예제 #1
0
 def form(self):
     # make configuration data available on form context
     self.props = ILDAPProps(self.plugin)
     self.users = ILDAPUsersConfig(self.plugin)
     self.groups = ILDAPGroupsConfig(self.plugin)
     # prepare users data on form context
     self.users_attrmap = odict()
     for key in self.static_attrs_users:
         self.users_attrmap[key] = self.users.attrmap.get(key)
     self.users_propsheet_attrmap = odict()
     for key, value in self.users.attrmap.items():
         if key in self.static_attrs_users:
             continue
         self.users_propsheet_attrmap[key] = value
     # prepare groups data on form context
     self.groups_attrmap = odict()
     for key in self.static_attrs_groups:
         self.groups_attrmap[key] = self.groups.attrmap.get(key)
     self.groups_propsheet_attrmap = odict()
     for key, value in self.groups.attrmap.items():
         if key in self.static_attrs_groups:
             continue
         self.groups_propsheet_attrmap[key] = value
     # handle form
     form = parse_from_YAML('pas.plugins.ldap:properties.yaml', self, _)
     controller = Controller(form, self.request)
     if not controller.next:
         return controller.rendered
     self.request.RESPONSE.redirect(controller.next)
     return u''
예제 #2
0
    def __init__(self, principal, plugin):
        """Instanciate LDAPUserPropertySheet.

        @param principal: user id or group id
        @param plugin: LDAPPlugin instance
        """
        # do not set any non-pickable attribute here, i.e. acquisition wrapped
        self._plugin = aq_base(plugin)
        self._properties = dict()
        self._attrmap = dict()
        self._ldapprincipal_id = principal.getId()
        if self._ldapprincipal_id in plugin.users:
            pcfg = ILDAPUsersConfig(plugin)
            self._ldapprincipal_type = 'users'
        else:
            pcfg = ILDAPGroupsConfig(plugin)
            self._ldapprincipal_type = 'groups'
        for k, v in pcfg.attrmap.items():
            if k in ['rdn', 'id']:
                # XXX: maybe 'login' should be editable if existent ??
                continue
            self._attrmap[k] = v
        ldapprincipal = self._get_ldap_principal()
        request = getRequest()
        # XXX: tmp - load props each time they are accessed.
        if not request or not request.get('_ldap_props_reloaded'):
            ldapprincipal.attrs.context.load()
            if request:
                request['_ldap_props_reloaded'] = 1
        for key in self._attrmap:
            self._properties[key] = ldapprincipal.attrs.get(key, '')
        UserPropertySheet.__init__(self,
                                   principal.getId(),
                                   schema=None,
                                   **self._properties)
예제 #3
0
 def connection_test(self):
     props = ILDAPProps(self.plugin)
     users = ILDAPUsersConfig(self.plugin)
     groups = ILDAPGroupsConfig(self.plugin)
     ugm = Ugm('test', props=props, ucfg=users, gcfg=groups)
     try:
         ugm.users.iterkeys().next()
     except ldap.SERVER_DOWN, e:
         return False, _("Server Down")
예제 #4
0
 def _ugm(self):
     plugin_cache = get_plugin_cache(self)
     ugm = plugin_cache.get()
     if ugm is not VALUE_NOT_CACHED:
         return ugm
     ucfg = ILDAPUsersConfig(self)
     gcfg = ILDAPGroupsConfig(self)
     ugm = Ugm(props=self._ldap_props, ucfg=ucfg, gcfg=gcfg, rcfg=None)
     plugin_cache.set(ugm)
     return ugm
예제 #5
0
 def save(self, widget, data):
     props =  ILDAPProps(self.plugin)
