def setUp(self):
FakeLDAP.clearTree()
try:
transaction.begin()
except AttributeError:
# Zope 2.7
get_transaction().begin()
self.connection = Zope2.DB.open()
self.root = self.connection.root()["Application"]
self.root._setObject("luftest", Folder("luftest"))
self.folder = self.root.luftest
manage_addLDAPUserFolder(self.folder)
luf = self.folder.acl_users
host, port = dg("server").split(":")
luf.manage_addServer(host, port=port)
luf.manage_edit(
dg("title"),
dg("login_attr"),
dg("uid_attr"),
dg("users_base"),
dg("users_scope"),
dg("roles"),
dg("groups_base"),
dg("groups_scope"),
dg("binduid"),
dg("bindpwd"),
binduid_usage=dg("binduid_usage"),
rdn_attr=dg("rdn_attr"),
local_groups=dg("local_groups"),
implicit_mapping=dg("implicit_mapping"),
encryption=dg("encryption"),
read_only=dg("read_only"),
)
FakeLDAP.addTreeItems(dg("users_base"))
FakeLDAP.addTreeItems(dg("groups_base"))
def add_ldap_user_folder(app):
from Products.LDAPUserFolder import manage_addLDAPUserFolder
dg = ldap_config.defaults.get
manage_addLDAPUserFolder(app)
luf = app.acl_users
host, port = dg('server').split(':')
luf.manage_addServer(host, port=port)
luf.manage_edit(dg('title'),
dg('login_attr'),
dg('uid_attr'),
dg('users_base'),
dg('users_scope'),
dg('roles'),
dg('groups_base'),
dg('groups_scope'),
dg('binduid'),
dg('bindpwd'),
binduid_usage = dg('binduid_usage'),
rdn_attr = dg('rdn_attr'),
local_groups = dg('local_groups'),
implicit_mapping = dg('implicit_mapping'),
encryption = dg('encryption'),
read_only = dg('read_only'))
luf.manage_deleteLDAPSchemaItems(luf._ldapschema.keys()) # clear the schema
def setUp(self):
from dataflake.fakeldap import TREE
self.db = TREE
self.db.clear()
transaction.begin()
self.app = self.root = ZopeTestCase.app()
self.root._setObject('luftest', Folder('luftest'))
self.folder = self.root.luftest
manage_addLDAPUserFolder(self.folder)
luf = self.folder.acl_users
host, port = dg('server').split(':')
luf.manage_addServer(host, port=port)
luf.manage_edit(dg('title'),
dg('login_attr'),
dg('uid_attr'),
dg('users_base'),
dg('users_scope'),
dg('roles'),
dg('groups_base'),
dg('groups_scope'),
dg('binduid'),
dg('bindpwd'),
binduid_usage=dg('binduid_usage'),
rdn_attr=dg('rdn_attr'),
local_groups=dg('local_groups'),
implicit_mapping=dg('implicit_mapping'),
encryption=dg('encryption'),
read_only=dg('read_only'))
self.db.addTreeItems(dg('users_base'))
self.db.addTreeItems(dg('groups_base'))
def setUp(self):
from dataflake.fakeldap import TREE
self.db = TREE
self.db.clear()
transaction.begin()
self.app = self.root = ZopeTestCase.app()
self.root._setObject('luftest', Folder('luftest'))
self.folder = self.root.luftest
manage_addLDAPUserFolder(self.folder)
luf = self.folder.acl_users
host, port = dg('server').split(':')
luf.manage_addServer(host, port=port)
luf.manage_edit( dg('title')
, dg('login_attr')
, dg('uid_attr')
, dg('users_base')
, dg('users_scope')
, dg('roles')
, dg('groups_base')
, dg('groups_scope')
, dg('binduid')
, dg('bindpwd')
, binduid_usage = dg('binduid_usage')
, rdn_attr = dg('rdn_attr')
, local_groups = dg('local_groups')
, implicit_mapping = dg('implicit_mapping')
, encryption = dg('encryption')
, read_only = dg('read_only')
)
self.db.addTreeItems(dg('users_base'))
self.db.addTreeItems(dg('groups_base'))
def genericPluginCreation(self, klass, id, title, login_attr, uid_attr,
users_base, users_scope, roles, groups_base, groups_scope, binduid,
bindpwd, binduid_usage=1, rdn_attr='cn', local_groups=0, use_ssl=0,
encryption='SHA', read_only=0, LDAP_server=None,
obj_classes='pilotPerson,uidObject', REQUEST=None):
