def _import_ldap_users_info(connection, user_info, sync_groups=False, import_by_dn=False): """ Import user_info found through ldap_access.find_users. """ imported_users = [] for ldap_info in user_info: # Extra validation in case import by DN and username has spaces or colons validate_username(ldap_info['username']) user, created = ldap_access.get_or_create_ldap_user(username=ldap_info['username']) profile = get_profile(user) if not created and profile.creation_method == str(UserProfile.CreationMethod.HUE): # This is a Hue user, and shouldn't be overwritten LOG.warn(_('There was a naming conflict while importing user %(username)s') % { 'username': ldap_info['username'] }) return None default_group = get_default_user_group() if created and default_group is not None: user.groups.add(default_group) if 'first' in ldap_info: user.first_name = ldap_info['first'] if 'last' in ldap_info: user.last_name = ldap_info['last'] if 'email' in ldap_info: user.email = ldap_info['email'] profile.creation_method = UserProfile.CreationMethod.EXTERNAL profile.save() user.save() imported_users.append(user) # sync groups if sync_groups and 'groups' in ldap_info: old_groups = set(user.groups.all()) new_groups = set() # Skip if 'memberOf' or 'isMemberOf' are not set for group_dn in ldap_info['groups']: group_ldap_info = connection.find_groups(group_dn, find_by_dn=True, scope=ldap.SCOPE_BASE) for group_info in group_ldap_info: # Add only if user isn't part of group. if not user.groups.filter(name=group_info['name']).exists(): groups = import_ldap_groups(connection, group_info['dn'], import_members=False, import_members_recursive=False, sync_users=False, import_by_dn=True) if groups: new_groups.update(groups) # Remove out of date groups remove_groups = old_groups - new_groups remove_ldap_groups = LdapGroup.objects.filter(group__in=remove_groups) remove_groups_filtered = [ldapgroup.group for ldapgroup in remove_ldap_groups] user.groups.filter(group__in=remove_groups_filtered).delete() user.groups.add(*new_groups) Group.objects.filter(group__in=remove_groups_filtered).delete() remove_ldap_groups.delete() return imported_users
def _import_ldap_users_info(connection, user_info, sync_groups=False, import_by_dn=False): """ Import user_info found through ldap_access.find_users. """ imported_users = [] for ldap_info in user_info: # Extra validation in case import by DN and username has spaces or colons validate_username(ldap_info['username']) user, created = ldap_access.get_or_create_ldap_user(username=ldap_info['username']) profile = get_profile(user) if not created and profile.creation_method == str(UserProfile.CreationMethod.HUE): # This is a Hue user, and shouldn't be overwritten LOG.warn(_('There was a naming conflict while importing user %(username)s') % { 'username': ldap_info['username'] }) return None default_group = get_default_user_group() if created and default_group is not None: user.groups.add(default_group) if 'first' in ldap_info: user.first_name = ldap_info['first'] if 'last' in ldap_info: user.last_name = ldap_info['last'] if 'email' in ldap_info: user.email = ldap_info['email'] profile.creation_method = UserProfile.CreationMethod.EXTERNAL profile.save() user.save() imported_users.append(user) # sync groups if sync_groups and 'groups' in ldap_info: old_groups = set(user.groups.all()) new_groups = set() # Skip if 'memberOf' or 'isMemberOf' are not set for group_dn in ldap_info['groups']: group_ldap_info = connection.find_groups(group_dn, find_by_dn=True, scope=ldap.SCOPE_BASE) for group_info in group_ldap_info: # Add only if user isn't part of group. if not user.groups.filter(name=group_info['name']).exists(): groups = import_ldap_groups(connection, group_info['dn'], import_members=False, import_members_recursive=False, sync_users=False, import_by_dn=True) if groups: new_groups.update(groups) # Remove out of date groups remove_groups = old_groups - new_groups remove_ldap_groups = LdapGroup.objects.filter(group__in=remove_groups) remove_groups_filtered = [ldapgroup.group for ldapgroup in remove_ldap_groups] user.groups.filter(group__in=remove_groups_filtered).delete() user.groups.add(*new_groups) Group.objects.filter(group__in=remove_groups_filtered).delete() remove_ldap_groups.delete() return imported_users
def _import_ldap_users_info(connection, user_info, sync_groups=False, import_by_dn=False, server=None): """ Import user_info found through ldap_access.find_users. """ imported_users = [] for ldap_info in user_info: # Extra validation in case import by DN and username has spaces or colons try: validate_username(ldap_info['username']) user, created = ldap_access.get_or_create_ldap_user( username=ldap_info['username']) profile = get_profile(user) if not created and profile.creation_method == str( UserProfile.CreationMethod.HUE): # This is a Hue user, and shouldn't be overwritten LOG.warn( _('There was a naming conflict while importing user %(username)s' ) % {'username': ldap_info['username']}) return None default_group = get_default_user_group() if created and default_group is not None: user.groups.add(default_group) if 'first' in ldap_info: user.first_name = ldap_info['first'] if 'last' in ldap_info: user.last_name = ldap_info['last'] if 'email' in ldap_info: user.email = ldap_info['email'] profile.creation_method = UserProfile.CreationMethod.EXTERNAL profile.save() user.save() imported_users.append(user) # sync groups if sync_groups: old_groups = set(user.groups.all()) new_groups = set() current_ldap_groups = set() ldap_config = desktop.conf.LDAP.LDAP_SERVERS.get( )[server] if server else desktop.conf.LDAP group_member_attr = ldap_config.GROUPS.GROUP_MEMBER_ATTR.get() group_filter = ldap_config.GROUPS.GROUP_FILTER.get() # Search for groups based on group_member_attr=username and group_member_attr=dn # covers AD, Standard Ldap and posixAcount/posixGroup if not group_filter.startswith('('): group_filter = '(' + group_filter + ')' # Sanitizing the DN before using in a Search filter sanitized_dn = ldap.filter.escape_filter_chars( ldap_info['dn']).replace(r'\2a', r'*') sanitized_dn = sanitized_dn.replace(r'\5c,', r'\5c\2c') find_groups_filter = "(&" + group_filter + "(|(" + group_member_attr + "=" + ldap_info['username'] + ")(" + \ group_member_attr + "=" + sanitized_dn + ")))" group_ldap_info = connection.find_groups( "*", group_filter=find_groups_filter) for group_info in group_ldap_info: if Group.objects.filter(name=group_info['name']).exists(): # Add only if user isn't part of group. current_ldap_groups.add( Group.objects.get(name=group_info['name'])) if not user.groups.filter( name=group_info['name']).exists(): groups = import_ldap_groups( connection, group_info['dn'], import_members=False, import_members_recursive=False, sync_users=True, import_by_dn=True) if groups: new_groups.update(groups) # Remove out of date groups remove_groups = old_groups - current_ldap_groups remove_ldap_groups = LdapGroup.objects.filter( group__in=remove_groups) remove_groups_filtered = [ ldapgroup.group for ldapgroup in remove_ldap_groups ] for group in remove_groups_filtered: user.groups.remove(group) user.groups.add(*new_groups) Group.objects.filter(group__in=remove_groups_filtered).delete() except (AssertionError, RuntimeError) as e: LOG.warn('%s: %s' % (ldap_info['username'], e.message)) return imported_users
def _import_ldap_users_info(connection, user_info, sync_groups=False, import_by_dn=False, server=None, failed_users=None): """ Import user_info found through ldap_access.find_users. """ imported_users = [] for ldap_info in user_info: # Extra validation in case import by DN and username has spaces or colons try: validate_username(ldap_info['username']) user, created = ldap_access.get_or_create_ldap_user(username=ldap_info['username']) profile = get_profile(user) if not created and profile.creation_method == str(UserProfile.CreationMethod.HUE): # This is a Hue user, and shouldn't be overwritten LOG.warn(_('There was a naming conflict while importing user %(username)s') % { 'username': ldap_info['username'] }) return None default_group = get_default_user_group() if created and default_group is not None: user.groups.add(default_group) if 'first' in ldap_info: validate_first_name(ldap_info['first']) user.first_name = ldap_info['first'] if 'last' in ldap_info: validate_last_name(ldap_info['last']) user.last_name = ldap_info['last'] if 'email' in ldap_info: user.email = ldap_info['email'] profile.creation_method = UserProfile.CreationMethod.EXTERNAL profile.save() user.save() imported_users.append(user) # sync groups if sync_groups: old_groups = set(user.groups.all()) new_groups = set() current_ldap_groups = set() ldap_config = desktop.conf.LDAP.LDAP_SERVERS.get()[server] if server else desktop.conf.LDAP group_member_attr = ldap_config.GROUPS.GROUP_MEMBER_ATTR.get() group_filter = ldap_config.GROUPS.GROUP_FILTER.get() # Search for groups based on group_member_attr=username and group_member_attr=dn # covers AD, Standard Ldap and posixAcount/posixGroup if not group_filter.startswith('('): group_filter = '(' + group_filter + ')' # Sanitizing the DN before using in a Search filter sanitized_dn = ldap.filter.escape_filter_chars(ldap_info['dn']).replace(r'\2a', r'*') sanitized_dn = sanitized_dn.replace(r'\5c,', r'\5c\2c') find_groups_filter = "(&" + group_filter + "(|(" + group_member_attr + "=" + ldap_info['username'] + ")(" + \ group_member_attr + "=" + sanitized_dn + ")))" group_ldap_info = connection.find_groups("*", group_filter=find_groups_filter) for group_info in group_ldap_info: if Group.objects.filter(name=group_info['name']).exists(): # Add only if user isn't part of group. current_ldap_groups.add(Group.objects.get(name=group_info['name'])) if not user.groups.filter(name=group_info['name']).exists(): groups = import_ldap_groups(connection, group_info['dn'], import_members=False, import_members_recursive=False, sync_users=True, import_by_dn=True, failed_users=failed_users) if groups: new_groups.update(groups) # Remove out of date groups remove_groups = old_groups - current_ldap_groups remove_ldap_groups = LdapGroup.objects.filter(group__in=remove_groups) remove_groups_filtered = [ldapgroup.group for ldapgroup in remove_ldap_groups] for group in remove_groups_filtered: user.groups.remove(group) user.groups.add(*new_groups) Group.objects.filter(group__in=remove_groups_filtered).delete() except (ValidationError, LdapSearchException) as e: if failed_users is None: failed_users = [] failed_users.append(ldap_info['username']) LOG.warn('Could not import %s: %s' % (ldap_info['username'], e.message)) return imported_users