def search_on_roles(roles): conn = None permList = [] search_filter = '(&(objectClass=' + PERM_OC_NAME + ')' if len(roles) > 1: search_filter += '(|' end_filter = '))' else: end_filter = ')' for role in roles: search_filter += '(' + ROLES + '=' + role + ')' search_filter += end_filter try: conn = ldaphelper.open() id = conn.search(search_base, search_filter, attributes=SEARCH_ATTRS) response = ldaphelper.get_response(conn, id) total_entries = len(response) except Exception as e: raise LdapException('Perm Search Roles error=' + str(e)) else: if total_entries > 0: for entry in response: permList.append(__unload(entry)) finally: if conn: ldaphelper.close(conn) return permList
def update(entity): __validate(entity, 'Update Role') try: attrs = {} if entity.description is not None and len(entity.description) > 0: attrs.update( {global_ids.DESC: [(MODIFY_REPLACE, [entity.description])]}) if entity.props is not None and len(entity.props) > 0: attrs.update( {global_ids.PROPS: [(MODIFY_REPLACE, [entity.props])]}) if entity.constraint is not None: attrs.update({ global_ids.CONSTRAINT: [(MODIFY_REPLACE, [entity.constraint.get_raw()])] }) if len(attrs) > 0: conn = ldaphelper.open() id = conn.modify(__get_dn(entity), attrs) except Exception as e: raise LdapException('Role update error=' + str(e), global_ids.ROLE_UPDATE_FAILED) else: result = ldaphelper.get_result(conn, id) if result == global_ids.NOT_FOUND: raise LdapException('Role update failed, not found:' + entity.name, global_ids.ROLE_UPDATE_FAILED) elif result != 0: raise LdapException('Role update failed result=' + str(result), global_ids.ROLE_UPDATE_FAILED) return entity
def create_obj(entity): __validate_obj(entity, 'Create PermObj') try: attrs = {} attrs.update({OBJ_NM: entity.obj_name}) # generate random id: entity.internal_id = str(uuid.uuid4()) attrs.update({global_ids.INTERNAL_ID: entity.internal_id}) attrs.update({global_ids.OU: entity.ou}) if entity.description is not None and len(entity.description) > 0: attrs.update({global_ids.DESC: entity.description}) if entity.type is not None and len(entity.type) > 0: attrs.update({TYPE: entity.type}) if entity.props is not None and len(entity.props) > 0: attrs.update({global_ids.PROPS: entity.props}) conn = ldaphelper.open() id = conn.add(__get_obj_dn(entity), PERM_OBJ_OCS, attrs) except Exception as e: raise LdapException('PermObj create error=' + str(e), global_ids.PERM_ADD_FAILED) else: result = ldaphelper.get_result(conn, id) if result == global_ids.OBJECT_ALREADY_EXISTS: raise LdapException( 'PermObj create failed, already exists:' + entity.name, global_ids.PERM_ADD_FAILED) elif result != 0: raise LdapException('PermObj create failed result=' + str(result), global_ids.PERM_ADD_FAILED) return entity
def update_obj(entity): __validate_obj(entity, 'Update PermObj') try: attrs = {} if entity.ou is not None and len(entity.ou) > 0: attrs.update({global_ids.OU: [(MODIFY_REPLACE, [entity.ou])]}) if entity.description is not None and len(entity.description) > 0: attrs.update( {global_ids.DESC: [(MODIFY_REPLACE, [entity.description])]}) if entity.type is not None and len(entity.type) > 0: attrs.update({TYPE: [(MODIFY_REPLACE, [entity.type])]}) if entity.props is not None and len(entity.props) > 0: attrs.update({global_ids.PROPS: [(MODIFY_REPLACE, entity.props)]}) if len(attrs) > 0: conn = ldaphelper.open() id = conn.modify(__get_obj_dn(entity), attrs) except Exception as e: raise LdapException('PermObj update error=' + str(e), global_ids.PERM_UPDATE_FAILED) else: result = ldaphelper.get_result(conn, id) if result == global_ids.NOT_FOUND: raise LdapException( 'PermObj update failed, not found:' + entity.name, global_ids.PERM_UPDATE_FAILED) elif result != 0: raise LdapException('PermObj update failed result=' + str(result), global_ids.PERM_UPDATE_FAILED) return entity