# Make sure we really are working in our container (the
# PluggableAuthService object)
self = self.this()
# First we create the plugin
plugin = klass(id, title)
self._setObject(id, plugin)
plugin = getattr(aq_base(self), id)
# And then we have to create an LDAPUserFolder inside it
manage_addLDAPUserFolder(plugin)
luf=getattr(aq_base(plugin), "acl_users")
# Figure out the LDAP port number to use
if LDAP_server is not None:
host_elems = LDAP_server.split(':')
host = host_elems[0]
if len(host_elems) > 1:
port = host_elems[1]
else:
if use_ssl:
port = '636'
else:
port = '389'
luf.manage_addServer(host, port=port, use_ssl=use_ssl, op_timeout=10)
# clean out the __allow_groups__ bit because it is not needed here
# and potentially harmful
plugin_base = aq_base(plugin)
if hasattr(plugin_base, '__allow_groups__'):
del plugin_base.__allow_groups__
# Configure the LDAPUserFolder
luf.manage_edit(title, login_attr, uid_attr, users_base, users_scope,
roles, groups_base, groups_scope, binduid, bindpwd,
binduid_usage=binduid_usage, rdn_attr=rdn_attr,
local_groups=local_groups, encryption=encryption,
read_only=read_only, obj_classes=obj_classes,
REQUEST=None)
return luf
def testAlternateLUFInstantiation(self):
from Products.LDAPUserFolder import manage_addLDAPUserFolder
ae = self.assertEqual
self.folder._delObject('acl_users')
manage_addLDAPUserFolder(self.folder)
acl = self.folder.acl_users
host, port = ag('server').split(':')
acl.manage_addServer(host, port=port)
acl.manage_edit(title=ag('title'),
login_attr=ag('login_attr'),
uid_attr=ag('uid_attr'),
users_base=ag('users_base'),
users_scope=ag('users_scope'),
roles=ag('roles'),
groups_base=ag('groups_base'),
groups_scope=ag('groups_scope'),
binduid=ag('binduid'),
bindpwd=ag('bindpwd'),
binduid_usage=ag('binduid_usage'),
rdn_attr=ag('rdn_attr'),
local_groups=ag('local_groups'),
implicit_mapping=ag('implicit_mapping'),
encryption=ag('encryption'),
read_only=ag('read_only'),
extra_user_filter=ag('extra_user_filter'))
acl = self.folder.acl_users
ae(acl.getProperty('title'), ag('title'))
ae(acl.getProperty('_login_attr'), ag('login_attr'))
ae(acl.getProperty('_uid_attr'), ag('uid_attr'))
ae(acl.getProperty('users_base'), ag('users_base'))
ae(acl.getProperty('users_scope'), ag('users_scope'))
ae(acl.getProperty('_roles'),
[x.strip() for x in ag('roles').split(',')])
ae(acl.getProperty('groups_base'), ag('groups_base'))
ae(acl.getProperty('groups_scope'), ag('groups_scope'))
ae(acl.getProperty('_binduid'), ag('binduid'))
ae(acl.getProperty('_bindpwd'), ag('bindpwd'))
ae(acl.getProperty('_binduid_usage'), ag('binduid_usage'))
ae(acl.getProperty('_rdnattr'), ag('rdn_attr'))
ae(acl.getProperty('_local_groups'), not not ag('local_groups'))
ae(acl.getProperty('_implicit_mapping'),
not not ag('implicit_mapping'))
ae(acl.getProperty('_pwd_encryption'), ag('encryption'))
ae(acl.getProperty('_extra_user_filter'), ag('extra_user_filter'))
ae(acl.getProperty('read_only'), not not ag('read_only'))
def testAlternateLUFInstantiation(self):
from Products.LDAPUserFolder import manage_addLDAPUserFolder
ae = self.assertEqual
self.folder._delObject('acl_users')
manage_addLDAPUserFolder(self.folder)
acl = self.folder.acl_users
host, port = ag('server').split(':')
acl.manage_addServer(host, port=port)
acl.manage_edit( title = ag('title')
, login_attr = ag('login_attr')
, uid_attr = ag('uid_attr')
, users_base = ag('users_base')
, users_scope = ag('users_scope')
, roles= ag('roles')
, groups_base = ag('groups_base')
, groups_scope = ag('groups_scope')
, binduid = ag('binduid')
, bindpwd = ag('bindpwd')
, binduid_usage = ag('binduid_usage')
