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType="admin") if self.dn[0] is False: return self.dn try: self.admin_profile = self.conn.search_s( self.dn, ldap.SCOPE_BASE, "(&(objectClass=mailAdmin)(mail=%s))" % self.mail, attributes ) return (True, self.admin_profile) except ldap.NO_SUCH_OBJECT: return (False, "NO_SUCH_OBJECT") except Exception, e: return (False, ldaputils.getExceptionDesc(e))
def getDnWithKeyword(self, value, accountType="user"): self.keyword = web.safestr(value) if accountType == "user": if attrs.RDN_USER == "mail": if not iredutils.is_email(self.keyword): return False return ldaputils.convert_keyword_to_dn(self.keyword, accountType="user") else: self.domain = self.keyword.split("@", 1)[-1] self.dnOfDomain = ldaputils.convert_keyword_to_dn(self.domain, accountType="domain") try: result = self.conn.search_s( attrs.DN_BETWEEN_USER_AND_DOMAIN + self.dnOfDomain, ldap.SCOPE_SUBTREE, "(&(objectClass=mailUser)(mail=%s))" % (self.keyword), ) if len(result) == 1: self.dn = result[0][0] return self.dn else: return False except Exception, e: return False
def is_domainAdmin(self, domain, admin=session.get('username'),): dn = ldaputils.convert_keyword_to_dn(domain, accountType='domain') try: result = self.conn.search_s( dn, ldap.SCOPE_BASE, "(&(%s=%s)(domainAdmin=%s))" % (attrs.RDN_DOMAIN, domain, admin), ['dn', 'domainAdmin'], ) if len(result) >= 1: return True else: return False except Exception: return False
def getDomainAdmins(self, domain): domain = web.safestr(domain) dn = ldaputils.convert_keyword_to_dn(domain, accountType='domain') if dn[0] is False: return dn try: self.domainAdmins = self.conn.search_s( dn, ldap.SCOPE_BASE, '(&(objectClass=mailDomain)(domainName=%s))' % domain, ['domainAdmin'], ) return self.domainAdmins except Exception, e: return str(e)
def update(self, profile_type, mail, data): self.profile_type = web.safestr(profile_type) self.mail = web.safestr(mail) self.username, self.domain = self.mail.split("@", 1) if session.get("domainGlobalAdmin") is not True and session.get("username") != self.mail: # Don't allow to view/update other admins' profile. return (False, "PERMISSION_DENIED") self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType="admin") if self.dn[0] is False: return self.dn mod_attrs = [] if self.profile_type == "general": # Get preferredLanguage. lang = web.safestr(data.get("preferredLanguage", "en_US")) mod_attrs += [(ldap.MOD_REPLACE, "preferredLanguage", lang)] # Get cn. cn = data.get("cn", None) mod_attrs += ldaputils.getSingleModAttr(attr="cn", value=cn, default=self.username) first_name = data.get("first_name", "") mod_attrs += ldaputils.getSingleModAttr(attr="givenName", value=first_name, default=self.username) last_name = data.get("last_name", "") mod_attrs += ldaputils.getSingleModAttr(attr="sn", value=last_name, default=self.username) # Get accountStatus. if "accountStatus" in data.keys(): accountStatus = "active" else: accountStatus = "disabled" mod_attrs += [(ldap.MOD_REPLACE, "accountStatus", accountStatus)] try: # Modify profiles. self.conn.modify_s(self.dn, mod_attrs) if session.get("username") == self.mail and session.get("lang", "en_US") != lang: session["lang"] = lang except ldap.LDAPError, e: return (False, ldaputils.getExceptionDesc(e))
def add(self, data): self.cn = data.get("cn") self.mail = web.safestr(data.get("mail")).strip().lower() if not iredutils.is_email(self.mail): return (False, "INVALID_MAIL") self.domainGlobalAdmin = web.safestr(data.get("domainGlobalAdmin", "no")) if self.domainGlobalAdmin not in ["yes", "no"]: self.domainGlobalAdmin = "no" self.preferredLanguage = web.safestr(data.get("preferredLanguage", "en_US")) # Check password. self.newpw = web.safestr(data.get("newpw")) self.confirmpw = web.safestr(data.get("confirmpw")) result = iredutils.verify_new_password(self.newpw, self.confirmpw) if result[0] is True: self.passwd = iredutils.generate_password_hash(result[1]) else: return result ldif = iredldif.ldif_mailadmin( mail=self.mail, passwd=self.passwd, cn=self.cn, preferredLanguage=self.preferredLanguage, domainGlobalAdmin=self.domainGlobalAdmin, ) self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType="admin") if self.dn[0] is False: return self.dn try: self.conn.add_s(self.dn, ldif) web.logger(msg="Create admin: %s." % (self.mail), event="create") return (True,) except ldap.ALREADY_EXISTS: return (False, "ALREADY_EXISTS") except Exception, e: return (False, ldaputils.getExceptionDesc(e))
