def lookupUser(userid):
"""
Grabs email for the user based on LDAP attrs
"""
try:
attr = _search_ldap(userid)
user_attrs = attr[0][1]
return user_attrs
except Exception as e:
logger.warn("Error occurred looking up user: %s" % userid)
logger.exception(e)
raise
def _search_ldap(userid, conn=None):
try:
if not conn:
conn = ldap_driver.initialize(secrets.LDAP_SERVER)
result = conn.search_s(secrets.LDAP_SERVER_DN,
ldap_driver.SCOPE_SUBTREE,
'(uid=' + userid + ')')
return result
except Exception as e:
logger.warn("Error occurred on ldap search for: %s" % userid)
logger.exception(e)
return None
def lookupUser(userid):
"""
Grabs email for the user based on LDAP attrs
"""
try:
attr = _search_ldap(userid)
user_attrs = attr[0][1]
return user_attrs
except Exception as e:
logger.warn("Error occurred looking up user: %s" % userid)
logger.exception(e)
raise
def oauth_formatAttrs(oauth_attrs):
"""
Formats attrs into a unified dict to ease in user creation
"""
try:
return {
'email': oauth_attrs['mail'],
'firstName': oauth_attrs['givenname'],
'lastName': oauth_attrs['sn'],
}
except KeyError as nokey:
logger.exception(nokey)
return None
def oauth_formatAttrs(oauth_attrs):
"""
Formats attrs into a unified dict to ease in user creation
"""
try:
return {
'email': oauth_attrs['mail'],
'firstName': oauth_attrs['givenname'],
'lastName': oauth_attrs['sn'],
}
except KeyError as nokey:
logger.exception(nokey)
return None
def ldap_formatAttrs(ldap_attrs):
"""
Formats attrs into a unified dict to ease in user creation
"""
logger.info(ldap_attrs)
try:
return {
'email': ldap_attrs['mail'][0],
'firstName': ldap_attrs['givenName'][0],
'lastName': ldap_attrs['sn'][0],
}
except KeyError as nokey:
logger.exception(nokey)
return None
def _search_ldap(userid, conn=None):
try:
if not conn:
conn = ldap_driver.initialize(auth_settings.LDAP_SERVER)
result = conn.search_s(
auth_settings.LDAP_SERVER_DN,
ldap_driver.SCOPE_SUBTREE,
'(uid=' + userid + ')'
)
return result
except Exception as e:
logger.warn("Error occurred on ldap search for: %s" % userid)
logger.exception(e)
return None
def get_members(groupname):
"""
"""
try:
ldap_server = auth_settings.LDAP_SERVER
ldap_group_dn = auth_settings.LDAP_SERVER_DN.replace(
"ou=people", "ou=Groups")
ldap_conn = ldap_driver.initialize(ldap_server)
group_users = ldap_conn.search_s(
ldap_group_dn, ldap_driver.SCOPE_SUBTREE, '(cn=%s)' % groupname)
return group_users[0][1]['memberUid']
except Exception as e:
logger.exception(e)
return []
def ldap_formatAttrs(ldap_attrs):
"""
Formats attrs into a unified dict to ease in user creation
"""
logger.info(ldap_attrs)
try:
return {
'email': ldap_attrs['mail'][0],
'firstName': ldap_attrs['givenName'][0],
'lastName': ldap_attrs['sn'][0],
}
except KeyError as nokey:
logger.exception(nokey)
return None
def get_members(groupname):
"""
"""
try:
ldap_server = secrets.LDAP_SERVER
ldap_group_dn = secrets.LDAP_SERVER_DN.replace("ou=people",
"ou=Groups")
ldap_conn = ldap_driver.initialize(ldap_server)
group_users = ldap_conn.search_s(ldap_group_dn,
ldap_driver.SCOPE_SUBTREE,
'(cn=%s)' % groupname)
return group_users[0][1]['memberUid']
except Exception as e:
logger.exception(e)
return []
def lookupEmail(userid):
"""
Grabs email for the user based on LDAP attrs
"""
try:
logger.debug(type(userid))
if isinstance(userid, WSGIRequest):
raise Exception("WSGIRequest invalid.")
