def populate_db(self):
con = ldap.initialize(settings.AUTH_LDAP_SERVER_URI)
con.simple_bind_s(settings.AUTH_LDAP_BIND_DN,
settings.AUTH_LDAP_BIND_PASSWORD)
filter_ = '(&(uid=*))' # customize this if necessary
ldap_user = con.search_s(settings.BASE_DN, ldap.SCOPE_SUBTREE, filter_)
con.unbind()
for u in ldap_user:
username = u[1]['uid'][0].decode('UTF-8')
if not User.objects.filter(username=username).exists():
logger.info("Add new user '%s' from LDAP" % username)
user = LDAPBackend().populate_user(u[1]['uid'][0].decode('UTF-8'))
user.is_active = True
# add a single group (wimi, stud, prof) to a user
# has to be rewritten if group information is not stored per user
# but instead each group in ldap stores its member!
try:
groups = u[1]['group'] # customize this
except KeyError:
logger.info(
"User could not be added to a group and won't be able to purchase anything."
)
continue
groups = [g.decode('UTF-8') for g in groups]
self.add_user_to_group(user, groups)
user.save()
def populate_db(self):
connection = ldap.initialize(settings.AUTH_LDAP_SERVER_URI)
connection.simple_bind_s(settings.AUTH_LDAP_BIND_DN,
settings.AUTH_LDAP_BIND_PASSWORD)
filter_ = '(&(uid=*))' # Customize this if necessary.
ldap_users = connection.search_s(settings.BASE_DN, ldap.SCOPE_SUBTREE,
filter_)
connection.unbind()
for ldap_user in ldap_users:
username = ldap_user[1]['uid'][0].decode('UTF-8')
if not User.objects.filter(username=username).exists():
logger.info('Adding new user %s...' % username)
user = LDAPBackend().populate_user(
ldap_user[1]['uid'][0].decode('UTF-8'))
user.is_active = True
# Add a single group to the user.
# When group information is not stored as part of the user info,
# code needs to be modified.
try:
groups = ldap_user[1]['group']
except KeyError:
logger.info(
'User could not be added to a group and won\'t be able to '
'purchase anything.')
continue
groups = [g.decode('UTF-8') for g in groups]
self.add_user_to_group(user, groups)
user.save()
def handle(self, *args, **options):
for opt, value in settings.AUTH_LDAP_GLOBAL_OPTIONS.items():
ldap.set_option(opt, value)
query = ldap.initialize(
settings.AUTH_LDAP_SERVER_URI) # Set connection URI
query.bind_s(
settings.AUTH_LDAP_BIND_DN,
settings.AUTH_LDAP_BIND_PASSWORD) # Define user credentials
# Get only user objects from the given DN
results = query.search_s(settings.AUTH_LDAP_USER_DN,
ldap.SCOPE_SUBTREE, "(objectClass=User)")
total_created = 0
total_demoted = 0
users_found = []
for a, r in results:
# Get the username and pass it to the django-ldap-auth function.
# This results another ldap query but this way we don't need to handle the saving and attribute mappings
# It also handles group mirroring and assignment
username = r["sAMAccountName"][0].decode(
"utf-8"
) # returns bytes by default so we need to decode to string
user = LDAPBackend().populate_user(username)
# If the user was created in the last minute count it as new user.
if user is None:
raise Exception(f"No user named {username}")
else:
users_found.append(username)
if user.date_joined > localtime() - timedelta(minutes=1):
total_created += 1
# Demote users who have staff or admin privileges but were not found in AD
for user in User.objects.filter(
Q(is_superuser=True)
| Q(is_staff=True)).exclude(username__in=users_found):
user.is_superuser = False
user.is_staff = False
user.groups.clear()
user.save() # Save modifications
total_demoted += 1
logging.warning(
f"{user.get_full_name()} ({user.username}) has been demoted.")
self.stdout.write(
self.style.SUCCESS(
f"Found {len(users_found)} user(s), {total_created} new, {total_demoted} demoted."
