def node_attributes(self):
dn = self.request["dn"]
base = self.request["base"]
if base == "users":
users = ILDAPUsersConfig(self.plugin)
baseDN = users.baseDN
else:
groups = ILDAPGroupsConfig(self.plugin)
baseDN = groups.baseDN
root = LDAPNode(baseDN, self.props)
node = root.node_by_dn(safe_unicode(dn), strict=True)
ret = dict()
for key, val in node.attrs.items():
try:
if not node.attrs.is_binary(key):
ret[safe_unicode(key)] = safe_unicode(val)
else:
ret[safe_unicode(key)] = "(Binary Data with {0} Bytes)".format(
len(val)
)
except UnicodeDecodeError:
ret[safe_encode(key)] = "! (UnicodeDecodeError)"
except Exception:
ret[safe_encode(key)] = "! (Unknown Exception)"
return json.dumps(ret)
def children(self, baseDN):
node = LDAPNode(baseDN, self.props)
ret = list()
# XXX: related search filters for users and groups container?
for dn in node.search():
ret.append({"dn": dn})
return json.dumps(ret)
def create_container(self):
dn = decode_dn(self.request.params.get('dn', ''))
localizer = get_localizer(self.request)
if not dn:
message = localizer.translate(
_('no_container_dn_defined', 'No container DN defined.'))
raise Exception(message)
if not dn.startswith('ou='):
message = localizer.translate(
_('expected_ou_as_rdn', "Expected 'ou' as RDN Attribute."))
raise Exception(message)
props = self.model.parent['ugm_server'].ldap_props
try:
parent_dn = ','.join(explode_dn(dn)[1:])
except Exception:
message = localizer.translate(_('invalid_dn', 'Invalid DN.'))
raise Exception(message)
rdn = explode_dn(dn)[0]
node = LDAPNode(parent_dn, props)
if node is None:
message = localizer.translate(
_('parent_not_found', "Parent not found. Can't continue."))
raise Exception(message)
node[rdn] = LDAPNode()
node[rdn].attrs['objectClass'] = ['organizationalUnit']
node()
self.model.invalidate()
message = localizer.translate(
_('created_principal_container',
default="Created ${rdn}",
mapping={'rdn': rdn}))
return message
def children(self, baseDN):
node = LDAPNode(baseDN, self.props)
ret = list()
# XXX: related search filters for users and groups container?
for dn in node.search():
ret.append({"dn": dn})
return json.dumps(ret)
def test_inexistent_member_reference(self, ugm):
# Test case where group contains reference to inexistent member.
node = LDAPNode(
u'cn=group0,ou=groups,ou=posixGroups,dc=my-domain,dc=com',
props=self.layer['props'])
node.attrs['memberUid'] = ['uid0', 'inexistent']
node()
group = ugm.groups['group0']
self.assertEqual(group.keys(), ['uid0'])
node.attrs['memberUid'] = ['uid0']
node()
def wrapper(self):
props = layer['props']
root = LDAPNode('dc=my-domain,dc=com', props)
container = root['ou=defaults'] = LDAPNode()
container.attrs['objectClass'] = ['organizationalUnit']
root()
try:
fn(self, props)
finally:
container.clear()
container()
del root['ou=defaults']
root()
def test_inexistent_member_reference(self, ugm):
# Test case where group contains reference to inexistent member.
node = LDAPNode(
u'cn=group0,ou=groups,ou=posixGroups,dc=my-domain,dc=com',
props=self.layer['props']
)
node.attrs['memberUid'] = ['uid0', 'inexistent']
node()
group = ugm.groups['group0']
self.assertEqual(group.keys(), ['uid0'])
node.attrs['memberUid'] = ['uid0']
node()
def container_exists(self):
try:
return LDAPNode(self.container_dn,
self.server_settings.ldap_props).exists
except Exception:
logger.error(format_traceback())
return False
def prepare_roles(self):
props = ugm_server(root).ldap_props
node = LDAPNode('dc=my-domain,dc=com', props)
node['ou=roles'] = LDAPNode()
node['ou=roles'].attrs['objectClass'] = ['organizationalUnit']
node()
rcfg = RolesConfig(
baseDN='ou=roles,dc=my-domain,dc=com',
attrmap=odict([('id', 'cn'), ('rdn', 'cn')]),
scope=ONELEVEL,
queryFilter='(objectClass=groupOfNames)',
objectClasses=['groupOfNames'],
defaults={},
)
roles = ugm_roles(root)
roles._ldap_rcfg = rcfg
def create_container(self):
dn = decode_dn(self.request.params.get('dn', ''))
if not dn:
raise Exception(u"No container DN defined.")
if not dn.startswith('ou='):
raise Exception(u"Expected 'ou' as RDN Attribute.")