     users =  ILDAPUsersConfig(self.plugin)
     groups = ILDAPGroupsConfig(self.plugin)
     def fetch(name):
         name = 'ldapsettings.%s' % name
         __traceback_info__ = name
         return data.fetch(name).extracted
     props.uri = fetch('server.uri')
     props.user = fetch('server.user')
     password = fetch('server.password')
     if password is not UNSET:
         props.password = password
     # XXX: later
     #props.start_tls = fetch('server.start_tls')
     #props.tls_cacertfile = fetch('server.tls_cacertfile')
     #props.tls_cacertdir = fetch('server.tls_cacertdir')
     #props.tls_clcertfile = fetch('server.tls_clcertfile')
     #props.tls_clkeyfile = fetch('server.tls_clkeyfile')
     #props.retry_max = fetch(at('server.retry_max')
     #props.retry_delay = fetch('server.retry_delay')
     props.cache = fetch('cache.cache')
     props.memcached = fetch('cache.memcached')
     props.timeout = fetch('cache.timeout')
     users.baseDN = fetch('users.dn')
     map = odict()
     map.update(fetch('users.aliases_attrmap'))
     users_propsheet_attrmap = fetch('users.propsheet_attrmap')
     if users_propsheet_attrmap is not UNSET:
         map.update(users_propsheet_attrmap)
     users.attrmap = map
     users.scope = fetch('users.scope')
     users.queryFilter = fetch('users.query')
     objectClasses = fetch('users.object_classes')
     objectClasses = \
         [v.strip() for v in objectClasses.split(',') if v.strip()]
     users.objectClasses = objectClasses
     groups = self.groups
     groups.baseDN = fetch('groups.dn')
     map = odict()
     map.update(fetch('groups.aliases_attrmap'))
     groups_propsheet_attrmap = fetch('groups.propsheet_attrmap')
     if groups_propsheet_attrmap is not UNSET:
         map.update(groups_propsheet_attrmap)
     groups.attrmap = map
     groups.scope = fetch('groups.scope')
     groups.queryFilter = fetch('groups.query')
     objectClasses = fetch('groups.object_classes')
     objectClasses = \
         [v.strip() for v in objectClasses.split(',') if v.strip()]
     groups.objectClasses = objectClasses
예제 #6
0
 def connection_test(self):
     try:
         props = ILDAPProps(self.plugin)
     except Exception as e:
         msg = _("Non-LDAP error while getting ILDAPProps!")
         logger.exception(msg)
         return False, msg + str(e)
     try:
         users = ILDAPUsersConfig(self.plugin)
     except Exception as e:
         msg = _("Non-LDAP error while getting ILDAPUsersConfig!")
         logger.exception(msg)
         return False, msg + str(e)
     try:
         groups = ILDAPGroupsConfig(self.plugin)
     except Exception as e:
         msg = _("Non-LDAP error while getting ILDAPGroupsConfig!")
         logger.exception(msg)
         return False, msg + str(e)
     try:
         ugm = Ugm("test", props=props, ucfg=users, gcfg=groups)
         ugm.users
     except ldap.SERVER_DOWN:
         return False, _("Server Down")
     except ldap.LDAPError as e:
         return False, _("LDAP users; ") + str(e)
     except Exception as e:
         logger.exception("Non-LDAP error while connection test!")
         return False, _("Exception in Users; ") + str(e)
     try:
         ugm.groups
     except ldap.LDAPError as e:
         return False, _(
             "LDAP Users ok, but groups not; ") + e.message["desc"]
     except Exception as e:
         logger.exception("Non-LDAP error while connection test!")
         return False, _("Exception in Groups; ") + str(e)
     return True, "Connection, users- and groups-access tested successfully."