def search(entity): __validate(entity, "Perm Search") conn = None permList = [] search_filter = '(&(objectClass=' + PERM_OC_NAME + ')' if entity.obj_name is not None and len(entity.obj_name) > 0: search_filter += '(' + OBJ_NM + '=' + entity.obj_name + ')' if entity.op_name is not None and len(entity.op_name) > 0: search_filter += '(' + OP_NM + '=' + entity.op_name + ')' if entity.obj_id is not None and len(entity.obj_id) > 0: search_filter += '(' + OBJ_ID + '=' + entity.obj_id + ')' search_filter += ')' try: conn = ldaphelper.open() id = conn.search(search_base, search_filter, attributes=SEARCH_ATTRS) response = ldaphelper.get_response(conn, id) total_entries = len(response) except Exception as e: raise LdapException('Perm search error=' + str(e)) else: if total_entries > 0: for entry in response: permList.append(__unload(entry)) finally: if conn: ldaphelper.close(conn) return permList
def search(entity): __validate(entity, "User Search") conn = None userList = [] search_filter = '(&(objectClass=' + USER_OC_NAME + ')' if entity.uid is not None and len(entity.uid) > 0: search_filter += '(' + global_ids.UID + '=' + entity.uid + ')' if entity.ou is not None and len(entity.ou) > 0: search_filter += '(' + global_ids.OU + '=' + entity.ou + ')' search_filter += ')' try: conn = ldaphelper.open() id = conn.search(search_base, search_filter, attributes=SEARCH_ATTRS) response = ldaphelper.get_response(conn, id) total_entries = len(response) except Exception as e: raise LdapException('User Authenticate search LDAP error=' + str(e)) else: if total_entries > 0: for entry in response: userList.append(__unload(entry)) finally: if conn: ldaphelper.close(conn) return userList
def create(entity): __validate(entity, 'Create Role') try: attrs = {} attrs.update({global_ids.CN: entity.name}) attrs.update({ROLE_NAME: entity.name}) # generate random id: entity.internal_id = str(uuid.uuid4()) attrs.update({global_ids.INTERNAL_ID: entity.internal_id}) if entity.description is not None and len(entity.description) > 0: attrs.update({global_ids.DESC: entity.description}) if entity.props is not None and len(entity.props) > 0: attrs.update({global_ids.PROPS: entity.props}) if entity.constraint is not None: attrs.update({global_ids.CONSTRAINT: entity.constraint.get_raw()}) conn = ldaphelper.open() id = conn.add(__get_dn(entity), ROLE_OCS, attrs) except Exception as e: raise LdapException('Role create error=' + str(e), global_ids.ROLE_ADD_FAILED) else: result = ldaphelper.get_result(conn, id) if result == global_ids.OBJECT_ALREADY_EXISTS: raise LdapException( 'Role create failed, already exists:' + entity.name, global_ids.ROLE_ADD_FAILED) elif result != 0: raise LdapException('Role create failed result=' + str(result), global_ids.ROLE_ADD_FAILED) return entity
def delete_obj(entity): __validate_obj(entity, 'Delete PermObj') try: conn = ldaphelper.open() id = conn.delete(__get_obj_dn(entity)) except Exception as e: raise LdapException('PermObj delete error=' + str(e), global_ids.PERM_DELETE_FAILED) else: result = ldaphelper.get_result(conn, id) if result == global_ids.NOT_FOUND: raise LdapException('PermObj delete not found:' + entity.name, global_ids.PERM_DELETE_FAILED) elif result != 0: raise LdapException('PermObj delete failed result=' + str(result), global_ids.PERM_DELETE_FAILED) return entity
