Exemplo n.º 1
0
 def create_project(self, name, manager_uid,
                    description=None, member_uids=None):
     """Create a project"""
     if self.__project_exists(name):
         raise exception.ProjectExists(project=name)
     if not self.__user_exists(manager_uid):
         raise exception.LDAPUserNotFound(user_id=manager_uid)
     manager_dn = self.__uid_to_dn(manager_uid)
     # description is a required attribute
     if description is None:
         description = name
     members = []
     if member_uids is not None:
         for member_uid in member_uids:
             if not self.__user_exists(member_uid):
                 raise exception.LDAPUserNotFound(user_id=member_uid)
             members.append(self.__uid_to_dn(member_uid))
     # always add the manager as a member because members is required
     if not manager_dn in members:
         members.append(manager_dn)
     attr = [
         ('objectclass', [LdapDriver.project_objectclass]),
         ('cn', [name]),
         ('description', [description]),
         (LdapDriver.project_attribute, [manager_dn]),
         ('member', members)]
     dn = self.__project_to_dn(name, search=False)
     self.conn.add_s(dn, attr)
     return self.__to_project(dict(attr))
Exemplo n.º 2
0
 def __add_to_group(self, uid, group_dn):
     """Add user to group"""
     if not self.__user_exists(uid):
         raise exception.LDAPUserNotFound(user_id=uid)
     if not self.__group_exists(group_dn):
         raise exception.LDAPGroupNotFound(group_id=group_dn)
     if self.__is_in_group(uid, group_dn):
         raise exception.LDAPMembershipExists(uid=uid, group_dn=group_dn)
     attr = [(self.ldap.MOD_ADD, 'member', self.__uid_to_dn(uid))]
     self.conn.modify_s(group_dn, attr)
Exemplo n.º 3
0
 def __is_in_group(self, uid, group_dn):
     """Check if user is in group"""
     if not self.__user_exists(uid):
         raise exception.LDAPUserNotFound(user_id=uid)
     if not self.__group_exists(group_dn):
         return False
     res = self.__find_object(group_dn,
                              '(member=%s)' % self.__uid_to_dn(uid),
                              self.ldap.SCOPE_BASE)
     return res is not None
Exemplo n.º 4
0
 def __remove_from_all(self, uid):
     """Remove user from all roles and projects"""
     if not self.__user_exists(uid):
         raise exception.LDAPUserNotFound(user_id=uid)
     role_dns = self.__find_group_dns_with_member(
             FLAGS.role_project_subtree, uid)
     for role_dn in role_dns:
         self.__safe_remove_from_group(uid, role_dn)
     project_dns = self.__find_group_dns_with_member(
             FLAGS.ldap_project_subtree, uid)
     for project_dn in project_dns:
         self.__safe_remove_from_group(uid, project_dn)
Exemplo n.º 5
0
 def __remove_from_group(self, uid, group_dn):
     """Remove user from group"""
     if not self.__group_exists(group_dn):
         raise exception.LDAPGroupNotFound(group_id=group_dn)
     if not self.__user_exists(uid):
         raise exception.LDAPUserNotFound(user_id=uid)
     if not self.__is_in_group(uid, group_dn):
         raise exception.LDAPGroupMembershipNotFound(user_id=uid,
                                                     group_id=group_dn)
     # NOTE(vish): remove user from group and any sub_groups
     sub_dns = self.__find_group_dns_with_member(group_dn, uid)
     for sub_dn in sub_dns:
         self.__safe_remove_from_group(uid, sub_dn)
Exemplo n.º 6
0
 def create_user(self, name, access_key, secret_key, is_admin):
     """Create a user"""
     if self.__user_exists(name):
         raise exception.LDAPUserExists(user=name)
     if FLAGS.ldap_user_modify_only:
         if self.__ldap_user_exists(name):
             # Retrieve user by name
             user = self.__get_ldap_user(name)
             # Entry could be malformed, test for missing attrs.
             # Malformed entries are useless, replace attributes found.
             attr = []
             if 'secretKey' in user.keys():
                 attr.append((self.ldap.MOD_REPLACE, 'secretKey',
                              [secret_key]))
             else:
                 attr.append((self.ldap.MOD_ADD, 'secretKey',
                              [secret_key]))
             if 'accessKey' in user.keys():
                 attr.append((self.ldap.MOD_REPLACE, 'accessKey',
                              [access_key]))
             else:
                 attr.append((self.ldap.MOD_ADD, 'accessKey',
                              [access_key]))
             if LdapDriver.isadmin_attribute in user.keys():
                 attr.append((self.ldap.MOD_REPLACE,
                              LdapDriver.isadmin_attribute,
                              [str(is_admin).upper()]))
             else:
                 attr.append((self.ldap.MOD_ADD,
                              LdapDriver.isadmin_attribute,
                              [str(is_admin).upper()]))
             self.conn.modify_s(self.__uid_to_dn(name), attr)
             return self.get_user(name)
         else:
             raise exception.LDAPUserNotFound(user_id=name)
     else:
         attr = [
             ('objectclass', ['person',
                              'organizationalPerson',
                              'inetOrgPerson',
                              'novaUser']),
             ('ou', [FLAGS.ldap_user_unit]),
             (FLAGS.ldap_user_id_attribute, [name]),
             ('sn', [name]),
             (FLAGS.ldap_user_name_attribute, [name]),
             ('secretKey', [secret_key]),
             ('accessKey', [access_key]),
             (LdapDriver.isadmin_attribute, [str(is_admin).upper()]),
         ]
         self.conn.add_s(self.__uid_to_dn(name), attr)
         return self.__to_user(dict(attr))
Exemplo n.º 7
0
 def modify_project(self, project_id, manager_uid=None, description=None):
     """Modify an existing project"""
     if not manager_uid and not description:
         return
     attr = []
     if manager_uid:
         if not self.__user_exists(manager_uid):
             raise exception.LDAPUserNotFound(user_id=manager_uid)
         manager_dn = self.__uid_to_dn(manager_uid)
         attr.append((self.ldap.MOD_REPLACE, LdapDriver.project_attribute,
                      manager_dn))
     if description:
         attr.append((self.ldap.MOD_REPLACE, 'description', description))
     dn = self.__project_to_dn(project_id)
     self.conn.modify_s(dn, attr)
     if not self.is_in_project(manager_uid, project_id):
         self.add_to_project(manager_uid, project_id)
Exemplo n.º 8
0
 def __create_group(self, group_dn, name, uid,
                    description, member_uids=None):
     """Create a group"""
     if self.__group_exists(group_dn):
         raise exception.LDAPGroupExists(group=name)
     members = []
     if member_uids is not None:
         for member_uid in member_uids:
             if not self.__user_exists(member_uid):
                 raise exception.LDAPUserNotFound(user_id=member_uid)
             members.append(self.__uid_to_dn(member_uid))
     dn = self.__uid_to_dn(uid)
     if not dn in members:
         members.append(dn)
     attr = [
         ('objectclass', ['groupOfNames']),
         ('cn', [name]),
         ('description', [description]),
         ('member', members)]
     self.conn.add_s(group_dn, attr)
Exemplo n.º 9
0
 def delete_user(self, uid):
     """Delete a user"""
     if not self.__user_exists(uid):
         raise exception.LDAPUserNotFound(user_id=uid)
     self.__remove_from_all(uid)
     if FLAGS.ldap_user_modify_only:
         # Delete attributes
         attr = []
         # Retrieve user by name
         user = self.__get_ldap_user(uid)
         if 'secretKey' in user.keys():
             attr.append((self.ldap.MOD_DELETE, 'secretKey',
                          user['secretKey']))
         if 'accessKey' in user.keys():
             attr.append((self.ldap.MOD_DELETE, 'accessKey',
                          user['accessKey']))
         if LdapDriver.isadmin_attribute in user.keys():
             attr.append((self.ldap.MOD_DELETE,
                          LdapDriver.isadmin_attribute,
                          user[LdapDriver.isadmin_attribute]))
         self.conn.modify_s(self.__uid_to_dn(uid), attr)
     else:
         # Delete entry
         self.conn.delete_s(self.__uid_to_dn(uid))
Exemplo n.º 10
0
 def get_user(self, uid):
     """Retrieve user by id"""
     attr = self.__get_ldap_user(uid)
     if attr is None:
         raise exception.LDAPUserNotFound(user_id=uid)
     return self.__to_user(attr)