def add(self, data): self.cn = data.get('cn') self.mail = web.safestr(data.get('mail')).strip().lower() if not iredutils.is_email(self.mail): return (False, 'INVALID_MAIL') self.domainGlobalAdmin = web.safestr(data.get('domainGlobalAdmin', 'no')) if self.domainGlobalAdmin not in ['yes', 'no', ]: self.domainGlobalAdmin = 'no' self.preferredLanguage = web.safestr(data.get('preferredLanguage', 'en_US')) # Check password. self.newpw = web.safestr(data.get('newpw')) self.confirmpw = web.safestr(data.get('confirmpw')) result = iredutils.verify_new_password(self.newpw, self.confirmpw) if result[0] is True: self.passwd = ldaputils.generate_ldap_password(result[1]) else: return result ldif = iredldif.ldif_mailadmin( mail=self.mail, passwd=self.passwd, cn=self.cn, preferredLanguage=self.preferredLanguage, domainGlobalAdmin=self.domainGlobalAdmin, ) self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType='admin') if self.dn[0] is False: return self.dn try: self.conn.add_s(self.dn, ldif) web.logger(msg="Create admin: %s." % (self.mail), event='create',) return (True,) except ldap.ALREADY_EXISTS: return (False, 'ALREADY_EXISTS') except Exception, e: return (False, ldaputils.getExceptionDesc(e))
def profile(self, domain): self.domain = web.safestr(domain) self.dn = ldaputils.convert_keyword_to_dn(self.domain, accountType='domain') if self.dn[0] is False: return self.dn try: self.domain_profile = self.conn.search_s( self.dn, ldap.SCOPE_BASE, '(&(objectClass=mailDomain)(domainName=%s))' % self.domain, attrs.DOMAIN_ATTRS_ALL, ) if len(self.domain_profile) == 1: return (True, self.domain_profile) else: return (False, 'NO_SUCH_DOMAIN') except ldap.NO_SUCH_OBJECT: return (False, 'NO_SUCH_OBJECT') except Exception, e: return (False, ldaputils.getExceptionDesc(e))
def getNumberOfCurrentAccountsUnderDomain(self, domain, accountType="user", filter=None): # accountType in ['user', 'list', 'alias',] self.domain = web.safestr(domain) self.domaindn = ldaputils.convert_keyword_to_dn(self.domain, accountType="domain") if filter is not None: self.searchdn = self.domaindn self.filter = filter else: if accountType == "user": self.searchdn = attrs.DN_BETWEEN_USER_AND_DOMAIN + self.domaindn self.filter = "(&(objectClass=mailUser)(!(mail=@%s)))" % self.domain else: self.searchdn = self.domaindn self.filter = "(&(objectClass=mailUser)(!(mail=@%s)))" % self.domain try: result = self.conn.search_s(self.searchdn, ldap.SCOPE_SUBTREE, self.filter, ["dn"]) return (True, len(result)) except Exception, e: return (False, ldaputils.getExceptionDesc(e))
def getAvailableDomainNames(self, domain): """Get list of domainName and domainAliasName by quering domainName. >>> getAvailableDomainNames(domain='example.com') (True, ['example.com', 'aliasdomain01.com', 'aliasdomain02.com', ...]) """ domain = web.safestr(domain).strip().lower() if not iredutils.is_domain(domain): return (False, "INVALID_DOMAIN_NAME") dn = ldaputils.convert_keyword_to_dn(domain, accountType="domain") try: result = self.conn.search_s( dn, ldap.SCOPE_BASE, "(&(objectClass=mailDomain)(domainName=%s))" % domain, ["domainName", "domainAliasName"], ) return (True, result[0][1].get("domainName", []) + result[0][1].get("domainAliasName", [])) except Exception, e: return (False, ldaputils.getExceptionDesc(e))
def enableOrDisableAccount(self, domains, action, attr='accountStatus',): if domains is None or len(domains) == 0: return (False, 'NO_DOMAIN_SELECTED') result = {} connutils = connUtils.Utils() for domain in domains: self.domain = web.safestr(domain) self.dn = ldaputils.convert_keyword_to_dn(self.domain, accountType='domain') if self.dn[0] is False: return self.dn try: connutils.enableOrDisableAccount( domain=self.domain, account=self.domain, dn=self.dn, action=web.safestr(action).strip().lower(), accountTypeInLogger='domain', ) except ldap.LDAPError, e: result[self.domain] = str(e)
def delete(self, domain, mails=[]): if mails is None or len(mails) == 0: return (False, "NO_ACCOUNT_SELECTED") self.domain = web.safestr(domain) self.mails = [str(v) for v in mails if iredutils.is_email(v) and str(v).endswith("@" + self.domain)] if not len(self.mails) > 0: return (False, "INVALID_MAIL") self.domaindn = ldaputils.convert_keyword_to_dn(self.domain, accountType="domain") if self.domaindn[0] is False: return self.domaindn if not iredutils.is_domain(self.domain): return (False, "INVALID_DOMAIN_NAME") result = {} for mail in self.mails: self.mail = web.safestr(mail) try: # Delete user object (ldap.SCOPE_BASE). self.deleteSingleUser(self.mail) # Delete user object and whole sub-tree. # Get dn of mail user and domain. """ self.userdn = ldaputils.convert_keyword_to_dn(self.mail, accountType='user') deltree.DelTree(self.conn, self.userdn, ldap.SCOPE_SUBTREE) # Log delete action. web.logger( msg="Delete user: %s." % (self.mail), domain=self.mail.split('@')[1], event='delete', ) """ except ldap.LDAPError, e: result[self.mail] = ldaputils.getExceptionDesc(e)
