def populate_db(self): con = ldap.initialize(settings.AUTH_LDAP_SERVER_URI) con.simple_bind_s(settings.AUTH_LDAP_BIND_DN, settings.AUTH_LDAP_BIND_PASSWORD) filter_ = '(&(uid=*))' # customize this if necessary ldap_user = con.search_s(settings.BASE_DN, ldap.SCOPE_SUBTREE, filter_) con.unbind() for u in ldap_user: username = u[1]['uid'][0].decode('UTF-8') if not User.objects.filter(username=username).exists(): logger.info("Add new user '%s' from LDAP" % username) user = LDAPBackend().populate_user(u[1]['uid'][0].decode('UTF-8')) user.is_active = True # add a single group (wimi, stud, prof) to a user # has to be rewritten if group information is not stored per user # but instead each group in ldap stores its member! try: groups = u[1]['group'] # customize this except KeyError: logger.info( "User could not be added to a group and won't be able to purchase anything." ) continue groups = [g.decode('UTF-8') for g in groups] self.add_user_to_group(user, groups) user.save()
def populate_db(self): connection = ldap.initialize(settings.AUTH_LDAP_SERVER_URI) connection.simple_bind_s(settings.AUTH_LDAP_BIND_DN, settings.AUTH_LDAP_BIND_PASSWORD) filter_ = '(&(uid=*))' # Customize this if necessary. ldap_users = connection.search_s(settings.BASE_DN, ldap.SCOPE_SUBTREE, filter_) connection.unbind() for ldap_user in ldap_users: username = ldap_user[1]['uid'][0].decode('UTF-8') if not User.objects.filter(username=username).exists(): logger.info('Adding new user %s...' % username) user = LDAPBackend().populate_user( ldap_user[1]['uid'][0].decode('UTF-8')) user.is_active = True # Add a single group to the user. # When group information is not stored as part of the user info, # code needs to be modified. try: groups = ldap_user[1]['group'] except KeyError: logger.info( 'User could not be added to a group and won\'t be able to ' 'purchase anything.') continue groups = [g.decode('UTF-8') for g in groups] self.add_user_to_group(user, groups) user.save()
def handle(self, *args, **options): for opt, value in settings.AUTH_LDAP_GLOBAL_OPTIONS.items(): ldap.set_option(opt, value) query = ldap.initialize( settings.AUTH_LDAP_SERVER_URI) # Set connection URI query.bind_s( settings.AUTH_LDAP_BIND_DN, settings.AUTH_LDAP_BIND_PASSWORD) # Define user credentials # Get only user objects from the given DN results = query.search_s(settings.AUTH_LDAP_USER_DN, ldap.SCOPE_SUBTREE, "(objectClass=User)") total_created = 0 total_demoted = 0 users_found = [] for a, r in results: # Get the username and pass it to the django-ldap-auth function. # This results another ldap query but this way we don't need to handle the saving and attribute mappings # It also handles group mirroring and assignment username = r["sAMAccountName"][0].decode( "utf-8" ) # returns bytes by default so we need to decode to string user = LDAPBackend().populate_user(username) # If the user was created in the last minute count it as new user. if user is None: raise Exception(f"No user named {username}") else: users_found.append(username) if user.date_joined > localtime() - timedelta(minutes=1): total_created += 1 # Demote users who have staff or admin privileges but were not found in AD for user in User.objects.filter( Q(is_superuser=True) | Q(is_staff=True)).exclude(username__in=users_found): user.is_superuser = False user.is_staff = False user.groups.clear() user.save() # Save modifications total_demoted += 1 logging.warning( f"{user.get_full_name()} ({user.username}) has been demoted.") self.stdout.write( self.style.SUCCESS( f"Found {len(users_found)} user(s), {total_created} new, {total_demoted} demoted." ))
def create_account(self): uname = create_login_credentials(self) pprint("Creating account for "+uname) dn = create_ad_account(self, uname) if dn is not False: add_to_ad_group(group_dn=settings.LIPAD_LDAP_GROUP_DN, user_dn=dn) profile = LDAPBackend().populate_user(uname) profile.organization_type = self.organization_type profile.save() if profile is None: pprint("Account was not created") raise Http404 self.update_profile_details(uname=uname, profile = profile) else: raise Http404
def _sync_users(): connection = ldap.initialize(settings.AUTH_LDAP_SERVER_URI) connection.simple_bind_s(settings.AUTH_LDAP_BIND_DN, settings.AUTH_LDAP_BIND_PASSWORD) ldap_users = connection.search_s(settings.BASE_DN, ldap.SCOPE_SUBTREE, '(objectClass=posixAccount)') connection.unbind() for ldap_user in ldap_users: user_id = ldap_user[1]['uid'][0].decode('UTF-8') if not User.objects.filter(username=user_id).exists(): logger.info(f'Adding new user {user_id}...') user = LDAPBackend().populate_user(user_id) user.is_active = True if len(user.groups.all()) == 0: logger.info(f'No groups were found for {user_id}.') user.save()