, rdn_attr = ag('rdn_attr')
, local_groups = ag('local_groups')
, implicit_mapping = ag('implicit_mapping')
, encryption = ag('encryption')
, read_only = ag('read_only')
, extra_user_filter = ag('extra_user_filter')
)
acl = self.folder.acl_users
ae(acl.getProperty('title'), ag('title'))
ae(acl.getProperty('_login_attr'), ag('login_attr'))
ae(acl.getProperty('_uid_attr'), ag('uid_attr'))
ae(acl.getProperty('users_base'), ag('users_base'))
ae(acl.getProperty('users_scope'), ag('users_scope'))
ae(acl.getProperty('_roles'), [x.strip() for x in ag('roles').split(',')])
ae(acl.getProperty('groups_base'), ag('groups_base'))
ae(acl.getProperty('groups_scope'), ag('groups_scope'))
ae(acl.getProperty('_binduid'), ag('binduid'))
ae(acl.getProperty('_bindpwd'), ag('bindpwd'))
ae(acl.getProperty('_binduid_usage'), ag('binduid_usage'))
ae(acl.getProperty('_rdnattr'), ag('rdn_attr'))
ae(acl.getProperty('_local_groups'), not not ag('local_groups'))
ae(acl.getProperty('_implicit_mapping'), not not ag('implicit_mapping'))
ae(acl.getProperty('_pwd_encryption'), ag('encryption'))
ae(acl.getProperty('_extra_user_filter'), ag('extra_user_filter'))
ae(acl.getProperty('read_only'), not not ag('read_only'))
def testAlternateLUFInstantiation(self):
ae = self.assertEqual
self.folder._delObject("acl_users")
manage_addLDAPUserFolder(self.folder)
acl = self.folder.acl_users
host, port = ag("server").split(":")
acl.manage_addServer(host, port=port)
acl.manage_edit(
title=ag("title"),
login_attr=ag("login_attr"),
uid_attr=ag("uid_attr"),
users_base=ag("users_base"),
users_scope=ag("users_scope"),
roles=ag("roles"),
groups_base=ag("groups_base"),
groups_scope=ag("groups_scope"),
binduid=ag("binduid"),
bindpwd=ag("bindpwd"),
binduid_usage=ag("binduid_usage"),
rdn_attr=ag("rdn_attr"),
local_groups=ag("local_groups"),
implicit_mapping=ag("implicit_mapping"),
encryption=ag("encryption"),
read_only=ag("read_only"),
extra_user_filter=ag("extra_user_filter"),
)
acl = self.folder.acl_users
ae(acl.getProperty("title"), ag("title"))
ae(acl.getProperty("_login_attr"), ag("login_attr"))
ae(acl.getProperty("_uid_attr"), ag("uid_attr"))
ae(acl.getProperty("users_base"), ag("users_base"))
ae(acl.getProperty("users_scope"), ag("users_scope"))
ae(acl.getProperty("_roles"), [x.strip() for x in ag("roles").split(",")])
ae(acl.getProperty("groups_base"), ag("groups_base"))
ae(acl.getProperty("groups_scope"), ag("groups_scope"))
ae(acl.getProperty("_binduid"), ag("binduid"))
ae(acl.getProperty("_bindpwd"), ag("bindpwd"))
ae(acl.getProperty("_binduid_usage"), ag("binduid_usage"))
ae(acl.getProperty("_rdnattr"), ag("rdn_attr"))
ae(acl.getProperty("_local_groups"), not not ag("local_groups"))
ae(acl.getProperty("_implicit_mapping"), not not ag("implicit_mapping"))
ae(acl.getProperty("_pwd_encryption"), ag("encryption"))
ae(acl.getProperty("_extra_user_filter"), ag("extra_user_filter"))
ae(acl.getProperty("read_only"), not not ag("read_only"))
def manage_addLDAPMultiPlugin( self, id, title, LDAP_server, login_attr
, uid_attr, users_base, users_scope, roles
, groups_base, groups_scope, binduid, bindpwd
, binduid_usage=1, rdn_attr='cn', local_groups=0
, use_ssl=0 , encryption='SHA', read_only=0
, REQUEST=None
):
""" Factory method to instantiate a LDAPMultiPlugin """
# Make sure we really are working in our container (the
# PluggableAuthService object)
self = self.this()
# Value needs massaging, there's some magic transcending a simple true
# or false expeced by the LDAP delegate :(
if use_ssl:
use_ssl = 1
else:
use_ssl = 0
# Instantiate the folderish adapter object
lmp = LDAPMultiPlugin(id, title=title)