def add_member(entity, uid): __validate(entity, 'Add Member') try: attrs = {} if uid is not None and len(uid) > 0: user_dn = __get_user_dn(uid) attrs.update({MEMBER: [(MODIFY_ADD, user_dn)]}) conn = ldaphelper.open() id = conn.modify(__get_dn(entity), attrs) except Exception as e: raise LdapException('Add member error=' + str(e), global_ids.ROLE_USER_ASSIGN_FAILED) else: result = ldaphelper.get_result(conn, id) if result == global_ids.NOT_FOUND: raise LdapException('Add member failed, not found, role=' + entity.name + ', member dn=' + user_dn) elif result != 0: raise LdapException('Add member failed result=' + str(result), global_ids.ROLE_USER_ASSIGN_FAILED) return entity
def search(entity): __validate(entity, "Role Search") conn = None roleList = [] search_filter = '(&(objectClass=' + ROLE_OC_NAME + ')' search_filter += '(' + ROLE_NAME + '=' + entity.name + '))' try: conn = ldaphelper.open() id = conn.search(search_base, search_filter, attributes=SEARCH_ATTRS) response = ldaphelper.get_response(conn, id) total_entries = len(response) except Exception as e: raise LdapException('Role search error=' + str(e)) else: if total_entries > 0: for entry in response: roleList.append(__unload(entry)) finally: if conn: ldaphelper.close(conn) return roleList
def remove_member(entity, uid): __validate(entity, 'Remove Member') try: attrs = {} if uid is not None and len(uid) > 0: user_dn = __get_user_dn(uid) attrs.update({MEMBER: [(MODIFY_DELETE, user_dn)]}) conn = ldaphelper.open() id = conn.modify(__get_dn(entity), attrs) except Exception as e: raise LdapException('Remove member error=' + str(e), global_ids.ROLE_USER_DEASSIGN_FAILED) else: result = ldaphelper.get_result(conn, id) if result == global_ids.NO_SUCH_ATTRIBUTE: raise LdapException('Remove member failed, not assigned, role=' + entity.name + ', member dn=' + user_dn) elif result != 0: raise LdapException('Remove member failed result=' + str(result), global_ids.ROLE_USER_DEASSIGN_FAILED) return entity
def grant(entity, role): __validate(entity, 'Grant Perm') try: attrs = {} if role is not None: attrs.update({ROLES: [(MODIFY_ADD, role.name)]}) conn = ldaphelper.open() id = conn.modify(__get_dn(entity), attrs) except Exception as e: raise LdapException('Perm grant error=' + str(e), global_ids.PERM_GRANT_FAILED) else: result = ldaphelper.get_result(conn, id) if result == global_ids.NOT_FOUND: raise LdapException( 'Perm grant failed, not found, obj name=' + entity.obj_name + ', op_name=' + entity.op_name + ', op id=' + entity.obj_id + ', role=' + role.name, global_ids.PERM_OP_NOT_FOUND) elif result != 0: raise LdapException('Perm grant failed result=' + str(result), global_ids.PERM_GRANT_FAILED) return entity
def assign(entity, constraint): __validate(entity, 'Assign') try: attrs = {} if constraint is not None: attrs.update( {ROLE_CONSTRAINTS: [(MODIFY_ADD, constraint.get_raw())]}) attrs.update({ROLES: [(MODIFY_ADD, constraint.name)]}) if len(attrs) > 0: conn = ldaphelper.open() id = conn.modify(__get_dn(entity), attrs) except Exception as e: raise LdapException('User assign error=' + str(e), global_ids.URLE_ASSIGN_FAILED) else: result = ldaphelper.get_result(conn, id) if result == global_ids.NOT_FOUND: raise LdapException('User assign failed, not found:' + entity.name, global_ids.USER_NOT_FOUND) elif result != 0: raise LdapException('User assign failed result=' + str(result), global_ids.URLE_ASSIGN_FAILED) return entity
