def get_attributes(user, definitions=None, source=None, **kwargs):
'''
Return attributes dictionnary
Dictionnary format:
attributes = dict()
data_from_source = list()
a1 = dict()
a1['oid'] = definition_name
Or
a1['definition'] = definition_name
definition may be the definition name like 'gn'
or an alias like 'givenName'
Or
a1['name'] = attribute_name_in_ns
a1['namespace'] = ns_name
a1['values'] = list_of_values
data_from_source.append(a1)
...
data_from_source.append(a2)
attributes[source_name] = data_from_source
First attempt on 'definition' key.
Else, definition is searched by 'name' and 'namespece' keys.
'''
if not user:
logger.error('get_attributes: No user provided')
return None
logger.debug('get_attributes: Searching attributes for user %s' \
% user)
from authentic2.attribute_aggregator.models import LdapSource
sources = None
if source:
logger.debug('get_attributes: The required source is %s' % source)
try:
sources = [source.ldapsource]
logger.debug('get_attributes: The source is an LDAP source!')
except:
logger.debug('get_attributes: \
The required source is not a LDAP one')
return None
else:
sources = LdapSource.objects.all()
if not sources:
logger.debug('get_attributes: No LDAP source configured')
return None
attributes = dict()
for source in sources:
logger.debug('get_attributes: The LDAP source is known as %s' \
% source.name)
identifier = None
'''
Check if the user is authenticated by LDAP.
If it is, grab the user dn from the LDAPUser object
'''
try:
from django_auth_ldap.backend import LDAPBackend
backend = LDAPBackend()
u = backend.get_user(user.id)
dn = u.ldap_user.dn
if not dn:
logger.debug('get_attributes: \
User not logged with LDAP')
else:
logger.debug('get_attributes: \
User logged with dn %s' % dn)
'''is it logged in that source?'''
logger.debug('get_attributes: \
Is the user logged with the source %s?' % source.name)
try:
l = ldap.open(source.server)
l.protocol_version = ldap.VERSION3
username = source.user
password = source.password
if username and password:
l.simple_bind(username, password)
ldap_result_id = \
l.search(dn, ldap.SCOPE_BASE,
attrlist=['objectClass'])
result_type, result_data = l.result(ldap_result_id, 0)
logger.debug('get_attributes: Yes it is, result %s %s' \
% (result_type, result_data))
identifier = dn
except ldap.LDAPError, err:
logger.debug('get_attributes: \
User dn %s unknown in %s or error %s' \
% (dn, source.name, str(err)))
except Exception, err:
logger.error('get_attributes: \
Error working with the LDAP backend %s' % str(err))
if not identifier:
identifier = get_user_alias_in_source(user, source)
if not identifier:
logger.error('get_attributes: \
No user identifier known into that source')
else:
logger.debug('get_attributes: \
the user is known as %s in source %s' \
% (identifier, source.name))
try:
l = ldap.open(source.server)
l.protocol_version = ldap.VERSION3
username = source.user
password = source.password
if username and password:
l.simple_bind(username, password)
except ldap.LDAPError, err:
logger.error('get_attributes: \
an error occured at binding due to %s' % err)
else:
def get_attributes(user, definitions=None, source=None, auth_source=False, **kwargs):
'''
Return attributes dictionnary
Dictionnary format:
attributes = dict()
data_from_source = list()
a1 = dict()
a1['oid'] = definition_name
Or
a1['definition'] = definition_name
definition may be the definition name like 'gn'
or an alias like 'givenName'
Or
a1['name'] = attribute_name_in_ns
a1['namespace'] = ns_name
a1['values'] = list_of_values
data_from_source.append(a1)
...
data_from_source.append(a2)
attributes[source_name] = data_from_source
First attempt on 'definition' key.
Else, definition is searched by 'name' and 'namespece' keys.
'''
if not user:
logger.error('get_attributes: No user provided')
return None
logger.debug('get_attributes: Searching attributes for user %s' \
% user)
from authentic2.attribute_aggregator.models import LdapSource
sources = None
if source and not auth_source:
logger.debug('get_attributes: The required source is %s' % source)
try:
sources = [source.ldapsource]
logger.debug('get_attributes: The source is an LDAP source!')
except:
logger.debug('get_attributes: \
The required source is not a LDAP one')
return None
else:
sources = LdapSource.objects.all()
if not sources:
logger.debug('get_attributes: No LDAP source configured')
return None
attributes = dict()
for source in sources:
logger.debug('get_attributes: The LDAP source is known as %s' \
% source.name)
'''
Check if the user is authenticated by LDAP.
If it is, grab the user dn from the LDAPUser object
We support our LDAP backend and django_auth_ldap.
The way to grab the dn from the session is different.
Check also if the source we have to grab attributes from is the
ldap used as backend. Else, the dn in session is not for that LDAP
source.
If we only want attributs from the authn backend, if the ldap
source is not the used for authn, stop process.