self._setObject(id, lmp)
lmp = getattr(aq_base(self), id)
lmp_base = aq_base(lmp)
# Put the "real" LDAPUserFolder inside it
manage_addLDAPUserFolder(lmp)
luf = getattr(lmp_base, 'acl_users')
host_elems = LDAP_server.split(':')
host = host_elems[0]
if len(host_elems) > 1:
port = host_elems[1]
else:
if use_ssl:
port = '636'
else:
port = '389'
luf.manage_addServer(host, port=port, use_ssl=use_ssl)
luf.manage_edit( title
, login_attr
, uid_attr
, users_base
, users_scope
, roles
, groups_base
, groups_scope
, binduid
, bindpwd
, binduid_usage=binduid_usage
, rdn_attr=rdn_attr
, local_groups=local_groups
, encryption=encryption
, read_only=read_only
, REQUEST=None
)
# clean out the __allow_groups__ bit because it is not needed here
# and potentially harmful
lmp_base = aq_base(lmp)
if hasattr(lmp_base, '__allow_groups__'):
del lmp_base.__allow_groups__
if REQUEST is not None:
REQUEST.RESPONSE.redirect('%s/manage_main' % self.absolute_url())
def manage_addActiveDirectoryMultiPlugin(self,
id,
title,
LDAP_server,
login_attr,
uid_attr,
users_base,
users_scope,
roles,
groups_base,
groups_scope,
binduid,
bindpwd,
binduid_usage=1,
rdn_attr='cn',
local_groups=0,
use_ssl=0,
encryption='SHA',
read_only=0,
REQUEST=None):
""" Factory method to instantiate a ActiveDirectoryMultiPlugin """
# Make sure we really are working in our container (the
# PluggableAuthService object)
self = self.this()
# Value needs massaging, there's some magic transcending a simple true
# or false expeced by the LDAP delegate :(
if use_ssl:
use_ssl = 1
else:
use_ssl = 0
# Instantiate the folderish adapter object
lmp = ActiveDirectoryMultiPlugin(id, title=title)
self._setObject(id, lmp)
lmp = getattr(aq_base(self), id)
lmp_base = aq_base(lmp)
# Put the "real" LDAPUserFolder inside it
manage_addLDAPUserFolder(lmp)
luf = getattr(lmp_base, 'acl_users')
host_elems = LDAP_server.split(':')
host = host_elems[0]
if len(host_elems) > 1:
port = host_elems[1]
else:
if use_ssl:
port = '636'
else:
port = '389'
luf.manage_addServer(host, port=port, use_ssl=use_ssl)
luf.manage_edit(title,
login_attr,
uid_attr,
users_base,
users_scope,
roles,
groups_base,
groups_scope,
binduid,
bindpwd,
binduid_usage=binduid_usage,
rdn_attr=rdn_attr,
local_groups=local_groups,
encryption=encryption,
read_only=read_only,
REQUEST=None)
# clean out the __allow_groups__ bit because it is not needed here
# and potentially harmful
if hasattr(lmp_base, '__allow_groups__'):
del lmp_base.__allow_groups__
uf = lmp.acl_users
uf._ldapschema = {
'cn': {
'ldap_name': 'cn',
'friendly_name': 'Canonical Name',
'multivalued': '',
'public_name': ''
},
'sn': {
'ldap_name': 'sn',
'friendly_name': 'Last Name',
'multivalued': '',
'public_name': 'last_name'
}
}
uf.manage_addLDAPSchemaItem('dn', 'Distinguished Name', public_name='dn')
uf.manage_addLDAPSchemaItem('sAMAccountName',
'Windows Login Name',
public_name='windows_login_name')
uf.manage_addLDAPSchemaItem('objectGUID',
'AD Object GUID',
public_name='objectGUID')
uf.manage_addLDAPSchemaItem('givenName',
'First Name',
public_name='first_name')
uf.manage_addLDAPSchemaItem('sn', 'Last Name', public_name='last_name')
uf.manage_addLDAPSchemaItem('memberOf',
'Group DNs',
public_name='memberOf',
multivalued=True)
if REQUEST is not None:
REQUEST.RESPONSE.redirect('%s/manage_main' % self.absolute_url())
def genericPluginCreation(self,
klass,
id,
title,
login_attr,
uid_attr,
users_base,
users_scope,
roles,
groups_base,
groups_scope,
binduid,
bindpwd,
binduid_usage=1,
rdn_attr='cn',
local_groups=0,
use_ssl=0,
encryption='SHA',
read_only=0,
LDAP_server=None,
obj_classes='pilotPerson,uidObject',