예제 #7
0
 def node_attributes(self):
     dn = self.request["dn"]
     base = self.request["base"]
     if base == "users":
         users = ILDAPUsersConfig(self.plugin)
         baseDN = users.baseDN
     else:
         groups = ILDAPGroupsConfig(self.plugin)
         baseDN = groups.baseDN
     root = LDAPNode(baseDN, self.props)
     node = root.node_by_dn(safe_unicode(dn), strict=True)
     ret = dict()
     for key, val in node.attrs.items():
         try:
             if not node.attrs.is_binary(key):
                 ret[safe_unicode(key)] = safe_unicode(val)
             else:
                 ret[safe_unicode(
                     key)] = "(Binary Data with {0} Bytes)".format(len(val))
         except UnicodeDecodeError:
             ret[safe_encode(key)] = "! (UnicodeDecodeError)"
         except Exception:
             ret[safe_encode(key)] = "! (Unknown Exception)"
     return json.dumps(ret)
예제 #8
0
 def form(self):
     # make configuration data available on form context
     try:
         self.props = ILDAPProps(self.plugin)
         self.users = ILDAPUsersConfig(self.plugin)
         self.groups = ILDAPGroupsConfig(self.plugin)
     except Exception:
         msg = "Problems getting the configuration adapters, re-initialize!"
         logger.exception(msg)
         self.plugin.init_settings()
     self.anonymous = not self.props.user
     # prepare users data on form context
     self.users_attrmap = odict()
     for key in self.static_attrs_users:
         self.users_attrmap[key] = self.users.attrmap.get(key)
     self.users_propsheet_attrmap = odict()
     for key, value in self.users.attrmap.items():
         if key in self.static_attrs_users:
             continue
         self.users_propsheet_attrmap[key] = value
     # prepare groups data on form context
     self.groups_attrmap = odict()
     for key in self.static_attrs_groups:
         self.groups_attrmap[key] = self.groups.attrmap.get(key)
     self.groups_propsheet_attrmap = odict()
     for key, value in self.groups.attrmap.items():
         if key in self.static_attrs_groups:
             continue
         self.groups_propsheet_attrmap[key] = value
     # handle form
     form = parse_from_YAML("pas.plugins.ldap:properties.yaml", self, _)
     controller = Controller(form, self.request)
     if not controller.next:
         return controller.rendered
     self.request.RESPONSE.redirect(controller.next)
     return u""
예제 #9
0
 def node_attributes(self):
     rdn = self.request['rdn']
     base = self.request['base']
     if base == 'users':
         users = ILDAPUsersConfig(self.plugin)
         baseDN = users.baseDN
     else:
         groups = ILDAPGroupsConfig(self.plugin)
         baseDN = groups.baseDN
     root = LDAPNode(baseDN, self.props)
     node = root[rdn]
     ret = dict()
     for key, val in node.attrs.items():
         try:
             if not node.attrs.is_binary(key):
                 ret[safe_encode(key)] = safe_encode(val)
             else:
                 ret[safe_encode(key)] = \
                     '(Binary Data with {0} Bytes)'.format(len(val))
         except UnicodeDecodeError:
             ret[safe_encode(key)] = '! (UnicodeDecodeError)'
         except Exception:
             ret[safe_encode(key)] = '! (Unknown Exception)'
     return json.dumps(ret)
예제 #10
0
 def users_children(self):
     users = ILDAPUsersConfig(self.plugin)
     return self.children(users.baseDN)
예제 #11
0
    def save(self, widget, data):
        props = ILDAPProps(self.plugin)
        users = ILDAPUsersConfig(self.plugin)
        groups = ILDAPGroupsConfig(self.plugin)

        def fetch(name, default=UNSET):
            name = 'ldapsettings.%s' % name
            __traceback_info__ = name
            val = data.fetch(name).extracted
            if default is UNSET:
                return val
            if val is UNSET:
                return default
            return val

        props.uri = fetch('server.uri')
        props.user = fetch('server.user')
        password = fetch('server.password')
        if password is not UNSET:
            props.password = password