props = self.model.parent['ugm_server'].ldap_props
try:
parent_dn = ','.join(explode_dn(dn)[1:])
except Exception:
raise Exception(u"Invalid DN.")
rdn = explode_dn(dn)[0]
node = LDAPNode(parent_dn, props)
if node is None:
raise Exception(u"Parent not found. Can't continue.")
node[rdn] = LDAPNode()
node[rdn].attrs['objectClass'] = ['organizationalUnit']
node()
return u"Created '%s'" % rdn
def test_no_member_uid_attribute_yet(self, ugm):
# Test case where group object does not have 'memberUid' attribute
# set yet.
node = LDAPNode(
u'cn=group0,ou=groups,ou=posixGroups,dc=my-domain,dc=com',
props=self.layer['props'])
del node.attrs['memberUid']
node()
group = ugm.groups['group0']
self.assertEqual(group.items(), [])
group.add('uid0')
group()
node = LDAPNode(
u'cn=group0,ou=groups,ou=posixGroups,dc=my-domain,dc=com',
props=self.layer['props'])
self.assertEqual(node.attrs['memberUid'], ['uid0'])
def node_attributes(self):
dn = self.request["dn"]
base = self.request["base"]
if base == "users":
users = ILDAPUsersConfig(self.plugin)
baseDN = users.baseDN
else:
groups = ILDAPGroupsConfig(self.plugin)
baseDN = groups.baseDN
root = LDAPNode(baseDN, self.props)
node = root.node_by_dn(safe_unicode(dn), strict=True)
ret = dict()
for key, val in node.attrs.items():
try:
if not node.attrs.is_binary(key):
ret[safe_unicode(key)] = safe_unicode(val)
else:
ret[safe_unicode(
key)] = "(Binary Data with {0} Bytes)".format(len(val))
except UnicodeDecodeError:
ret[safe_encode(key)] = "! (UnicodeDecodeError)"
except Exception:
ret[safe_encode(key)] = "! (Unknown Exception)"
return json.dumps(ret)
def create_container(self):
"""Create LDAP container by dn.
Currently this only supports ou container type.
XXX: Do we need to support c and dc?
XXX: Should we create parents as well if missing?
"""
dn = self.container_dn
if not dn:
raise LDAPContainerError(
_('no_container_dn_defined',
default='No container DN defined.'))
if not dn.startswith('ou='):
raise LDAPContainerError(
_('expected_ou_as_rdn',
default="Expected 'ou' as RDN Attribute."))
props = self.server_settings.ldap_props
try:
parent_dn = ','.join(explode_dn(dn)[1:])
except Exception:
raise LDAPContainerError(_('invalid_dn', default='Invalid DN.'))
rdn = explode_dn(dn)[0]
parent = LDAPNode(parent_dn, props)
if not parent.exists:
raise LDAPContainerError(
_('parent_not_found',
default="Parent not found. Can't continue."))
parent[rdn] = LDAPNode()
parent[rdn].attrs['objectClass'] = ['organizationalUnit']
parent()
self.invalidate()
message = _('created_principal_container',
default="Created ${rdn}",
mapping={'rdn': rdn})
return message
def node_attributes(self):
rdn = self.request['rdn']
base = self.request['base']
if base == 'users':
users = ILDAPUsersConfig(self.plugin)
baseDN = users.baseDN
else:
groups = ILDAPGroupsConfig(self.plugin)
baseDN = groups.baseDN
root = LDAPNode(baseDN, self.props)
node = root[rdn]
ret = dict()
for key, val in node.attrs.items():
try:
if not node.attrs.is_binary(key):
ret[safe_encode(key)] = safe_encode(val)
else:
ret[safe_encode(key)] = \
'(Binary Data with {0} Bytes)'.format(len(val))
except UnicodeDecodeError:
ret[safe_encode(key)] = '! (UnicodeDecodeError)'
except Exception:
ret[safe_encode(key)] = '! (Unknown Exception)'
return json.dumps(ret)
def test_roles(self):