REQUEST=None):
# Make sure we really are working in our container (the
# PluggableAuthService object)
self = self.this()
# First we create the plugin
plugin = klass(id, title)
self._setObject(id, plugin)
plugin = getattr(aq_base(self), id)
# And then we have to create an LDAPUserFolder inside it
manage_addLDAPUserFolder(plugin)
luf = getattr(aq_base(plugin), "acl_users")
# Figure out the LDAP port number to use
if LDAP_server is not None:
host_elems = LDAP_server.split(':')
host = host_elems[0]
if len(host_elems) > 1:
port = host_elems[1]
else:
if use_ssl:
port = '636'
else:
port = '389'
luf.manage_addServer(host, port=port, use_ssl=use_ssl, op_timeout=10)
# clean out the __allow_groups__ bit because it is not needed here
# and potentially harmful
plugin_base = aq_base(plugin)
if hasattr(plugin_base, '__allow_groups__'):
del plugin_base.__allow_groups__
# Configure the LDAPUserFolder
luf.manage_edit(title,
login_attr,
uid_attr,
users_base,
users_scope,
roles,
groups_base,
groups_scope,
binduid,
bindpwd,
binduid_usage=binduid_usage,
rdn_attr=rdn_attr,
local_groups=local_groups,
encryption=encryption,
read_only=read_only,
obj_classes=obj_classes,
REQUEST=None)
return luf
def manage_addActiveDirectoryMultiPlugin( self, id, title, LDAP_server
, login_attr
, uid_attr, users_base, users_scope, roles
, groups_base, groups_scope, binduid, bindpwd
, binduid_usage=1, rdn_attr='cn', local_groups=0
, use_ssl=0 , encryption='SHA', read_only=0
, REQUEST=None
):
""" Factory method to instantiate a ActiveDirectoryMultiPlugin """
# Make sure we really are working in our container (the
# PluggableAuthService object)
self = self.this()
# Value needs massaging, there's some magic transcending a simple true
# or false expeced by the LDAP delegate :(
if use_ssl:
use_ssl = 1
else:
use_ssl = 0
# Instantiate the folderish adapter object
lmp = ActiveDirectoryMultiPlugin(id, title=title)
self._setObject(id, lmp)
lmp = getattr(aq_base(self), id)
lmp_base = aq_base(lmp)
# Put the "real" LDAPUserFolder inside it
manage_addLDAPUserFolder(lmp)
luf = getattr(lmp_base, 'acl_users')
host_elems = LDAP_server.split(':')
host = host_elems[0]
if len(host_elems) > 1:
port = host_elems[1]
else:
if use_ssl:
port = '636'
else:
port = '389'
luf.manage_addServer(host, port=port, use_ssl=use_ssl)
luf.manage_edit( title
, login_attr
, uid_attr
, users_base
, users_scope
, roles
, groups_base
, groups_scope
, binduid
, bindpwd
, binduid_usage=binduid_usage
, rdn_attr=rdn_attr
, local_groups=local_groups
, encryption=encryption
, read_only=read_only
, REQUEST=None
)
# clean out the __allow_groups__ bit because it is not needed here
# and potentially harmful
if hasattr(lmp_base, '__allow_groups__'):
del lmp_base.__allow_groups__
uf = lmp.acl_users
uf._ldapschema = { 'cn' : { 'ldap_name' : 'cn'
, 'friendly_name' : 'Canonical Name'
, 'multivalued' : ''
, 'public_name' : ''
}
, 'sn' : { 'ldap_name' : 'sn'
, 'friendly_name' : 'Last Name'
, 'multivalued' : ''
, 'public_name' : 'last_name'
}
}
uf.manage_addLDAPSchemaItem('dn', 'Distinguished Name',
public_name='dn')
uf.manage_addLDAPSchemaItem('sAMAccountName', 'Windows Login Name',
public_name='windows_login_name')
uf.manage_addLDAPSchemaItem('objectGUID', 'AD Object GUID',
public_name='objectGUID')
uf.manage_addLDAPSchemaItem('givenName', 'First Name',
public_name='first_name')
uf.manage_addLDAPSchemaItem('sn', 'Last Name',
public_name='last_name')
uf.manage_addLDAPSchemaItem('memberOf',
'Group DNs',
public_name='memberOf',
multivalued=True)
if REQUEST is not None:
REQUEST.RESPONSE.redirect('%s/manage_main' % self.absolute_url())