'''
dn = None
is_source_backend = False
source_url = source.get_url()
try:
from django_auth_ldap.backend import LDAPBackend
dn = LDAPBackend().get_user(user.id).ldap_user.dn
# Only a single ldap can be used as backend with django_auth_ldap
back_url = settings.AUTH_LDAP_SERVER_URI
if back_url == source_url:
is_source_backend = True
except:
pass
if not dn and getattr(user, 'backend_id') and \
user.backend_id.startswith('ldap'):
back_url, dn = user.backend_id.split('!', 1)
if back_url == source_url:
is_source_backend = True
if auth_source and not is_source_backend:
logger.debug('get_attributes: only attributes from backend and '
'this source is not, see next')
continue
if not dn:
dn = get_user_alias_in_source(user, source)
if not dn:
logger.debug('get_attributes: \
No user identifier known into that source %s' % source.name)
continue
logger.debug('get_attributes: \
the user is known as %s in source %s' \
% (dn, source.name))
try:
l = ldap.open(source.server, port=source.port)
l.protocol_version = ldap.VERSION3
username = source.user
password = source.password
if username and password:
l.simple_bind(username, password)
except ldap.LDAPError, err:
logger.error('get_attributes: \
an error occured at binding due to %s' % err)
else:
'''
No seach of user with the scope, only exact dn
'''
# base_dn = source.base
# search_scope = ldap.SCOPE_SUBTREE
search_scope = ldap.SCOPE_BASE
retrieve_attributes = None
if definitions:
#The definition name is the ldap attribute name
logger.debug('get_attributes: attributes requested \
are %s' % definitions)
retrieve_attributes = \
[d.encode('utf-8') for d in definitions]
# dn = ldap.dn.explode_dn(identifier,
# flags=ldap.DN_FORMAT_LDAPV3)
# search_filter = dn[0]
# logger.debug('get_attributes: rdn is %s' % search_filter)
data = []
try:
# ldap_result_id = l.search(base_dn, search_scope,
# search_filter, retrieve_attributes)
ldap_result_id = l.search(dn, search_scope,
attrlist=retrieve_attributes)
result_type, result_data = l.result(ldap_result_id, 0)
logger.debug('get_attributes: result %s %s' \
% (result_type, result_data))
for d, dic in result_data:
logger.debug('get_attributes: found %s' % d)
if d == dn:
logger.debug('get_attributes: \
Attributes are %s' % dic)
for key in dic.keys():
attr = {}
attr['definition'] = key
attr['values'] = [\
a.decode('utf-8') for a in dic[key]]
data.append(attr)
except ldap.LDAPError, err:
logger.error('get_attributes: \
an error occured at searching due to %s' % err)
else:
def get_attributes(user, definitions=None, source=None, **kwargs):
'''
Return attributes dictionnary
Dictionnary format:
attributes = dict()
data_from_source = list()
a1 = dict()
a1['oid'] = definition_name
Or
a1['definition'] = definition_name
definition may be the definition name like 'gn'
or an alias like 'givenName'
Or
a1['name'] = attribute_name_in_ns
a1['namespace'] = ns_name
a1['values'] = list_of_values
data_from_source.append(a1)
...
data_from_source.append(a2)
attributes[source_name] = data_from_source
First attempt on 'definition' key.
Else, definition is searched by 'name' and 'namespece' keys.
'''
if not user:
logger.error('get_attributes: No user provided')
return None
logger.debug('get_attributes: Searching attributes for user %s' \
% user)
from authentic2.attribute_aggregator.models import LdapSource
sources = None
if source:
logger.debug('get_attributes: The required source is %s' % source)
try:
sources = [source.ldapsource]
logger.debug('get_attributes: The source is an LDAP source!')
except:
logger.debug('get_attributes: \
The required source is not a LDAP one')
return None
else:
sources = LdapSource.objects.all()
if not sources:
logger.debug('get_attributes: No LDAP source configured')
return None
attributes = dict()
for source in sources:
logger.debug('get_attributes: The LDAP source is known as %s' \
% source.name)
identifier = None
'''
Check if the user is authenticated by LDAP.
If it is, grab the user dn from the LDAPUser object
'''
try:
from django_auth_ldap.backend import LDAPBackend
backend = LDAPBackend()
u = backend.get_user(user.id)
dn = u.ldap_user.dn
if not dn:
logger.debug('get_attributes: \
User not logged with LDAP')
else:
logger.debug('get_attributes: \
User logged with dn %s' % dn)
'''is it logged in that source?'''
logger.debug('get_attributes: \
Is the user logged with the source %s?' % source.name)
try:
l = ldap.open(source.server)
l.protocol_version = ldap.VERSION3
username = source.user
password = source.password
if username and password:
l.simple_bind(username, password)
ldap_result_id = \
l.search(dn, ldap.SCOPE_BASE,
attrlist=['objectClass'])
result_type, result_data = l.result(ldap_result_id, 0)
logger.debug('get_attributes: Yes it is, result %s %s' \
% (result_type, result_data))
identifier = dn
except ldap.LDAPError, err:
logger.debug('get_attributes: \
User dn %s unknown in %s or error %s' \
% (dn, source.name, str(err)))
except Exception, err:
logger.error('get_attributes: \
Error working with the LDAP backend %s' %str(err))
if not identifier:
identifier = get_user_alias_in_source(user, source)
if not identifier:
logger.error('get_attributes: \
No user identifier known into that source')
else:
logger.debug('get_attributes: \
the user is known as %s in source %s' \
% (identifier, source.name))
try:
l = ldap.open(source.server)
l.protocol_version = ldap.VERSION3
username = source.user
password = source.password
if username and password:
l.simple_bind(username, password)
except ldap.LDAPError, err:
logger.error('get_attributes: \
an error occured at binding due to %s' % err)
else:
