def sync_ldap_users_groups(request):
"""
Handler for syncing the Hue database with LDAP users and groups.
This will not import any users or groups that don't already exist in Hue. All
user information and group memberships will be updated based on the LDAP
server's current state.
"""
if not request.user.is_superuser:
raise PopupException(
_("You must be a superuser to sync the LDAP users/groups."),
error_code=401)
if request.method == 'POST':
form = SyncLdapUsersGroupsForm(request.POST)
if form.is_valid():
is_ensuring_home_directory = form.cleaned_data[
'ensure_home_directory']
sync_ldap_users_and_groups(is_ensuring_home_directory, request.fs)
return redirect(reverse(list_users))
else:
form = SyncLdapUsersGroupsForm()
return render("sync_ldap_users_groups.mako", request,
dict(path=request.path, form=form))
def sync_ldap_users_groups(request):
"""
Handler for syncing the Hue database with LDAP users and groups.
This will not import any users or groups that don't already exist in Hue. All
user information and group memberships will be updated based on the LDAP
server's current state.
"""
if not request.user.is_superuser:
raise PopupException(_("You must be a superuser to sync the LDAP users/groups."), error_code=401)
if request.method == 'POST':
form = SyncLdapUsersGroupsForm(request.POST)
if form.is_valid():
try:
users = sync_ldap_users()
groups = sync_ldap_groups()
except LDAPError:
LOG.error("LDAP Exception: %s" % e)
raise PopupException(_('There was an error when communicating with LDAP'), detail=str(e))
# Create home dirs for every user sync'd
if form.cleaned_data['ensure_home_directory']:
for user in users:
try:
ensure_home_directory(request.fs, user.username)
except (IOError, WebHdfsException), e:
raise PopupException(_("The import may not be complete, sync again."), detail=e)
return redirect(reverse(list_users))
def sync_ldap_users_groups(request):
"""
Handler for syncing the Hue database with LDAP users and groups.
This will not import any users or groups that don't already exist in Hue. All
user information and group memberships will be updated based on the LDAP
server's current state.
"""
if not request.user.is_superuser:
raise PopupException(
_("You must be a superuser to sync the LDAP users/groups."),
error_code=401)
if request.method == 'POST':
form = SyncLdapUsersGroupsForm(request.POST)
if form.is_valid():
try:
users = sync_ldap_users()
groups = sync_ldap_groups()
except LDAPError:
LOG.error("LDAP Exception: %s" % e)
raise PopupException(
_('There was an error when communicating with LDAP'),
detail=str(e))
# Create home dirs for every user sync'd
if form.cleaned_data['ensure_home_directory']:
for user in users:
try:
ensure_home_directory(request.fs, user.username)
except (IOError, WebHdfsException), e:
raise PopupException(
_("The import may not be complete, sync again."),
detail=e)
return redirect(reverse(list_users))
def sync_ldap_users_groups(request):
"""
Handler for syncing the Hue database with LDAP users and groups.
This will not import any users or groups that don't already exist in Hue. All
user information and group memberships will be updated based on the LDAP
server's current state.
"""
if not request.user.is_superuser:
raise PopupException(_("You must be a superuser to sync the LDAP users/groups."), error_code=401)
if request.method == 'POST':
form = SyncLdapUsersGroupsForm(request.POST)
if form.is_valid():
is_ensuring_home_directory = form.cleaned_data['ensure_home_directory']
server = form.cleaned_data.get('server')
connection = ldap_access.get_connection_from_server(server)
sync_ldap_users_and_groups(connection, is_ensuring_home_directory, request.fs)
return redirect(reverse(list_users))
else:
form = SyncLdapUsersGroupsForm()
return render("sync_ldap_users_groups.mako", request, dict(path=request.path, form=form))
def sync_ldap_users_groups(request):
"""
Handler for syncing the Hue database with LDAP users and groups.
This will not import any users or groups that don't already exist in Hue. All
user information and group memberships will be updated based on the LDAP
server's current state.