attr = _search_ldap(userid)
emailaddr = attr[0][1]['mail'][0]
return emailaddr
except Exception as e:
logger.warn("Error occurred looking up email for user: %s" % userid)
logger.exception(e)
raise
def lookupEmail(userid):
"""
Grabs email for the user based on LDAP attrs
"""
try:
logger.debug(type(userid))
if isinstance(userid, WSGIRequest):
raise Exception("WSGIRequest invalid.")
attr = _search_ldap(userid)
emailaddr = attr[0][1]['mail'][0]
return emailaddr
except Exception as e:
logger.warn("Error occurred looking up email for user: %s" % userid)
logger.exception(e)
raise
def getAllUsers():
"""
Grabs all users in LDAP
"""
try:
conn = ldap_driver.initialize(secrets.LDAP_SERVER)
user_list = []
for letter in string.lowercase:
attr = _search_ldap("%s*" % letter, conn)
for i in xrange(0, len(attr)):
user_attrs = attr[i][1]
user_list.append(user_attrs)
return user_list
except Exception as e:
logger.warn("Error occurred looking up all user")
logger.exception(e)
return None
def getAllUsers():
"""
Grabs all users in LDAP
"""
try:
conn = ldap_driver.initialize(auth_settings.LDAP_SERVER)
user_list = []
for letter in string.lowercase:
attr = _search_ldap("%s*" % letter, conn)
for i in xrange(0, len(attr)):
user_attrs = attr[i][1]
user_list.append(user_attrs)
return user_list
except Exception as e:
logger.warn("Error occurred looking up all user")
logger.exception(e)
return None
def ldap_validate(username, password):
"""
ldap_validate
Using the username and password parameters, test with an LDAP bind.
If the connection succeeds, the credentials are authentic.
"""
if not username or not password:
logger.warn("[LDAP] Skip Test - Username/Password combination missing")
return
try:
ldap_server = auth_settings.LDAP_SERVER
ldap_server_dn = auth_settings.LDAP_SERVER_DN
logger.warn("[LDAP] Validation Test - %s" % username)
ldap_conn = ldap_driver.initialize(ldap_server)
dn = "uid=" + username + "," + ldap_server_dn
ldap_conn.simple_bind_s(dn, password)
return True
except Exception as e:
logger.exception(e)
return False
def ldap_validate(username, password):
"""
ldap_validate
Using the username and password parameters, test with an LDAP bind.
If the connection succeeds, the credentials are authentic.
"""
if not username or not password:
logger.warn("[LDAP] Skip Test - Username/Password combination missing")
return
try:
ldap_server = secrets.LDAP_SERVER
ldap_server_dn = secrets.LDAP_SERVER_DN
logger.warn("[LDAP] Validation Test - %s" % username)
ldap_conn = ldap_driver.initialize(ldap_server)
dn = "uid=" + username + "," + ldap_server_dn
ldap_conn.simple_bind_s(dn, password)
return True
except Exception as e:
logger.exception(e)
return False
def cas_validateUser(username):
"""
Because this is a programmatic request
and CAS requires user input when expired,
We MUST use CAS Proxy Service,
and see if we can reauthenticate the user.
"""
try:
userProxy = UserProxy.objects.filter(username=username).latest('pk')
logger.debug("[CAS] Validation Test - %s" % username)
if userProxy is None:
logger.debug("User %s does not have a proxy" % username)
return (False, None)
proxyTicket = userProxy.proxyTicket
caslib = get_cas_client()
(validUser, cas_response) =\
caslib.reauthenticate(proxyTicket, username=username)
logger.debug("Valid User: %s Proxy response: %s"
% (validUser, cas_response))
return (validUser, cas_response)
except Exception:
logger.exception('Error validating user %s' % username)
return (False, None)
def lookupEmail(userid):
"""
Grabs email for the user based on LDAP attrs
"""
try:
logger.debug(type(userid))
if isinstance(userid, WSGIRequest):
raise Exception("WSGIRequest invalid.")
attr = _search_ldap(userid)
emailaddr = attr[0][1]['mail'][0]
return emailaddr
except Exception as e:
logger.warn("Error occurred looking up email for user: %s" % userid)
logger.exception(e)
import traceback
import sys
import inspect
s = inspect.stack()
for i in range(0, 4):
logger.debug(s[i])
etype, value, tb = sys.exc_info()
logger.error("TB = %s" % traceback.format_tb(tb))
return None