        props.ignore_cert = fetch('server.ignore_cert')
        # TODO: later
        # props.start_tls = fetch('server.start_tls')
        # props.tls_cacertfile = fetch('server.tls_cacertfile')
        # props.tls_cacertdir = fetch('server.tls_cacertdir')
        # props.tls_clcertfile = fetch('server.tls_clcertfile')
        # props.tls_clkeyfile = fetch('server.tls_clkeyfile')
        # props.retry_max = fetch(at('server.retry_max')
        # props.retry_delay = fetch('server.retry_delay')
        props.page_size = fetch('server.page_size')
        props.cache = fetch('cache.cache')
        props.memcached = fetch('cache.memcached')
        props.timeout = fetch('cache.timeout')
        users.baseDN = fetch('users.dn')
        attrmap = odict()
        attrmap.update(fetch('users.aliases_attrmap'))
        users_propsheet_attrmap = fetch('users.propsheet_attrmap')
        if users_propsheet_attrmap is not UNSET:
            attrmap.update(users_propsheet_attrmap)
        users.attrmap = attrmap
        users.scope = fetch('users.scope')
        if users.scope is not UNSET:
            users.scope = int(users.scope.strip('"'))
        users.queryFilter = fetch('users.query')
        objectClasses = fetch('users.object_classes')
        users.objectClasses = objectClasses
        users.memberOfSupport = fetch('users.memberOfSupport')
        users.account_expiration = fetch('users.account_expiration')
        users._expiresAttr = fetch('users.expires_attr')
        users._expiresUnit = int(fetch('users.expires_unit', 0))
        groups.baseDN = fetch('groups.dn')
        attrmap = odict()
        attrmap.update(fetch('groups.aliases_attrmap'))
        groups_propsheet_attrmap = fetch('groups.propsheet_attrmap')
        if groups_propsheet_attrmap is not UNSET:
            attrmap.update(groups_propsheet_attrmap)
        groups.attrmap = attrmap
        groups.scope = fetch('groups.scope')
        if groups.scope is not UNSET:
            groups.scope = int(groups.scope.strip('"'))
        groups.queryFilter = fetch('groups.query')
        objectClasses = fetch('groups.object_classes')
        groups.objectClasses = objectClasses
        groups.memberOfSupport = fetch('groups.memberOfSupport')
예제 #12
0
    def save(self, widget, data):
        props = ILDAPProps(self.plugin)
        users = ILDAPUsersConfig(self.plugin)
        groups = ILDAPGroupsConfig(self.plugin)

        def fetch(name, default=UNSET):
            name = "ldapsettings.%s" % name
            __traceback_info__ = name
            val = data.fetch(name).extracted
            if default is UNSET:
                return val
            if val is UNSET:
                return default
            return val

        props.uri = fetch("server.uri")
        if not fetch("server.anonymous"):
            props.user = fetch("server.user")
            password = fetch("server.password")
            if password is not UNSET:
                props.password = password
        else:
            props.user = ""
            props.password = ""
        props.ignore_cert = fetch("server.ignore_cert")
        # TODO: later
        # props.start_tls = fetch('server.start_tls')
        # props.tls_cacertfile = fetch('server.tls_cacertfile')
        # props.tls_cacertdir = fetch('server.tls_cacertdir')
        # props.tls_clcertfile = fetch('server.tls_clcertfile')
        # props.tls_clkeyfile = fetch('server.tls_clkeyfile')
        # props.retry_max = fetch(at('server.retry_max')
        # props.retry_delay = fetch('server.retry_delay')
        props.page_size = fetch("server.page_size")
        props.cache = fetch("cache.cache")
        props.memcached = fetch("cache.memcached")
        props.timeout = fetch("cache.timeout")
        users.baseDN = fetch("users.dn")
        # build attrmap from static keys and dynamic keys inputs
        users.attrmap = odict()
        users.attrmap.update(fetch("users.aliases_attrmap"))
        users_propsheet_attrmap = fetch("users.propsheet_attrmap")
        if users_propsheet_attrmap is not UNSET:
            users.attrmap.update(users_propsheet_attrmap)
