def update_clients_entries(self):
jca_client_id = self.manager.config.get("jca_client_id")
id_ = doc_id_from_dn(f"inum={jca_client_id},ou=clients,o=jans")
kwargs = {"table_name": "jansClnt"}
entry = self.get_entry(id_, **kwargs)
if not entry:
return
should_update = False
# modify redirect UI of config-api client
hostname = self.manager.config.get("hostname")
if f"https://{hostname}/admin" not in entry.attrs["jansRedirectURI"]:
entry.attrs["jansRedirectURI"].append(f"https://{hostname}/admin")
should_update = True
# add jans_stat, SCIM users.read, SCIM users.write scopes to config-api client
for scope in (self.jans_scim_scopes + self.jans_stat_scopes):
if scope not in entry.attrs["jansScope"]:
entry.attrs["jansScope"].append(scope)
should_update = True
if should_update:
self.modify_entry(id_, entry.attrs, **kwargs)
def data_from_ldif(self, filename):
with open(filename, "rb") as fd:
parser = LDIFParser(fd)
for dn, entry in parser.parse():
doc_id = doc_id_from_dn(dn)
oc = entry.get("objectClass") or entry.get("objectclass")
if oc:
if "top" in oc:
oc.remove("top")
if len(oc) == 1 and oc[0].lower() in ("organizationalunit",
"organization"):
continue
table_name = oc[-1]
if "objectClass" in entry:
entry.pop("objectClass")
elif "objectclass" in entry:
entry.pop("objectclass")
attr_mapping = OrderedDict({
"doc_id": doc_id,
"objectClass": table_name,
"dn": dn,
})
for attr in entry:
value = self.transform_value(attr, entry[attr])
attr_mapping[attr] = value
yield table_name, attr_mapping
def update_base_entries(self):
# add jansManagerGrp to base entry
id_ = doc_id_from_dn(JANS_BASE_ID)
kwargs = {"table_name": "jansOrganization"}
entry = self.get_entry(id_, **kwargs)
if not entry:
return
if not entry.attrs.get("jansManagerGrp"):
entry.attrs["jansManagerGrp"] = JANS_MANAGER_GROUP
self.modify_entry(id_, entry.attrs, **kwargs)
def update_scim_scopes_entries(self):
# add jansAttrs to SCIM users.read and users.write scopes
ids = [doc_id_from_dn(scope) for scope in self.jans_scim_scopes]
kwargs = {"table_name": "jansScope"}
for id_ in ids:
entry = self.get_entry(id_, **kwargs)
if not entry:
continue
if "jansAttrs" not in entry.attrs:
entry.attrs["jansAttrs"] = self.jans_attrs
self.modify_entry(id_, entry.attrs, **kwargs)
def update_scopes_entries(self):
# add jansAdminUIRole claim to profile scope
id_ = doc_id_from_dn(self.jans_admin_ui_role_id)
kwargs = {"table_name": "jansScope"}
entry = self.get_entry(id_, **kwargs)
if not entry:
return
if self.jans_admin_ui_claim not in entry.attrs["jansClaim"]:
entry.attrs["jansClaim"].append(self.jans_admin_ui_claim)
self.modify_entry(id_, entry.attrs, **kwargs)
def update_people_entries(self):
# add jansAdminUIRole to default admin user
admin_inum = self.manager.config.get("admin_inum")
id_ = doc_id_from_dn(f"inum={admin_inum},ou=people,o=jans")
kwargs = {"table_name": "jansPerson"}
entry = self.get_entry(id_, **kwargs)
if not entry:
return
# sql entry may have empty jansAdminUIRole hash ({"v": []})
if not entry.attrs["jansAdminUIRole"]:
entry.attrs["jansAdminUIRole"] = ["api-admin"]
self.modify_entry(id_, entry.attrs, **kwargs)