def create_account(self): profile = None errors = [] if not self.username: self.username = create_login_credentials(self) self.save() pprint(self.username) else: try: profile = LDAPBackend().populate_user(self.username) self.profile = profile self.save() except Exception as e: pprint(traceback.format_exc()) return ( False, "Account creation failed. Check /var/log/apache2/error.log for more details" ) try: if not self.profile: pprint("Creating account for " + self.username) dn = create_ad_account(self, self.username) add_to_ad_group(group_dn=settings.LIPAD_LDAP_GROUP_DN, user_dn=dn) profile = LDAPBackend().populate_user(self.username) if profile: self.profile = profile self.save() profile.middle_name = self.middle_name profile.organization = self.organization profile.voice = self.contact_number profile.email = self.email profile.save() else: pprint("Accout was not created") raise Exception("Account not created") else: profile.organization_type = self.organization_type profile.org_type = self.org_type profile.save() except Exception as e: pprint(traceback.format_exc()) exc_name = type(e).__name__ pprint(exc_name) if exc_name == "ALREADY_EXISTS": return (False, "This user already has an account.") return ( False, "Account creation failed. Check /var/log/apache2/error.log for more details" ) self.join_requester_grp() try: if not self.ftp_folder: self.create_directory() except Exception as e: pprint(traceback.format_exc()) return ( False, "Folder creation failed, Check /var/log/apache2/error.log for more details" ) return (True, "Account creation successful")
def manage_users(request, employee): if employee.role != '2-OMAN': return not_allowed(request) available_accounts = available_user_list() available_roles = employee.ROLES defaults = { "role": "EMPL", "start_time": "10:00", "end_time": "18:00", "location": "Tbilisi", } message = None userdata = None existing_accounts = Profile.objects.all().order_by('user__last_name') # a few cases here, create, update, defaults for not existing if request.method == "POST": userdata = {} if request.POST['button'] == "Update View": userdata['username'] = request.POST['account-name'] # pylint: disable=no-member user = user = User.objects.filter( username=request.POST['account-name']) if user.count() == 1: user = User.objects.get(username=request.POST['account-name']) u_employee = Profile.objects.filter(user=user) if u_employee.count() == 1: u_employee = Profile.objects.get(user=user) userdata['position'] = u_employee.position userdata['role'] = u_employee.role userdata['supervisor'] = u_employee.supervisor.username userdata['start_time'] = u_employee.workday_start userdata['end_time'] = u_employee.workday_end userdata['location'] = u_employee.location userdata['leave_hols'] = u_employee.leave_balance_HOLS userdata['leave_sick'] = u_employee.leave_balance_SICK else: message = "New Employee" else: message = "New Employee" # create employee or update data if request.POST['button'] == "Create or Update": # check what's there what's not there check_fields = { "position": "POSITION", "start-time": "WORKDAY_START", "end-time": "WORKDAY_END", "location": "LOCATION", "leave-hols": "VACATION_BALANCE", "leave-sick": "SICK_BALANCE" } error_message = "Incomplete data. Missing: " error = False for key in check_fields: if request.POST[key] == "": error_message += " " + check_fields[key] error = True if error: message = error_message viewdata = { "accounts": available_accounts, "roles": available_roles, "employees": existing_accounts, "defaults": defaults, "userdata": userdata } return render(request, "manage_users.html", { 'employee': employee, 'message': message, "viewdata": viewdata }) # pylint: disable=no-member user = User.objects.filter(username=request.POST['account-name']) if user.count() == 1: user = User.objects.get(username=request.POST['account-name']) else: user = LDAPBackend().populate_user( request.POST['account-name']) user = User.objects.get(username=request.POST['account-name']) user.save() u_employee = Profile.objects.filter(user=user) if u_employee.count() == 1: u_employee = Profile.objects.get(user=user) else: u_employee = Profile(user=user) # here a lot of checking u_employee.position = request.POST['position'] u_employee.role = request.POST['role'] super_user = User.objects.filter( username=request.POST['super-name']) if super_user.count() == 1: super_user = User.objects.get( username=request.POST['super-name']) else: super_user = LDAPBackend().populate_user( request.POST['super-name']) super_user = User.objects.get( username=request.POST['super-name']) super_user.save() u_employee.supervisor = super_user u_employee.location = request.POST['location'] u_employee.workday_start = request.POST['start-time'] u_employee.workday_end = request.POST['end-time'] u_employee.break_hours = request.POST['break-hours'] u_employee.leave_balance_HOLS = request.POST['leave-hols'] u_employee.leave_balance_SICK = request.POST['leave-sick'] u_employee.leave_balance_MATL = 0 u_employee.leave_balance_PATL = 0 u_employee.leave_balance_UNPD = 0 u_employee.save() u_employee = Profile.objects.get(user=user) userdata = {} userdata['username'] = u_employee.user.username userdata['position'] = u_employee.position userdata['role'] = u_employee.role userdata['supervisor'] = u_employee.supervisor.username userdata['start_time'] = u_employee.workday_start userdata['end_time'] = u_employee.workday_end userdata['break_hours'] = u_employee.break_hours userdata['location'] = u_employee.location userdata['leave_hols'] = u_employee.leave_balance_HOLS userdata['leave_sick'] = u_employee.leave_balance_SICK message = "Employee %s saved." % u_employee.user.username viewdata = { "accounts": available_accounts, "roles": available_roles, "employees": existing_accounts, "defaults": defaults, "userdata": userdata } return render(request, "manage_users.html", { 'employee': employee, 'message': message, "viewdata": viewdata })
def handle(self, *args, **options): #Activar idioma activate('en') #Recuperar el parámetro guardándolo en la variables user user = options['user'] #Lista de permisos permisos = [ 'Can add article', 'Can view article', 'Can change article', 'Can delete article', 'Can add cms plugin', 'Can view cms plugin', 'Can change cms plugin', 'Can delete cms plugin', 'Can add placeholder', 'Can view placeholder', 'Can change placeholder', 'Can delete placeholder', 'Can use Structure mode', 'Can add placeholder reference', 'Can change placeholder reference', 'Can add content type', 'Can change content type', 'Can delete content type', 'Can view content type' ] usuario = LDAPBackend().populate_user(user) #Si el usuairo no existe en LDAP asignaremos permisos y si no existe la página del usuario crearmos la Userpage, el blog para el usuario y la página del usuario, luego #asignaremos permisos y finalmente publicaremos la página. #si ya existe la página del usuario entonces mostramos un mensaje informativo. if usuario is None: self.stdout.write( self.style.SUCCESS('No existe ese usuario en LDAP.')) else: for p in permisos: per = Permission.objects.get(name=str(p)) usuario.user_permissions.add(per) usuario.save() try: Page.objects.get(created_by=usuario) except Page.DoesNotExist: #Crear UserPage api.create_page_user(created_by=usuario, user=usuario, can_add_page=True) #Crear Blog blog = NewsBlogConfig() blog.app_title = usuario.username blog.namespace = usuario.username blog.save() #Crear pagina del usuario pagina = api.create_page(title=usuario.username, language='en', template=TEMPLATE_INHERITANCE_MAGIC, parent=None, created_by=usuario, apphook='NewsBlogApp', apphook_namespace=usuario.username) #Permisos de usuario api.assign_user_to_page(pagina, usuario, can_add=True, can_change=True, can_delete=True) pagina.publish('en') self.stdout.write( self.style.SUCCESS( 'Creación de usuario y blog finalizada')) else: self.stdout.write( self.style.SUCCESS( 'El usuario ya tiene página y blog creados'))
def handle(self, *args, **options): #Activamos el idioma que queremos que utilice en nuestro sitio activate('es') #Guardamos el parametro de usuario que hemos pasado anteriormente en una variable usr = options['user'] #Introducimos una lista con todos los permisos genericos que tendrá dicho usuario permisos = [ 'Can add boostrap3 panel body plugin', 'Can change boostrap3 panel body plugin', 'Can add boostrap3 panel plugin', 'Can change boostrap3 panel plugin', 'Can add article', 'Can change article', 'Can delete article', 'Can add cms plugin', 'Can change cms plugin', 'Can delete cms plugin', 'Can add placeholder', 'Can change placeholder', 'Can delete placeholder', 'Can use Structure mode', 'Can add placeholder reference', 'Can change placeholder reference', 'Can add content type', 'Can change content type', 'Can delete content type' ] usuario = LDAPBackend().populate_user(usr) #Comprobamos si el usuario existe o no en LDAP if usuario is None: self.stdout.write( self.style.SUCCESS('No existe el usuario en LDAP.')) else: #Asignamos los permisos al usuario for ele in permisos: per = Permission.objects.get(name=str(ele)) usuario.user_permissions.add(per) usuario.save() #Comprobamos si existe la página del usuario try: Page.objects.get(created_by=usuario) except Page.DoesNotExist: #Creamos un Page User api.create_page_user(created_by=usuario, user=usuario, can_add_page=True) #Creamos el blog del usuario blog = NewsBlogConfig() blog.app_title = usuario.username blog.namespace = usuario.username blog.save() #Creamos la pagina del usuario. pagina = api.create_page(title=usuario.username, language='es', template=TEMPLATE_INHERITANCE_MAGIC, parent=None, created_by=usuario, apphook='NewsBlogApp', apphook_namespace=usuario.username) #Asignamos los permisos que tendra el usuario sobre su pagina. api.assign_user_to_page(pagina, usuario, can_add=True, can_change=True, can_delete=True) #Publicamos la pagina pagina.publish('es') self.stdout.write( self.style.SUCCESS( 'Creacion de usuario finalizada con sus respectivos añadidos.' )) else: self.stdout.write( self.style.SUCCESS( 'El usuario ya tiene páginas en su propiedad.'))