        # we expect to always have the id key mapped under the same name in the
        # propertysheet. this would be set implicit on LDAPPrincipal init, but
        # to avoid a write on read, we do it here.
        if users.attrmap["id"] not in users.attrmap:
            users.attrmap[users.attrmap["id"]] = users.attrmap["id"]
        users.scope = fetch("users.scope")
        if users.scope is not UNSET:
            users.scope = int(users.scope.strip('"'))
        users.queryFilter = fetch("users.query")
        objectClasses = fetch("users.object_classes")
        users.objectClasses = objectClasses
        users.memberOfSupport = fetch("users.memberOfSupport")
        users.recursiveGroups = fetch("users.recursiveGroups")
        users.memberOfExternalGroupDNs = fetch("users.memberOfExternalGroupDNs")
        users.account_expiration = fetch("users.account_expiration")
        users._expiresAttr = fetch("users.expires_attr")
        users._expiresUnit = int(fetch("users.expires_unit", 0))
        groups.baseDN = fetch("groups.dn")
        groups.attrmap = odict()
        groups.attrmap.update(fetch("groups.aliases_attrmap"))
        groups_propsheet_attrmap = fetch("groups.propsheet_attrmap")
        if groups_propsheet_attrmap is not UNSET:
            groups.attrmap.update(groups_propsheet_attrmap)
        groups.scope = fetch("groups.scope")
        if groups.scope is not UNSET:
            groups.scope = int(groups.scope.strip('"'))
        groups.queryFilter = fetch("groups.query")
        objectClasses = fetch("groups.object_classes")
        groups.objectClasses = objectClasses
        groups.memberOfSupport = fetch("groups.memberOfSupport")
        groups.recursiveGroups = False
        groups.memberOfExternalGroupDNs = []
예제 #13
0
    def save(self, widget, data):
        props = ILDAPProps(self.plugin)
        users = ILDAPUsersConfig(self.plugin)
        groups = ILDAPGroupsConfig(self.plugin)

        def fetch(name, default=UNSET):
            name = 'ldapsettings.%s' % name
            __traceback_info__ = name
            val = data.fetch(name).extracted
            if default is UNSET:
                return val
            if val is UNSET:
                return default
            return val

        props.uri = fetch('server.uri')
        props.user = fetch('server.user')
        password = fetch('server.password')
        if password is not UNSET:
            props.password = password
        props.ignore_cert = fetch('server.ignore_cert')
        # TODO: later
        # props.start_tls = fetch('server.start_tls')
        # props.tls_cacertfile = fetch('server.tls_cacertfile')
        # props.tls_cacertdir = fetch('server.tls_cacertdir')
        # props.tls_clcertfile = fetch('server.tls_clcertfile')
        # props.tls_clkeyfile = fetch('server.tls_clkeyfile')
        # props.retry_max = fetch(at('server.retry_max')
        # props.retry_delay = fetch('server.retry_delay')
        props.page_size = fetch('server.page_size')
        props.cache = fetch('cache.cache')
        props.memcached = fetch('cache.memcached')
        props.timeout = fetch('cache.timeout')
        users.baseDN = fetch('users.dn')
        attrmap = odict()
        attrmap.update(fetch('users.aliases_attrmap'))
        users_propsheet_attrmap = fetch('users.propsheet_attrmap')
        if users_propsheet_attrmap is not UNSET:
            attrmap.update(users_propsheet_attrmap)
        users.attrmap = attrmap
        users.scope = fetch('users.scope')
        if users.scope is not UNSET:
            users.scope = int(users.scope.strip('"'))
        users.queryFilter = fetch('users.query')
        objectClasses = fetch('users.object_classes')
        users.objectClasses = objectClasses
        users.memberOfSupport = fetch('users.memberOfSupport')
        users.account_expiration = fetch('users.account_expiration')
        users._expiresAttr = fetch('users.expires_attr')
        users._expiresUnit = int(fetch('users.expires_unit', 0))
        groups.baseDN = fetch('groups.dn')
        attrmap = odict()