def enableOrDisableAccount( self, domain, mails, action, attr='accountStatus', ): if mails is None or len(mails) == 0: return (False, 'NO_ACCOUNT_SELECTED') self.mails = [ str(v) for v in mails if iredutils.is_email(v) and str(v).endswith('@' + str(domain)) ] result = {} connutils = connUtils.Utils() for mail in self.mails: self.mail = web.safestr(mail) if not iredutils.is_email(self.mail): continue self.domain = self.mail.split('@')[-1] self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType='user') if self.dn[0] is False: result[self.mail] = self.dn[1] continue try: connutils.enableOrDisableAccount( domain=self.domain, account=self.mail, dn=self.dn, action=web.safestr(action).strip().lower(), accountTypeInLogger='user', ) except ldap.LDAPError, e: result[self.mail] = str(e)
def getAvailableDomainNames(self, domain): '''Get list of domainName and domainAliasName by quering domainName. >>> getAvailableDomainNames(domain='example.com') (True, ['example.com', 'aliasdomain01.com', 'aliasdomain02.com', ...]) ''' domain = web.safestr(domain).strip().lower() if not iredutils.is_domain(domain): return (False, 'INVALID_DOMAIN_NAME') dn = ldaputils.convert_keyword_to_dn(domain, accountType='domain') try: result = self.conn.search_s( dn, ldap.SCOPE_BASE, '(&(objectClass=mailDomain)(domainName=%s))' % domain, ['domainName', 'domainAliasName'], ) return (True, result[0][1].get('domainName', []) + result[0][1].get('domainAliasName', [])) except Exception, e: return (False, ldaputils.getExceptionDesc(e))
def delete(self, domains=[]): if not isinstance(domains, list): return (False, 'INVALID_DOMAIN_NAME') domains = [str(v).lower() for v in domains if iredutils.is_domain(v) ] if not domains: return (True,) msg = {} for domain in domains: dn = ldaputils.convert_keyword_to_dn(web.safestr(domain), accountType='domain') if dn[0] is False: return dn try: deltree.DelTree(self.conn, dn, ldap.SCOPE_SUBTREE) web.logger(msg="Delete domain: %s." % (domain), domain=domain, event='delete',) except ldap.LDAPError, e: msg[domain] = str(e)
def getDomainCurrentQuotaSizeFromLDAP(self, domain): self.domain = web.safestr(domain).strip().lower() if not iredutils.is_domain(self.domain): return (False, "INVALID_DOMAIN_NAME") self.domainDN = ldaputils.convert_keyword_to_dn(self.domain, accountType="domain") # Initial @domainCurrentQuotaSize self.domainCurrentQuotaSize = 0 try: # Use '(!([email protected]))' to hide catch-all account. self.users = self.conn.search_s( attrs.DN_BETWEEN_USER_AND_DOMAIN + self.domainDN, ldap.SCOPE_SUBTREE, "(&(objectClass=mailUser)(!(mail=@%s)))" % self.domain, attrs.USER_SEARCH_ATTRS, ) # Update @domainCurrentUserNumber self.updateAttrSingleValue(self.domainDN, "domainCurrentUserNumber", len(self.users)) for i in self.users: quota = i[1].get("mailQuota", ["0"])[0] if quota.isdigit(): self.domainCurrentQuotaSize += int(quota) return (True, self.domainCurrentQuotaSize) except ldap.NO_SUCH_OBJECT: # self.conn.add_s( # attrs.DN_BETWEEN_USER_AND_DOMAIN + self.domainDN, # iredldif.ldif_group(attrs.GROUP_USERS), # ) return (False, "NO_SUCH_OBJECT") except ldap.SIZELIMIT_EXCEEDED: return (False, "EXCEEDED_LDAP_SERVER_SIZELIMIT") except Exception, e: return (False, ldaputils.getExceptionDesc(e))
def getDomainDefaultUserQuota( self, domain, domainAccountSetting=None, ): # Return 0 as unlimited. self.domain = web.safestr(domain) self.dn = ldaputils.convert_keyword_to_dn(self.domain, accountType='domain') if self.dn[0] is False: return self.dn if domainAccountSetting is not None: if 'defaultQuota' in domainAccountSetting.keys(): return int(domainAccountSetting['defaultQuota']) else: return 0 else: try: result = self.conn.search_s( self.dn, ldap.SCOPE_BASE, '(domainName=%s)' % self.domain, ['domainName', 'accountSetting'], ) settings = ldaputils.getAccountSettingFromLdapQueryResult( result, key='domainName', ) if 'defaultQuota' in settings[self.domain].keys(): return int(settings[self.domain]['defaultQuota']) else: return 0 except Exception: return 0
