def nonlocal_ldap_user_auth_and_sync(uid, password):
sqlalchemy_session = db.session
print 'Call nonlocal_ldap_user_auth_and_sync'
auth_success = False
ldap_search_result = get_ldap_objects()
if ldap_search_result != None:
user_found = False
for distinguished_name, object_description in ldap_search_result:
ldap_user_description = object_description
if ldap_user_description != None:
ldap_user_uid_list = ldap_user_description.get('uid')
ldap_user_cn_list = ldap_user_description.get('cn')
ldap_user_given_name_list = ldap_user_description.get('givenName')
ldap_user_surname_list = ldap_user_description.get('sn')
ldap_user_mail_list = ldap_user_description.get('mail')
ldap_user_password_list = ldap_user_description.get('sambaNTPassword')
if ldap_user_cn_list != None and ldap_user_uid_list != None and ldap_user_given_name_list != None and ldap_user_surname_list != None and ldap_user_mail_list != None:
ldap_user_cn = ldap_user_cn_list[0]
ldap_user_uid = ldap_user_uid_list[0]
ldap_user_given_name = ldap_user_given_name_list[0]
ldap_user_surname = ldap_user_surname_list[0]
ldap_user_mail = ldap_user_mail_list[0]
ldap_user_password = ldap_user_password_list[0]
if ldap_user_uid == uid and ldap_auth(ldap_user_password, password):
print 'User found'
auth_success = True
sqlalchemy_session.add(User(common_name=ldap_user_cn, uid=ldap_user_uid, given_name=ldap_user_given_name, surname=ldap_user_surname, mail=ldap_user_mail, role=CUSTOMER, auth_type=LDAP, password=hashlib.new( 'md4', password.encode('utf-16le')).digest().encode('hex').upper()))
sqlalchemy_session.commit()
break
else:
# Wrong LDAP user record. Is this real case?
pass
return auth_success
def ldap_sync():
sqlalchemy_session = db.session
result_message = 'Sync done'
ldap_search_result = get_ldap_objects()
if ldap_search_result != None:
new_users = []
users_to_delete = []
exists_users = []
ldap_users_dict = dict()
ldap_users_dict_by_uid = dict()
for distinguished_name, object_description in ldap_search_result:
ldap_user_description = object_description
if ldap_user_description != None:
ldap_user_uid_list = ldap_user_description.get('uid')
ldap_user_cn_list = ldap_user_description.get('cn')
ldap_user_given_name_list = ldap_user_description.get('givenName')
ldap_user_surname_list = ldap_user_description.get('sn')
ldap_user_mail_list = ldap_user_description.get('mail')
ldap_user_password_list = ldap_user_description.get('sambaNTPassword')
if ldap_user_cn_list != None and ldap_user_uid_list != None and ldap_user_given_name_list != None and ldap_user_surname_list != None and ldap_user_mail_list != None:
ldap_user_cn = ldap_user_cn_list[0]
ldap_user_uid = ldap_user_uid_list[0]
ldap_user_given_name = ldap_user_given_name_list[0]
ldap_user_surname = ldap_user_surname_list[0]
ldap_user_mail = ldap_user_mail_list[0]
ldap_user_password = ldap_user_password_list[0]
ldap_users_dict[ldap_user_cn] = {'ldap_user_uid' : ldap_user_uid, 'ldap_user_given_name' : ldap_user_given_name, 'ldap_user_surname' : ldap_user_surname, 'ldap_user_mail' : ldap_user_mail, 'ldap_user_password' : ldap_user_password }
ldap_users_dict_by_uid[ldap_user_uid] = {'ldap_user_cn' : ldap_user_cn, 'ldap_user_given_name' : ldap_user_given_name, 'ldap_user_surname' : ldap_user_surname, 'ldap_user_mail' : ldap_user_mail, 'ldap_user_password' : ldap_user_password }
all_ldap_auth_local_users = User.query.filter_by(auth_type=LDAP).all()
ldap_auth_local_users_dict = {user.common_name : user for user in all_ldap_auth_local_users}
local_users_cn_set = set(ldap_auth_local_users_dict.keys())
ldap_users_cn_set = set(ldap_users_dict.keys())
cn_to_delete_set = local_users_cn_set.difference(ldap_users_cn_set)
cn_to_add_set = ldap_users_cn_set.difference(local_users_cn_set)
for cn_to_delete in list(cn_to_delete_set):
sqlalchemy_session.delete(ldap_auth_local_users_dict[cn_to_delete])
all_local_auth_users = User.query.filter_by(auth_type=LOCAL).all()
local_auth_users_dict = {user.uid : user for user in all_local_auth_users}
local_users_uid_set = set(local_auth_users_dict.keys())
ldap_users_uid_set = set(ldap_users_dict_by_uid.keys())
local_uids_to_delete_set = local_users_uid_set.intersection(ldap_users_uid_set)
for uid_to_delete in list(local_uids_to_delete_set):
sqlalchemy_session.delete(local_auth_users_dict[uid_to_delete])
sqlalchemy_session.commit()
for cn_to_add in list(cn_to_add_set):
ldap_user = ldap_users_dict[cn_to_add]
sqlalchemy_session.add(User(common_name=cn_to_add, uid=ldap_user['ldap_user_uid'], given_name=ldap_user['ldap_user_given_name'], surname=ldap_user['ldap_user_surname'], mail=ldap_user['ldap_user_mail'], role=CUSTOMER, auth_type=LDAP, password=ldap_user['ldap_user_password']))
sqlalchemy_session.commit()
return result_message