def revoke(entity, role): __validate(entity, 'Revoke Perm') try: attrs = {} if role is not None: attrs.update({ROLES: [(MODIFY_DELETE, role.name)]}) conn = ldaphelper.open() id = conn.modify(__get_dn(entity), attrs) except Exception as e: raise LdapException('Perm revoke error=' + str(e), global_ids.PERM_REVOKE_FAILED) else: result = ldaphelper.get_result(conn, id) if result == global_ids.NO_SUCH_ATTRIBUTE: raise LdapException( 'Perm revoke failed, not granted, obj name=' + entity.obj_name + ', op_name=' + entity.op_name + ', op id=' + entity.obj_id + ', role=' + role.name, global_ids.PERM_ROLE_NOT_EXIST) elif result != 0: raise LdapException('Perm revoke failed result=' + str(result), global_ids.PERM_REVOKE_FAILED) return entity
def get_members(entity): __validate(entity, "Get Members") conn = None uList = [] search_filter = '(&(objectClass=' + ROLE_OC_NAME + ')' search_filter += '(' + ROLE_NAME + '=' + entity.name + '))' try: conn = ldaphelper.open() id = conn.search(search_base, search_filter, attributes=[MEMBER]) response = ldaphelper.get_response(conn, id) total_entries = len(response) except Exception as e: raise LdapException('Get members search error=' + str(e)) else: if total_entries == 0: raise NotFound("Role not found, name=" + entity.name) elif total_entries > 1: raise NotUnique("Role not unique, name=" + entity.name) member_dns = ldaphelper.get_list(response[0][ATTRIBUTES][MEMBER]) uList = __convert_list(member_dns) finally: if conn: ldaphelper.close(conn) return uList
def update(entity): __validate(entity, 'Update User') try: attrs = {} if entity.cn is not None or len(entity.cn) > 0: attrs.update({global_ids.CN: [(MODIFY_REPLACE, [entity.cn])]}) if entity.sn is not None or len(entity.sn) > 0: attrs.update({global_ids.SN: [(MODIFY_REPLACE, [entity.sn])]}) if entity.password is not None and len(entity.password) > 0: attrs.update({PW: [(MODIFY_REPLACE, [entity.password])]}) if entity.description is not None and len(entity.description) > 0: attrs.update( {global_ids.DESC: [(MODIFY_REPLACE, [entity.description])]}) if entity.ou is not None and len(entity.ou) > 0: attrs.update({global_ids.OU: [(MODIFY_REPLACE, [entity.ou])]}) if entity.display_name is not None and len(entity.display_name) > 0: attrs.update( {DISPLAY_NAME: [(MODIFY_REPLACE, [entity.display_name])]}) if entity.employee_type is not None and len(entity.employee_type) > 0: attrs.update( {EMPLOYEE_TYPE: [(MODIFY_REPLACE, entity.employee_type)]}) if entity.title is not None and len(entity.title) > 0: attrs.update({TITLE: [(MODIFY_REPLACE, [entity.title])]}) if entity.phones is not None and len(entity.phones) > 0: attrs.update({TELEPHONE_NUMBER: [(MODIFY_REPLACE, entity.phones)]}) if entity.mobiles is not None and len(entity.mobiles) > 0: attrs.update({MOBILE: [(MODIFY_REPLACE, entity.mobiles)]}) if entity.emails is not None and len(entity.emails) > 0: attrs.update({MAIL: [(MODIFY_REPLACE, entity.emails)]}) if entity.system is not None: attrs.update({IS_SYSTEM: [(MODIFY_REPLACE, entity.system)]}) if entity.props is not None and len(entity.props) > 0: attrs.update({global_ids.PROPS: [(MODIFY_REPLACE, entity.props)]}) if entity.department_number is not None and len( entity.department_number) > 0: attrs.update( {DEPT_NUM: [(MODIFY_REPLACE, entity.department_number)]}) if entity.l is not None and len(entity.l) > 0: attrs.update({LOCATION: [(MODIFY_REPLACE, entity.l)]}) if entity.physical_delivery_office_name is not None and len( entity.physical_delivery_office_name) > 0: attrs.update({ PHYSICAL_OFFICE_NM: [(MODIFY_REPLACE, entity.physical_delivery_office_name)] }) if entity.postal_code is not None and len(entity.postal_code) > 0: attrs.update({POSTAL_CODE: [(MODIFY_REPLACE, entity.postal_code)]}) if entity.room_number is not None and len(entity.room_number) > 0: attrs.update({RM_NUM: [(MODIFY_REPLACE, entity.room_number)]}) if entity.constraint is not None: attrs.update({ global_ids.CONSTRAINT: [(MODIFY_REPLACE, entity.constraint.get_raw())] }) if