def add(self, data): # msg: {key: value} msg = {} self.domain = web.safestr(data.get('domainName', '')).strip().lower() # Check domain name. if not iredutils.is_domain(self.domain): return (False, 'INVALID_DOMAIN_NAME') # Check whether domain name already exist (domainName, domainAliasName). connutils = connUtils.Utils() if connutils.is_domain_exists(self.domain): return (False, 'ALREADY_EXISTS') self.dn = ldaputils.convert_keyword_to_dn(self.domain, accountType='domain') if self.dn[0] is False: return self.dn self.cn = data.get('cn', None) ldif = iredldif.ldif_maildomain( domain=self.domain, cn=self.cn, ) # Add domain dn. try: result = self.conn.add_s(self.dn, ldif) web.logger( msg="Create domain: %s." % (self.domain), domain=self.domain, event='create', ) except ldap.ALREADY_EXISTS: msg[self.domain] = 'ALREADY_EXISTS' except ldap.LDAPError, e: msg[self.domain] = str(e)
def getDomainCurrentQuotaSizeFromLDAP(self, domain): self.domain = web.safestr(domain).strip().lower() if not iredutils.is_domain(self.domain): return (False, 'INVALID_DOMAIN_NAME') self.domainDN = ldaputils.convert_keyword_to_dn(self.domain, accountType='domain') # Initial @domainCurrentQuotaSize self.domainCurrentQuotaSize = 0 try: # Use '(!([email protected]))' to hide catch-all account. self.users = self.conn.search_s( attrs.DN_BETWEEN_USER_AND_DOMAIN + self.domainDN, ldap.SCOPE_SUBTREE, '(&(objectClass=mailUser)(!(mail=@%s)))' % self.domain, attrs.USER_SEARCH_ATTRS, ) # Update @domainCurrentUserNumber self.updateAttrSingleValue(self.domainDN, 'domainCurrentUserNumber', len(self.users)) for i in self.users: quota = i[1].get('mailQuota', ['0'])[0] if quota.isdigit(): self.domainCurrentQuotaSize += int(quota) return (True, self.domainCurrentQuotaSize) except ldap.NO_SUCH_OBJECT: return (False, 'NO_SUCH_OBJECT') except ldap.SIZELIMIT_EXCEEDED: return (False, 'EXCEEDED_LDAP_SERVER_SIZELIMIT') except Exception, e: return (False, ldaputils.getExceptionDesc(e))
else: usage() total = len(users) logger.info('%d users in total.' % total) count = 1 if backend == 'ldap': import ldap from libs.ldaplib.ldaputils import convert_keyword_to_dn conn = get_db_conn('ldap') for (_email, _pw) in users: logger.info('(%d/%d) Updating %s' % (count, total, _email)) dn = convert_keyword_to_dn(_email, accountType='user') pw_hash = generate_password_hash(_pw) mod_attrs = [(ldap.MOD_REPLACE, 'userPassword', [pw_hash])] try: conn.modify_s(dn, mod_attrs) except Exception, e: print '<<< ERROR >>>', e elif backend in ['mysql', 'pgsql']: conn = get_db_conn('vmail') for (_email, _pw) in users: logger.info('(%d/%d) Updating %s' % (count, total, _email)) pw_hash = generate_password_hash(_pw) conn.update('mailbox', password=pw_hash, where="username='******'" % _email)
def delete(self, domains=None, keep_mailbox_days=0): if not domains: return (False, 'INVALID_DOMAIN_NAME') domains = [str(v).lower() for v in domains if iredutils.is_domain(v)] if not domains: return (True, ) msg = {} for domain in domains: dn = ldaputils.convert_keyword_to_dn(web.safestr(domain), accountType='domain') if dn[0] is False: return dn # Log maildir path in SQL table. try: qr = self.conn.search_s(attrs.DN_BETWEEN_USER_AND_DOMAIN + dn, ldap.SCOPE_ONELEVEL, "(objectClass=mailUser)", ['mail', 'homeDirectory']) if keep_mailbox_days == 0: keep_mailbox_days = 36500 # Convert keep days to string _now_in_seconds = time.time() _days_in_seconds = _now_in_seconds + (keep_mailbox_days * 24 * 60 * 60) sql_keep_days = time.strftime( '%Y-%m-%d', time.strptime(time.ctime(_days_in_seconds))) v = [] for obj in qr: deleted_mail = obj[1].get('mail')[0] deleted_maildir = obj[1].get('homeDirectory', [''])[0] v += [{ 'maildir': deleted_maildir, 'username': deleted_mail, 'domain': domain, 'admin': session.get('username'), 'delete_date': sql_keep_days }] if v: web.admindb.multiple_insert('deleted_mailboxes', values=v) except: pass try: connUtils.delete_ldap_tree(dn=dn, conn=self.conn) web.logger( msg="Delete domain: %s." % (domain), domain=domain, event='delete', ) except ldap.LDAPError as e: msg[domain] = str(e) # Delete real-time mailbox quota. try: web.admindb.query( 'DELETE FROM %s WHERE %s' % (settings.SQL_TBL_USED_QUOTA, web.sqlors('username LIKE ', ['%@' + d for d in domains]))) except: pass if msg == {}: return (True, ) else: return (False, ldaputils.getExceptionDesc(msg))