"""
if not request.user.is_superuser:
request.audit = {
'operation': 'SYNC_LDAP_USERS_GROUPS',
'operationText': _get_failed_operation_text(request.user.username, 'SYNC_LDAP_USERS_GROUPS'),
'allowed': False
}
raise PopupException(_("You must be a superuser to sync the LDAP users/groups."), error_code=401)
is_embeddable = request.GET.get('is_embeddable', request.POST.get('is_embeddable', False))
if request.method == 'POST':
form = SyncLdapUsersGroupsForm(request.POST)
if form.is_valid():
is_ensuring_home_directory = form.cleaned_data['ensure_home_directory']
server = form.cleaned_data.get('server')
connection = ldap_access.get_connection_from_server(server)
failed_ldap_users = []
sync_ldap_users_and_groups(connection, is_ensuring_home_directory, request.fs,
failed_users=failed_ldap_users)
request.audit = {
'operation': 'SYNC_LDAP_USERS_GROUPS',
'operationText': 'Successfully synced LDAP users/groups'
}
if failed_ldap_users:
unique_users = set(failed_ldap_users)
request.warn(_('Failed to import following users: %s') % ', '.join(unique_users))
if is_embeddable:
return JsonResponse({'url': '/hue' + reverse(list_users)})
else:
return redirect(reverse(list_users))
else:
form = SyncLdapUsersGroupsForm()
if request.method == 'POST' and is_embeddable:
return JsonResponse(
{'status': -1, 'errors': [{'id': f.id_for_label, 'message': f.errors} for f in form if f.errors]})
else:
return render("sync_ldap_users_groups.mako", request, dict(path=request.path, form=form, is_embeddable=is_embeddable))
def sync_ldap_users_groups(request):
"""
Handler for syncing the Hue database with LDAP users and groups.
This will not import any users or groups that don't already exist in Hue. All
user information and group memberships will be updated based on the LDAP
server's current state.
"""
if not request.user.is_superuser:
request.audit = {
'operation': 'SYNC_LDAP_USERS_GROUPS',
'operationText': _get_failed_operation_text(request.user.username, 'SYNC_LDAP_USERS_GROUPS'),
'allowed': False
}
raise PopupException(_("You must be a superuser to sync the LDAP users/groups."), error_code=401)
if request.method == 'POST':
form = SyncLdapUsersGroupsForm(request.POST)
if form.is_valid():
is_ensuring_home_directory = form.cleaned_data['ensure_home_directory']
server = form.cleaned_data.get('server')
connection = ldap_access.get_connection_from_server(server)
failed_ldap_users = []
sync_ldap_users_and_groups(connection, is_ensuring_home_directory, request.fs,
failed_users=failed_ldap_users)
request.audit = {
'operation': 'SYNC_LDAP_USERS_GROUPS',
'operationText': 'Successfully synced LDAP users/groups'
}
if failed_ldap_users:
unique_users = set(failed_ldap_users)
request.warn(_('Failed to import following users: %s') % ', '.join(unique_users))
return redirect(reverse(list_users))
else:
form = SyncLdapUsersGroupsForm()
return render("sync_ldap_users_groups.mako", request, dict(path=request.path, form=form))
raise PopupException(
_('There was an error when communicating with LDAP'),
detail=str(e))
# Create home dirs for every user sync'd
if form.cleaned_data['ensure_home_directory']:
for user in users:
try:
ensure_home_directory(request.fs, user.username)
except (IOError, WebHdfsException), e:
raise PopupException(
_("The import may not be complete, sync again."),
detail=e)
return redirect(reverse(list_users))
else:
form = SyncLdapUsersGroupsForm()
return render("sync_ldap_users_groups.mako", request,
dict(path=request.path, form=form))
def ensure_home_directory(fs, username):
"""
Adds a users home directory if it doesn't already exist.
Throws IOError, WebHdfsException.
"""
home_dir = '/user/%s' % username
fs.do_as_user(username, fs.create_home_dir, home_dir)