))
def create_account(self):
uname = create_login_credentials(self)
pprint("Creating account for "+uname)
dn = create_ad_account(self, uname)
if dn is not False:
add_to_ad_group(group_dn=settings.LIPAD_LDAP_GROUP_DN, user_dn=dn)
profile = LDAPBackend().populate_user(uname)
profile.organization_type = self.organization_type
profile.save()
if profile is None:
pprint("Account was not created")
raise Http404
self.update_profile_details(uname=uname, profile = profile)
else:
raise Http404
def _sync_users():
connection = ldap.initialize(settings.AUTH_LDAP_SERVER_URI)
connection.simple_bind_s(settings.AUTH_LDAP_BIND_DN,
settings.AUTH_LDAP_BIND_PASSWORD)
ldap_users = connection.search_s(settings.BASE_DN, ldap.SCOPE_SUBTREE,
'(objectClass=posixAccount)')
connection.unbind()
for ldap_user in ldap_users:
user_id = ldap_user[1]['uid'][0].decode('UTF-8')
if not User.objects.filter(username=user_id).exists():
logger.info(f'Adding new user {user_id}...')
user = LDAPBackend().populate_user(user_id)
user.is_active = True
if len(user.groups.all()) == 0:
logger.info(f'No groups were found for {user_id}.')
user.save()
def create_account(self):
profile = None
errors = []
if not self.username:
self.username = create_login_credentials(self)
self.save()
pprint(self.username)
else:
try:
profile = LDAPBackend().populate_user(self.username)
self.profile = profile
self.save()
except Exception as e:
pprint(traceback.format_exc())
return (
False,
"Account creation failed. Check /var/log/apache2/error.log for more details"
)
try:
if not self.profile:
pprint("Creating account for " + self.username)
dn = create_ad_account(self, self.username)
add_to_ad_group(group_dn=settings.LIPAD_LDAP_GROUP_DN,
user_dn=dn)
profile = LDAPBackend().populate_user(self.username)
if profile:
self.profile = profile
self.save()
profile.middle_name = self.middle_name
profile.organization = self.organization
profile.voice = self.contact_number
profile.email = self.email
profile.save()
else:
pprint("Accout was not created")
raise Exception("Account not created")
else:
profile.organization_type = self.organization_type
profile.org_type = self.org_type
profile.save()
except Exception as e:
pprint(traceback.format_exc())
exc_name = type(e).__name__
pprint(exc_name)
if exc_name == "ALREADY_EXISTS":
return (False, "This user already has an account.")
return (
False,
"Account creation failed. Check /var/log/apache2/error.log for more details"
)
self.join_requester_grp()
try:
if not self.ftp_folder:
self.create_directory()
except Exception as e:
pprint(traceback.format_exc())
return (
False,
"Folder creation failed, Check /var/log/apache2/error.log for more details"
)
return (True, "Account creation successful")
def manage_users(request, employee):
if employee.role != '2-OMAN':
return not_allowed(request)
available_accounts = available_user_list()
available_roles = employee.ROLES
defaults = {
"role": "EMPL",
"start_time": "10:00",
"end_time": "18:00",
"location": "Tbilisi",
}
message = None
userdata = None
existing_accounts = Profile.objects.all().order_by('user__last_name')
# a few cases here, create, update, defaults for not existing
if request.method == "POST":
userdata = {}
if request.POST['button'] == "Update View":
userdata['username'] = request.POST['account-name']
# pylint: disable=no-member
user = user = User.objects.filter(
username=request.POST['account-name'])
if user.count() == 1:
user = User.objects.get(username=request.POST['account-name'])
u_employee = Profile.objects.filter(user=user)
if u_employee.count() == 1:
u_employee = Profile.objects.get(user=user)
userdata['position'] = u_employee.position
userdata['role'] = u_employee.role
userdata['supervisor'] = u_employee.supervisor.username
userdata['start_time'] = u_employee.workday_start
userdata['end_time'] = u_employee.workday_end
userdata['location'] = u_employee.location
userdata['leave_hols'] = u_employee.leave_balance_HOLS
userdata['leave_sick'] = u_employee.leave_balance_SICK
else:
message = "New Employee"