def add(self, domain, data): # Get domain name, username, cn. self.domain = web.safestr(data.get("domainName")).strip().lower() self.username = web.safestr(data.get("username")).strip().lower() self.mail = self.username + "@" + self.domain self.groups = data.get("groups", []) if not iredutils.is_domain(self.domain) or not iredutils.is_email(self.mail): return (False, "MISSING_DOMAIN_OR_USERNAME") # Check account existing. connutils = connUtils.Utils() if connutils.isAccountExists(domain=self.domain, mail=self.mail): return (False, "ALREADY_EXISTS") # Get @domainAccountSetting. domainLib = domainlib.Domain() result_domain_profile = domainLib.profile(domain=self.domain) # Initial parameters. domainAccountSetting = {} self.aliasDomains = [] if result_domain_profile[0] is not True: return (False, result_domain_profile[1]) domainProfile = result_domain_profile[1] domainAccountSetting = ldaputils.getAccountSettingFromLdapQueryResult(domainProfile, key="domainName").get( self.domain, {} ) self.aliasDomains = domainProfile[0][1].get("domainAliasName", []) # Check account number limit. numberOfAccounts = domainAccountSetting.get("numberOfUsers") if numberOfAccounts == "-1": return (False, "NOT_ALLOWED") # Check password. self.newpw = web.safestr(data.get("newpw")) self.confirmpw = web.safestr(data.get("confirmpw")) result = iredutils.verify_new_password( self.newpw, self.confirmpw, min_passwd_length=domainAccountSetting.get("minPasswordLength", "0"), max_passwd_length=domainAccountSetting.get("maxPasswordLength", "0"), ) if result[0] is True: if "storePasswordInPlainText" in data and settings.STORE_PASSWORD_IN_PLAIN_TEXT: self.passwd = iredutils.generate_password_hash(result[1], pwscheme="PLAIN") else: self.passwd = iredutils.generate_password_hash(result[1]) else: return result # Get display name. self.cn = data.get("cn") # Get user quota. Unit is MB. # 0 or empty is not allowed if domain quota is set, set to # @defaultUserQuota or @domainSpareQuotaSize # Initial final mailbox quota. self.quota = 0 # Get mail quota from web form. defaultUserQuota = domainLib.getDomainDefaultUserQuota(self.domain, domainAccountSetting) self.mailQuota = str(data.get("mailQuota")).strip() if self.mailQuota.isdigit(): self.mailQuota = int(self.mailQuota) else: self.mailQuota = defaultUserQuota # 0 means unlimited. domainQuotaSize, domainQuotaUnit = domainAccountSetting.get("domainQuota", "0:GB").split(":") if int(domainQuotaSize) == 0: # Unlimited. self.quota = self.mailQuota else: # Get domain quota, convert to MB. if domainQuotaUnit == "TB": domainQuota = int(domainQuotaSize) * 1024 * 1024 # TB elif domainQuotaUnit == "GB": domainQuota = int(domainQuotaSize) * 1024 # GB else: domainQuota = int(domainQuotaSize) # MB result = connutils.getDomainCurrentQuotaSizeFromLDAP(domain=self.domain) if result[0] is True: domainCurrentQuotaSize = result[1] else: domainCurrentQuotaSize = 0 # Spare quota. domainSpareQuotaSize = domainQuota - domainCurrentQuotaSize / (1024 * 1024) if domainSpareQuotaSize <= 0: return (False, "EXCEEDED_DOMAIN_QUOTA_SIZE") # Get FINAL mailbox quota. if self.mailQuota == 0: self.quota = domainSpareQuotaSize else: if domainSpareQuotaSize > self.mailQuota: self.quota = self.mailQuota else: self.quota = domainSpareQuotaSize # Get default groups. self.groups = [ web.safestr(v) for v in domainAccountSetting.get("defaultList", "").split(",") if iredutils.is_email(v) ] self.defaultStorageBaseDirectory = domainAccountSetting.get("defaultStorageBaseDirectory", None) # Get default mail lists which set in domain accountSetting. ldif = iredldif.ldif_mailuser( domain=self.domain, aliasDomains=self.aliasDomains, username=self.username, cn=self.cn, passwd=self.passwd, quota=self.quota, groups=self.groups, storageBaseDirectory=self.defaultStorageBaseDirectory, ) domain_dn = ldaputils.convert_keyword_to_dn(self.domain, accountType="domain") if domain_dn[0] is False: return domain_dn if attrs.RDN_USER == "mail": self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType="user") if self.dn[0] is False: return self.dn elif attrs.RDN_USER == "cn": self.dn = "cn=" + self.cn + "," + attrs.DN_BETWEEN_USER_AND_DOMAIN + domain_dn elif attrs.RDN_USER == "uid": self.dn = "uid=" + self.username + "," + attrs.DN_BETWEEN_USER_AND_DOMAIN + domain_dn else: return (False, "UNSUPPORTED_USER_RDN") try: self.conn.add_s(ldap.filter.escape_filter_chars(self.dn), ldif) web.logger(msg="Create user: %s." % (self.mail), domain=self.domain, event="create") return (True,) except ldap.ALREADY_EXISTS: return (False, "ALREADY_EXISTS") except Exception, e: return (False, ldaputils.getExceptionDesc(e))