# Role Management. Create container for roles.
props = layer['props']
node = LDAPNode('dc=my-domain,dc=com', props)
node['ou=roles'] = LDAPNode()
node['ou=roles'].attrs['objectClass'] = ['organizationalUnit']
node()
ucfg = layer['ucfg']
gcfg = layer['gcfg']
rcfg = RolesConfig(
baseDN='ou=roles,dc=my-domain,dc=com',
attrmap=odict((
('rdn', 'cn'),
('id', 'cn')
)),
scope=SUBTREE,
queryFilter='(objectClass=posixGroup)',
objectClasses=['posixGroup'],
defaults={},
strict=False
)
ugm = Ugm(props=props, ucfg=ucfg, gcfg=gcfg, rcfg=rcfg)
user = ugm.users['uid1']
self.assertEqual(ugm.roles(user), [])
ugm.add_role('viewer', user)
self.assertEqual(ugm.roles(user), ['viewer'])
self.assertEqual(user.roles, ['viewer'])
user = ugm.users['uid2']
user.add_role('viewer')
user.add_role('editor')
self.assertEqual(sorted(user.roles), ['editor', 'viewer'])
ugm.roles_storage()
ugm.remove_role('viewer', user)
user.remove_role('editor')
self.assertEqual(user.roles, [])
ugm.roles_storage()
group = ugm.groups['group1']
self.assertEqual(ugm.roles(group), [])
ugm.add_role('viewer', group)
self.assertEqual(ugm.roles(group), ['viewer'])
self.assertEqual(group.roles, ['viewer'])
group = ugm.groups['group0']
group.add_role('viewer')
group.add_role('editor')
self.assertEqual(group.roles, ['viewer', 'editor'])
ugm.roles_storage()
err = self.expect_error(
ValueError,
group.add_role,
'editor'
)
self.assertEqual(str(err), "Principal already has role 'editor'")
ugm.remove_role('viewer', group)
self.assertEqual(ugm.roles_storage.keys(), [u'viewer', u'editor'])
group.remove_role('editor')
self.assertEqual(ugm.roles_storage.keys(), [u'viewer'])
self.assertEqual(ugm.roles_storage.storage.keys(), ['viewer'])
self.expect_error(KeyError, ugm.roles_storage.__getitem__, 'editor')
err = self.expect_error(
ValueError,
group.remove_role,
'editor'
)
self.assertEqual(str(err), "Role not exists 'editor'")
err = self.expect_error(
ValueError,
group.remove_role,
'viewer'
)
self.assertEqual(str(err), "Principal does not has role 'viewer'")
ugm.roles_storage()
node = LDAPNode('dc=my-domain,dc=com', props)
node['ou=roles'].clear()
node['ou=roles']()
del node['ou=roles']
node()
def test_roles(self):
# Role Management. Create container for roles.
props = layer['props']
node = LDAPNode('dc=my-domain,dc=com', props)
node['ou=roles'] = LDAPNode()
node['ou=roles'].attrs['objectClass'] = ['organizationalUnit']
node()
ucfg = layer['ucfg']
gcfg = layer['gcfg']
rcfg = RolesConfig(baseDN='ou=roles,dc=my-domain,dc=com',
attrmap=odict((('rdn', 'cn'), ('id', 'cn'))),
scope=SUBTREE,
queryFilter='(objectClass=posixGroup)',
objectClasses=['posixGroup'],
defaults={},
strict=False)
ugm = Ugm(props=props, ucfg=ucfg, gcfg=gcfg, rcfg=rcfg)
user = ugm.users['uid1']
self.assertEqual(ugm.roles(user), [])
ugm.add_role('viewer', user)
self.assertEqual(ugm.roles(user), ['viewer'])
self.assertEqual(user.roles, ['viewer'])
user = ugm.users['uid2']
user.add_role('viewer')
user.add_role('editor')
self.assertEqual(sorted(user.roles), ['editor', 'viewer'])
ugm.roles_storage()
ugm.remove_role('viewer', user)
user.remove_role('editor')
self.assertEqual(user.roles, [])
ugm.roles_storage()
group = ugm.groups['group1']
self.assertEqual(ugm.roles(group), [])
ugm.add_role('viewer', group)
self.assertEqual(ugm.roles(group), ['viewer'])
self.assertEqual(group.roles, ['viewer'])
group = ugm.groups['group0']
group.add_role('viewer')
group.add_role('editor')
self.assertEqual(group.roles, ['viewer', 'editor'])
ugm.roles_storage()
err = self.expect_error(ValueError, group.add_role, 'editor')
self.assertEqual(str(err), "Principal already has role 'editor'")
ugm.remove_role('viewer', group)
self.assertEqual(ugm.roles_storage.keys(), [u'viewer', u'editor'])
group.remove_role('editor')
self.assertEqual(ugm.roles_storage.keys(), [u'viewer'])
self.assertEqual(ugm.roles_storage.storage.keys(), ['viewer'])
self.expect_error(KeyError, ugm.roles_storage.__getitem__, 'editor')
err = self.expect_error(ValueError, group.remove_role, 'editor')
self.assertEqual(str(err), "Role not exists 'editor'")
err = self.expect_error(ValueError, group.remove_role, 'viewer')
self.assertEqual(str(err), "Principal does not has role 'viewer'")
ugm.roles_storage()
node = LDAPNode('dc=my-domain,dc=com', props)
node['ou=roles'].clear()
node['ou=roles']()
del node['ou=roles']
node()
def children(self, baseDN):
node = LDAPNode(baseDN, self.props)
ret = list()
for key in node:
ret.append({'rdn': key})
return json.dumps(ret)