else:
message = "New Employee"
# create employee or update data
if request.POST['button'] == "Create or Update":
# check what's there what's not there
check_fields = {
"position": "POSITION",
"start-time": "WORKDAY_START",
"end-time": "WORKDAY_END",
"location": "LOCATION",
"leave-hols": "VACATION_BALANCE",
"leave-sick": "SICK_BALANCE"
}
error_message = "Incomplete data. Missing: "
error = False
for key in check_fields:
if request.POST[key] == "":
error_message += " " + check_fields[key]
error = True
if error:
message = error_message
viewdata = {
"accounts": available_accounts,
"roles": available_roles,
"employees": existing_accounts,
"defaults": defaults,
"userdata": userdata
}
return render(request, "manage_users.html", {
'employee': employee,
'message': message,
"viewdata": viewdata
})
# pylint: disable=no-member
user = User.objects.filter(username=request.POST['account-name'])
if user.count() == 1:
user = User.objects.get(username=request.POST['account-name'])
else:
user = LDAPBackend().populate_user(
request.POST['account-name'])
user = User.objects.get(username=request.POST['account-name'])
user.save()
u_employee = Profile.objects.filter(user=user)
if u_employee.count() == 1:
u_employee = Profile.objects.get(user=user)
else:
u_employee = Profile(user=user)
# here a lot of checking
u_employee.position = request.POST['position']
u_employee.role = request.POST['role']
super_user = User.objects.filter(
username=request.POST['super-name'])
if super_user.count() == 1:
super_user = User.objects.get(
username=request.POST['super-name'])
else:
super_user = LDAPBackend().populate_user(
request.POST['super-name'])
super_user = User.objects.get(
username=request.POST['super-name'])
super_user.save()
u_employee.supervisor = super_user
u_employee.location = request.POST['location']
u_employee.workday_start = request.POST['start-time']
u_employee.workday_end = request.POST['end-time']
u_employee.break_hours = request.POST['break-hours']
u_employee.leave_balance_HOLS = request.POST['leave-hols']
u_employee.leave_balance_SICK = request.POST['leave-sick']
u_employee.leave_balance_MATL = 0
u_employee.leave_balance_PATL = 0
u_employee.leave_balance_UNPD = 0
u_employee.save()
u_employee = Profile.objects.get(user=user)
userdata = {}
userdata['username'] = u_employee.user.username
userdata['position'] = u_employee.position
userdata['role'] = u_employee.role
userdata['supervisor'] = u_employee.supervisor.username
userdata['start_time'] = u_employee.workday_start
userdata['end_time'] = u_employee.workday_end
userdata['break_hours'] = u_employee.break_hours
userdata['location'] = u_employee.location
userdata['leave_hols'] = u_employee.leave_balance_HOLS
userdata['leave_sick'] = u_employee.leave_balance_SICK
message = "Employee %s saved." % u_employee.user.username
viewdata = {
"accounts": available_accounts,
"roles": available_roles,
"employees": existing_accounts,
"defaults": defaults,
"userdata": userdata
}
return render(request, "manage_users.html", {
'employee': employee,
'message': message,
"viewdata": viewdata
})
def handle(self, *args, **options):
#Activar idioma
activate('en')
#Recuperar el parámetro guardándolo en la variables user
user = options['user']
#Lista de permisos
permisos = [
'Can add article', 'Can view article', 'Can change article',
'Can delete article', 'Can add cms plugin', 'Can view cms plugin',
'Can change cms plugin', 'Can delete cms plugin',
'Can add placeholder', 'Can view placeholder',
'Can change placeholder', 'Can delete placeholder',
'Can use Structure mode', 'Can add placeholder reference',
'Can change placeholder reference', 'Can add content type',
'Can change content type', 'Can delete content type',
'Can view content type'
]
usuario = LDAPBackend().populate_user(user)
#Si el usuairo no existe en LDAP asignaremos permisos y si no existe la página del usuario crearmos la Userpage, el blog para el usuario y la página del usuario, luego
#asignaremos permisos y finalmente publicaremos la página.