def deleteSingleUser(self, mail, deleteFromGroups=True, keep_mailbox_days=0): self.mail = web.safestr(mail) if not iredutils.is_email(self.mail): return (False, 'INVALID_MAIL') # Get domain name of this account. self.domain = self.mail.split('@')[-1] # Get dn of mail user and domain. self.dnUser = ldaputils.convert_keyword_to_dn(self.mail, accountType='user') if self.dnUser[0] is False: return self.dnUser # Log maildir path in SQL table. try: qr_profile = self.profile(domain=self.domain, mail=self.mail) if qr_profile[0]: user_profile = qr_profile[1][0][1] else: return qr_profile if 'homeDirectory' in user_profile: maildir = user_profile.get('homeDirectory', [''])[0] else: storageBaseDirectory = user_profile.get( 'storageBaseDirectory', [''])[0] mailMessageStore = user_profile.get('mailMessageStore', [''])[0] maildir = os.path.join(storageBaseDirectory, mailMessageStore) if keep_mailbox_days == 0: keep_mailbox_days = 36500 # Convert keep days to string _now_in_seconds = time.time() _days_in_seconds = _now_in_seconds + (keep_mailbox_days * 24 * 60 * 60) sql_keep_days = time.strftime( '%Y-%m-%d', time.strptime(time.ctime(_days_in_seconds))) web.admindb.insert('deleted_mailboxes', maildir=maildir, username=self.mail, domain=self.domain, admin=session.get('username'), delete_date=sql_keep_days) except: pass del maildir # Delete user object. try: # Delete object and its subtree. connUtils.delete_ldap_tree(dn=self.dnUser, conn=self.conn) if deleteFromGroups: self.deleteSingleUserFromGroups(self.mail) # Delete record from SQL database: real-time used quota. try: connUtils.deleteAccountFromUsedQuota([self.mail]) except Exception as e: pass # Log delete action. web.logger(msg="Delete user: %s." % (self.mail), domain=self.domain, event='delete') return (True, ) except ldap.LDAPError as e: return (False, ldaputils.getExceptionDesc(e))
def update(self, profile_type, mail, data): self.profile_type = web.safestr(profile_type) self.mail = web.safestr(mail) self.username, self.domain = self.mail.split('@', 1) if session.get('domainGlobalAdmin') is not True and session.get('username') != self.mail: # Don't allow to view/update other admins' profile. return (False, 'PERMISSION_DENIED') self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType='admin') if self.dn[0] is False: return self.dn mod_attrs = [] if self.profile_type == 'general': # Get preferredLanguage. lang = web.safestr(data.get('preferredLanguage', 'en_US')) mod_attrs += [(ldap.MOD_REPLACE, 'preferredLanguage', lang)] # Get cn. cn = data.get('cn', None) mod_attrs += ldaputils.getSingleModAttr(attr='cn', value=cn, default=self.username) first_name = data.get('first_name', '') mod_attrs += ldaputils.getSingleModAttr(attr='givenName', value=first_name, default=self.username) last_name = data.get('last_name', '') mod_attrs += ldaputils.getSingleModAttr(attr='sn', value=last_name, default=self.username) # Get accountStatus. if 'accountStatus' in list(data.keys()): accountStatus = 'active' else: accountStatus = 'disabled' mod_attrs += [(ldap.MOD_REPLACE, 'accountStatus', accountStatus)] try: # Modify profiles. self.conn.modify_s(self.dn, mod_attrs) if session.get('username') == self.mail and \ session.get('lang', 'en_US') != lang: session['lang'] = lang except ldap.LDAPError as e: return (False, ldaputils.getExceptionDesc(e)) elif self.profile_type == 'password': self.cur_passwd = data.get('oldpw', None) self.newpw = web.safestr(data.get('newpw')) self.confirmpw = web.safestr(data.get('confirmpw')) result = iredutils.verify_new_password(self.newpw, self.confirmpw) if result[0] is True: self.passwd = result[1] else: return result # Change password. if self.cur_passwd is None and session.get('domainGlobalAdmin') is True: # Reset password without verify old password. self.cur_passwd = None else: self.cur_passwd = str(self.cur_passwd) connutils = connUtils.Utils() result = connutils.changePasswd(dn=self.dn, cur_passwd=self.cur_passwd, newpw=self.passwd,) if result[0] is True: return (True,) else: return result return (True,)
class Login: def GET(self): if session.get('logged') is False: i = web.input(_unicode=False) # Show login page. return web.render('login.html', languagemaps=languages.get_language_maps(), webmaster=session.get('webmaster'), msg=i.get('msg')) else: raise web.seeother('/dashboard') def POST(self): # Get username, password. i = web.input(_unicode=False) username = web.safestr(i.get('username', '').strip()).lower() password = i.get('password', '').strip() save_pass = web.safestr(i.get('save_pass', 'no').strip()) if not iredutils.is_email(username): raise web.seeother('/login?msg=INVALID_USERNAME') if not password: raise web.seeother('/login?msg=EMPTY_PASSWORD') # Get LDAP URI. uri = settings.ldap_uri # Verify bind_dn & bind_pw. try: # Detect STARTTLS support. if uri.startswith('ldaps://'): starttls = True else: starttls = False # Set necessary option for STARTTLS. if starttls: ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) # Initialize connection. conn = ldap.initialize(uri) # Set LDAP protocol version: LDAP v3. conn.set_option(ldap.OPT_PROTOCOL_VERSION, ldap.VERSION3) if starttls: conn.