        attrmap.update(fetch('groups.aliases_attrmap'))
        groups_propsheet_attrmap = fetch('groups.propsheet_attrmap')
        if groups_propsheet_attrmap is not UNSET:
            attrmap.update(groups_propsheet_attrmap)
        groups.attrmap = attrmap
        groups.scope = fetch('groups.scope')
        if groups.scope is not UNSET:
            groups.scope = int(groups.scope.strip('"'))
        groups.queryFilter = fetch('groups.query')
        objectClasses = fetch('groups.object_classes')
        groups.objectClasses = objectClasses
        groups.memberOfSupport = fetch('groups.memberOfSupport')
예제 #14
0
    def save(self, widget, data):
        props = ILDAPProps(self.plugin)
        users = ILDAPUsersConfig(self.plugin)
        groups = ILDAPGroupsConfig(self.plugin)

        def fetch(name, default=UNSET):
            name = "ldapsettings.%s" % name
            __traceback_info__ = name
            val = data.fetch(name).extracted
            if default is UNSET:
                return val
            if val is UNSET:
                return default
            return val

        props.uri = fetch("server.uri")
        if not fetch("server.anonymous"):
            props.user = fetch("server.user")
            password = fetch("server.password")
            if password is not UNSET:
                props.password = password
        else:
            props.user = ""
            props.password = ""
        props.ignore_cert = fetch("server.ignore_cert")
        # TODO: later
        # props.start_tls = fetch('server.start_tls')
        # props.tls_cacertfile = fetch('server.tls_cacertfile')
        # props.tls_cacertdir = fetch('server.tls_cacertdir')
        # props.tls_clcertfile = fetch('server.tls_clcertfile')
        # props.tls_clkeyfile = fetch('server.tls_clkeyfile')
        # props.retry_max = fetch(at('server.retry_max')
        # props.retry_delay = fetch('server.retry_delay')
        props.page_size = fetch("server.page_size")
        props.cache = fetch("cache.cache")
        props.memcached = fetch("cache.memcached")
        props.timeout = fetch("cache.timeout")
        users.baseDN = fetch("users.dn")
        # build attrmap from static keys and dynamic keys inputs
        users.attrmap = odict()
        users.attrmap.update(fetch("users.aliases_attrmap"))
        users_propsheet_attrmap = fetch("users.propsheet_attrmap")
        if users_propsheet_attrmap is not UNSET:
            users.attrmap.update(users_propsheet_attrmap)
        # we expect to always have the id key mapped under the same name in the
        # propertysheet. this would be set implicit on LDAPPrincipal init, but
        # to avoid a write on read, we do it here.
        if users.attrmap['id'] not in users.attrmap:
            users.attrmap[users.attrmap['id']] = users.attrmap['id']
        users.scope = fetch("users.scope")
        if users.scope is not UNSET:
            users.scope = int(users.scope.strip('"'))
        users.queryFilter = fetch("users.query")
        objectClasses = fetch("users.object_classes")
        users.objectClasses = objectClasses
        users.memberOfSupport = fetch("users.memberOfSupport")
        users.account_expiration = fetch("users.account_expiration")
        users._expiresAttr = fetch("users.expires_attr")
        users._expiresUnit = int(fetch("users.expires_unit", 0))
        groups.baseDN = fetch("groups.dn")
        groups.attrmap = odict()
        groups.attrmap.update(fetch("groups.aliases_attrmap"))
        groups_propsheet_attrmap = fetch("groups.propsheet_attrmap")
        if groups_propsheet_attrmap is not UNSET:
            groups.attrmap.update(groups_propsheet_attrmap)
        groups.scope = fetch("groups.scope")
        if groups.scope is not UNSET:
            groups.scope = int(groups.scope.strip('"'))
        groups.queryFilter = fetch("groups.query")
        objectClasses = fetch("groups.object_classes")
        groups.objectClasses = objectClasses
        groups.memberOfSupport = fetch("groups.memberOfSupport")
        users.attrmap