#si ya existe la página del usuario entonces mostramos un mensaje informativo.
if usuario is None:
self.stdout.write(
self.style.SUCCESS('No existe ese usuario en LDAP.'))
else:
for p in permisos:
per = Permission.objects.get(name=str(p))
usuario.user_permissions.add(per)
usuario.save()
try:
Page.objects.get(created_by=usuario)
except Page.DoesNotExist:
#Crear UserPage
api.create_page_user(created_by=usuario,
user=usuario,
can_add_page=True)
#Crear Blog
blog = NewsBlogConfig()
blog.app_title = usuario.username
blog.namespace = usuario.username
blog.save()
#Crear pagina del usuario
pagina = api.create_page(title=usuario.username,
language='en',
template=TEMPLATE_INHERITANCE_MAGIC,
parent=None,
created_by=usuario,
apphook='NewsBlogApp',
apphook_namespace=usuario.username)
#Permisos de usuario
api.assign_user_to_page(pagina,
usuario,
can_add=True,
can_change=True,
can_delete=True)
pagina.publish('en')
self.stdout.write(
self.style.SUCCESS(
'Creación de usuario y blog finalizada'))
else:
self.stdout.write(
self.style.SUCCESS(
'El usuario ya tiene página y blog creados'))
def handle(self, *args, **options):
#Activamos el idioma que queremos que utilice en nuestro sitio
activate('es')
#Guardamos el parametro de usuario que hemos pasado anteriormente en una variable
usr = options['user']
#Introducimos una lista con todos los permisos genericos que tendrá dicho usuario
permisos = [
'Can add boostrap3 panel body plugin',
'Can change boostrap3 panel body plugin',
'Can add boostrap3 panel plugin',
'Can change boostrap3 panel plugin', 'Can add article',
'Can change article', 'Can delete article', 'Can add cms plugin',
'Can change cms plugin', 'Can delete cms plugin',
'Can add placeholder', 'Can change placeholder',
'Can delete placeholder', 'Can use Structure mode',
'Can add placeholder reference',
'Can change placeholder reference', 'Can add content type',
'Can change content type', 'Can delete content type'
]
usuario = LDAPBackend().populate_user(usr)
#Comprobamos si el usuario existe o no en LDAP
if usuario is None:
self.stdout.write(
self.style.SUCCESS('No existe el usuario en LDAP.'))
else:
#Asignamos los permisos al usuario
for ele in permisos:
per = Permission.objects.get(name=str(ele))
usuario.user_permissions.add(per)
usuario.save()
#Comprobamos si existe la página del usuario
try:
Page.objects.get(created_by=usuario)
except Page.DoesNotExist:
#Creamos un Page User
api.create_page_user(created_by=usuario,
user=usuario,
can_add_page=True)
#Creamos el blog del usuario
blog = NewsBlogConfig()
blog.app_title = usuario.username
blog.namespace = usuario.username
blog.save()
#Creamos la pagina del usuario.
pagina = api.create_page(title=usuario.username,
language='es',
template=TEMPLATE_INHERITANCE_MAGIC,
parent=None,
created_by=usuario,
apphook='NewsBlogApp',
apphook_namespace=usuario.username)
#Asignamos los permisos que tendra el usuario sobre su pagina.
api.assign_user_to_page(pagina,
usuario,
can_add=True,
can_change=True,
can_delete=True)
#Publicamos la pagina
pagina.publish('es')
self.stdout.write(
self.style.SUCCESS(
'Creacion de usuario finalizada con sus respectivos añadidos.'
))
else:
self.stdout.write(
self.style.SUCCESS(
'El usuario ya tiene páginas en su propiedad.'))