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND) # synchronous bind. conn.bind_s(settings.ldap_bind_dn, settings.ldap_bind_password) conn.unbind_s() except (ldap.INVALID_CREDENTIALS): raise web.seeother('/login?msg=vmailadmin_INVALID_CREDENTIALS') except Exception, e: raise web.seeother('/login?msg=%s' % web.safestr(e)) # Check whether it's a mail user dn_user = ldaputils.convert_keyword_to_dn(username, accountType='user') qr_user_auth = auth.Auth(uri=uri, dn=dn_user, password=password) qr_admin_auth = (False, 'INVALID_CREDENTIALS') if not qr_user_auth[0]: # Verify admin account under 'o=domainAdmins'. dn_admin = ldaputils.convert_keyword_to_dn(username, accountType='admin') qr_admin_auth = auth.Auth(uri=uri, dn=dn_admin, password=password) if not qr_admin_auth[0]: session['failed_times'] += 1 web.logger(msg="Login failed.", admin=username, event='login', loglevel='error') raise web.seeother('/login?msg=INVALID_CREDENTIALS') if qr_admin_auth[0] or qr_user_auth[0]: session['username'] = username session['logged'] = True # Read preferred language from LDAP if qr_admin_auth[0] is True: adminLib = adminlib.Admin() adminProfile = adminLib.profile(username, attributes=['preferredLanguage']) if adminProfile[0] is True: dn, entry = adminProfile[1][0] lang = entry.get('preferredLanguage', [settings.default_language])[0] session['lang'] = lang if qr_user_auth[0] is True: session['isMailUser'] = True web.config.session_parameters['cookie_name'] = 'iRedAdmin-Pro' # Session expire when client ip was changed. web.config.session_parameters['ignore_change_ip'] = False # Don't ignore session expiration. web.config.session_parameters['ignore_expiry'] = False if save_pass == 'yes': # Session timeout (in seconds). web.config.session_parameters['timeout'] = 86400 # 24 hours else: # Expire session when browser closed. web.config.session_parameters['timeout'] = 600 # 10 minutes web.logger(msg="Login success", event='login',) # Save selected language selected_language = str(i.get('lang', '')).strip() if selected_language != web.ctx.lang and \ selected_language in languages.get_language_maps(): session['lang'] = selected_language raise web.seeother('/dashboard/checknew') else: session['failed_times'] += 1 web.logger(msg="Login failed.", admin=username, event='login', loglevel='error',) raise web.seeother('/login?msg=%s' % qr_admin_auth[1])
def add(self, domain, data): # Get domain name, username, cn. self.domain = web.safestr(data.get('domainName')).strip().lower() self.username = web.safestr(data.get('username')).strip().lower() self.mail = self.username + '@' + self.domain self.groups = data.get('groups', []) if not iredutils.is_domain(self.domain) or not iredutils.is_email( self.mail): return (False, 'MISSING_DOMAIN_OR_USERNAME') # Check account existing. connutils = connUtils.Utils() if connutils.isAccountExists( domain=self.domain, mail=self.mail, ): return (False, 'ALREADY_EXISTS') # Get @domainAccountSetting. domainLib = domainlib.Domain() result_domain_profile = domainLib.profile(domain=self.domain) # Initial parameters. domainAccountSetting = {} self.aliasDomains = [] if result_domain_profile[0] is not True: return (False, result_domain_profile[1]) domainProfile = result_domain_profile[1] domainAccountSetting = ldaputils.getAccountSettingFromLdapQueryResult( domainProfile, key='domainName').get(self.domain, {}) self.aliasDomains = domainProfile[0][1].get('domainAliasName', []) # Check account number limit. numberOfAccounts = domainAccountSetting.get('numberOfUsers') if numberOfAccounts == '-1': return (False, 'NOT_ALLOWED') # Check password. self.newpw = web.safestr(data.get('newpw')) self.confirmpw = web.safestr(data.get('confirmpw')) result = iredutils.verify_new_password( self.newpw, self.confirmpw, min_passwd_length=domainAccountSetting.get('minPasswordLength', '0'), max_passwd_length=domainAccountSetting.get('maxPasswordLength', '0'), ) if result[0] is True: if 'storePasswordInPlainText' in data and settings.STORE_PASSWORD_IN_PLAIN_TEXT: self.passwd = iredutils.generate_password_hash( result[1], pwscheme='PLAIN') else: self.passwd = iredutils.generate_password_hash(result[1]) else: return result # Get display name. self.cn = data.get('cn') # Get user quota. Unit is MB. # 0 or empty is not allowed if domain quota is set, set to # @defaultUserQuota or @domainSpareQuotaSize # Initial final mailbox