entity.pw_policy is not None and len(entity.pw_policy) > 0: attrs.update({PW_POLICY: [(MODIFY_REPLACE, entity.pw_policy)]}) if len(attrs) > 0: conn = ldaphelper.open() id = conn.modify(__get_dn(entity), attrs) except Exception as e: raise LdapException('User update error=' + str(e), global_ids.USER_UPDATE_FAILED) else: result = ldaphelper.get_result(conn, id) if result == global_ids.NOT_FOUND: raise LdapException('User update failed, not found:' + entity.name, global_ids.USER_UPDATE_FAILED) elif result != 0: raise LdapException('User update failed result=' + str(result), global_ids.USER_UPDATE_FAILED) return entity
def create(entity): __validate(entity, 'Create User') try: attrs = {} attrs.update({global_ids.UID: entity.uid}) # generate random id: entity.internal_id = str(uuid.uuid4()) attrs.update({global_ids.INTERNAL_ID: entity.internal_id}) # cn is req'd for iNetOrgPerson, if caller did not set, use uid value if entity.cn is None or len(entity.cn) == 0: entity.cn = entity.uid attrs.update({global_ids.CN: entity.cn}) # likewise sn is req'd for iNetOrgPerson, if caller did not set, use uid value if entity.sn is None or len(entity.sn) == 0: entity.sn = entity.uid attrs.update({global_ids.SN: entity.sn}) if entity.password is not None and len(entity.password) > 0: attrs.update({PW: entity.password}) if entity.description is not None and len(entity.description) > 0: attrs.update({global_ids.DESC: entity.description}) if entity.ou is not None and len(entity.ou) > 0: attrs.update({global_ids.OU: entity.ou}) if entity.display_name is not None and len(entity.display_name) > 0: attrs.update({DISPLAY_NAME: entity.display_name}) if entity.employee_type is not None and len(entity.employee_type) > 0: attrs.update({EMPLOYEE_TYPE: entity.employee_type}) if entity.title is not None and len(entity.title) > 0: attrs.update({TITLE: entity.title}) if entity.phones is not None and len(entity.phones) > 0: attrs.update({TELEPHONE_NUMBER: entity.phones}) if entity.mobiles is not None and len(entity.mobiles) > 0: attrs.update({MOBILE: entity.mobiles}) if entity.emails is not None and len(entity.emails) > 0: attrs.update({MAIL: entity.emails}) if entity.system is not None: attrs.update({IS_SYSTEM: entity.system}) if entity.props is not None and len(entity.props) > 0: attrs.update({global_ids.PROPS: entity.props}) if entity.department_number is not None and len( entity.department_number) > 0: attrs.update({DEPT_NUM: entity.department_number}) if entity.l is not None and len(entity.l) > 0: attrs.update({LOCATION: entity.l}) if entity.physical_delivery_office_name is not None and len( entity.physical_delivery_office_name) > 0: attrs.update( {PHYSICAL_OFFICE_NM: entity.physical_delivery_office_name}) if entity.postal_code is not None and len(entity.postal_code) > 0: attrs.update({POSTAL_CODE: entity.postal_code}) if entity.room_number is not None and len(entity.room_number) > 0: attrs.update({RM_NUM: entity.room_number}) if entity.constraint is not None: attrs.update({global_ids.CONSTRAINT: entity.constraint.get_raw()}) if entity.pw_policy is not None and len(entity.pw_policy) > 0: attrs.update({PW_POLICY: entity.pw_policy}) conn = ldaphelper.open() id = conn.add(__get_dn(entity), USER_OCS, attrs) except Exception as e: raise LdapException('User create error=' + str(e), global_ids.USER_ADD_FAILED) else: result = ldaphelper.get_result(conn, id) if result == global_ids.OBJECT_ALREADY_EXISTS: raise LdapException( 'User create failed, already exists:' + entity.name, global_ids.USER_ADD_FAILED) elif result != 0: raise LdapException('User create failed result=' + str(result), global_ids.USER_ADD_FAILED) return entity