quota. self.quota = 0 # Get mail quota from web form. defaultUserQuota = domainLib.getDomainDefaultUserQuota( self.domain, domainAccountSetting) self.mailQuota = str(data.get('mailQuota')).strip() if self.mailQuota.isdigit(): self.mailQuota = int(self.mailQuota) else: self.mailQuota = defaultUserQuota # 0 means unlimited. domainQuotaSize, domainQuotaUnit = domainAccountSetting.get( 'domainQuota', '0:GB').split(':') if int(domainQuotaSize) == 0: # Unlimited. self.quota = self.mailQuota else: # Get domain quota, convert to MB. if domainQuotaUnit == 'TB': domainQuota = int(domainQuotaSize) * 1024 * 1024 # TB elif domainQuotaUnit == 'GB': domainQuota = int(domainQuotaSize) * 1024 # GB else: domainQuota = int(domainQuotaSize) # MB result = connutils.getDomainCurrentQuotaSizeFromLDAP( domain=self.domain) if result[0] is True: domainCurrentQuotaSize = result[1] else: domainCurrentQuotaSize = 0 # Spare quota. domainSpareQuotaSize = domainQuota - domainCurrentQuotaSize / ( 1024 * 1024) if domainSpareQuotaSize <= 0: return (False, 'EXCEEDED_DOMAIN_QUOTA_SIZE') # Get FINAL mailbox quota. if self.mailQuota == 0: self.quota = domainSpareQuotaSize else: if domainSpareQuotaSize > self.mailQuota: self.quota = self.mailQuota else: self.quota = domainSpareQuotaSize # Get default groups. self.groups = [ web.safestr(v) for v in domainAccountSetting.get('defaultList', '').split(',') if iredutils.is_email(v) ] self.defaultStorageBaseDirectory = domainAccountSetting.get( 'defaultStorageBaseDirectory', None) # Get default mail lists which set in domain accountSetting. ldif = iredldif.ldif_mailuser( domain=self.domain, aliasDomains=self.aliasDomains, username=self.username, cn=self.cn, passwd=self.passwd, quota=self.quota, groups=self.groups, storageBaseDirectory=self.defaultStorageBaseDirectory, ) domain_dn = ldaputils.convert_keyword_to_dn(self.domain, accountType='domain') if domain_dn[0] is False: return domain_dn if attrs.RDN_USER == 'mail': self.dn = ldaputils.convert_keyword_to_dn(self.mail, accountType='user') if self.dn[0] is False: return self.dn elif attrs.RDN_USER == 'cn': self.dn = 'cn=' + self.cn + ',' + attrs.DN_BETWEEN_USER_AND_DOMAIN + domain_dn elif attrs.RDN_USER == 'uid': self.dn = 'uid=' + self.username + ',' + attrs.DN_BETWEEN_USER_AND_DOMAIN + domain_dn else: return (False, 'UNSUPPORTED_USER_RDN') try: self.conn.add_s( ldap.filter.escape_filter_chars(self.dn), ldif, ) web.logger( msg="Create user: %s." % (self.mail), domain=self.domain, event='create', ) return (True, ) except ldap.ALREADY_EXISTS: return (False, 'ALREADY_EXISTS') except Exception, e: return (False, ldaputils.getExceptionDesc(e))
def getSizelimitFromAccountLists(self, accountList, sizelimit=50, curPage=1, domain=None, accountType=None,): # Return a dict which contains: # - totalAccounts: number of total accounts # - accountList: list of accounts used to display in current page # - totalPages: number of total pages show be showed in account list page. # - totalQuota: number of domain quota size. Only available when accountType=='user'. # Initial a dict to set default values. result = { 'totalAccounts': 0, # Integer 'accountList': [], # List 'totalPages': 0, # Integer 'totalQuota': 0, # Integer 'currentQuota': {}, # Dict } # Get total accounts. totalAccounts = len(accountList) result['totalAccounts'] = totalAccounts # Get number of actual pages. if totalAccounts % sizelimit == 0: totalPages = totalAccounts / sizelimit else: totalPages = (totalAccounts / sizelimit) + 1 result['totalPages'] = totalPages if curPage >= totalPages: curPage = totalPages # Sort accounts in place. if isinstance(accountList, list): accountList.sort() else: pass # Get total domain mailbox quota. if accountType == 'user': counter = 0 for i in accountList: quota = i[1].get('mailQuota', ['0'])[0] if quota.isdigit(): result['totalQuota'] += int(quota) counter += 1 # Update number of current domain quota size in LDAP (@attrs.ATTR_DOMAIN_CURRENT_QUOTA_SIZE). if domain is not None: # Update number of current domain quota size in LDAP. try: dnDomain = ldaputils.convert_keyword_to_dn(domain, accountType='domain') self.updateAttrSingleValue( dn=dnDomain, attr=attrs.ATTR_DOMAIN_CURRENT_QUOTA_SIZE, value=str(result['totalQuota']), ) except: pass # Get account list used to display in current page. if totalAccounts > sizelimit and totalAccounts < (curPage - 1) * sizelimit: accountList = accountList[-1:-sizelimit] else: accountList = accountList[(curPage - 1) * sizelimit: (curPage - 1) * sizelimit + sizelimit] result['accountList'] = accountList return result