def process_request(self, request):
user = request.user
server = None
# Used by tests only
if request.method == "GET":
server = request.GET.get('server')
if not user or not user.is_authenticated():
return
if not User.objects.filter(username=user.username, userprofile__creation_method=UserProfile.CreationMethod.EXTERNAL.name).exists():
LOG.warn("User %s is not an Ldap user" % user.username)
return
# Cache should be cleared when user logs out.
if self.USER_CACHE_NAME not in request.session:
if LDAP.LDAP_SERVERS.get():
connection = ldap_access.get_connection_from_server(next(LDAP.LDAP_SERVERS.__iter__()))
else:
connection = ldap_access.get_connection_from_server()
import_ldap_users(connection, user.username, sync_groups=True, import_by_dn=False, server=server)
request.session[self.USER_CACHE_NAME] = True
request.session.modified = True
def process_request(self, request):
user = request.user
if not user or not user.is_authenticated():
return
if not User.objects.filter(
username=user.username,
userprofile__creation_method=str(
UserProfile.CreationMethod.EXTERNAL)).exists():
LOG.warn("User %s is not an Ldap user" % user.username)
return
# Cache should be cleared when user logs out.
if self.USER_CACHE_NAME not in request.session:
if LDAP.LDAP_SERVERS.get():
connection = ldap_access.get_connection_from_server(
next(LDAP.LDAP_SERVERS.__iter__()))
else:
connection = ldap_access.get_connection_from_server()
import_ldap_users(connection,
user.username,
sync_groups=True,
import_by_dn=False)
request.session[self.USER_CACHE_NAME] = True
request.session.modified = True
def sync_ldap_users_groups(request):
"""
Handler for syncing the Hue database with LDAP users and groups.
This will not import any users or groups that don't already exist in Hue. All
user information and group memberships will be updated based on the LDAP
server's current state.
"""
if not request.user.is_superuser:
raise PopupException(
_("You must be a superuser to sync the LDAP users/groups."),
error_code=401)
if request.method == 'POST':
form = SyncLdapUsersGroupsForm(request.POST)
if form.is_valid():
is_ensuring_home_directory = form.cleaned_data[
'ensure_home_directory']
server = form.cleaned_data.get('server')
connection = ldap_access.get_connection_from_server(server)
sync_ldap_users_and_groups(connection, is_ensuring_home_directory,
request.fs)
return redirect(reverse(list_users))
else:
form = SyncLdapUsersGroupsForm()
return render("sync_ldap_users_groups.mako", request,
dict(path=request.path, form=form))
def add_ldap_groups(request):
"""
add_ldap_groups(request) -> reply
Handler for importing LDAP groups into the Hue database.
If a group has been previously imported, this will sync membership within the
group with the LDAP server. If --import-members is specified, it will import
all unimported users.
"""
if not request.user.is_superuser:
raise PopupException(_("You must be a superuser to add another group."), error_code=401)
if request.method == 'POST':
form = AddLdapGroupsForm(request.POST)
if form.is_valid():
groupname_pattern = form.cleaned_data['groupname_pattern']
import_by_dn = form.cleaned_data['dn']
import_members = form.cleaned_data['import_members']
import_members_recursive = form.cleaned_data['import_members_recursive']
server = form.cleaned_data.get('server')
try:
connection = ldap_access.get_connection_from_server(server)
groups = import_ldap_groups(connection, groupname_pattern, import_members=import_members, import_members_recursive=import_members_recursive, sync_users=True, import_by_dn=import_by_dn)
except ldap.LDAPError, e:
LOG.error(_("LDAP Exception: %s") % e)
raise PopupException(_('There was an error when communicating with LDAP'), detail=str(e))
if groups:
return redirect(reverse(list_groups))
else:
errors = form._errors.setdefault('groupname_pattern', ErrorList())
errors.append(_('Could not get LDAP details for groups in pattern %s') % groupname_pattern)
def add_ldap_users(request):
"""
add_ldap_users(request) -> reply
Handler for importing LDAP users into the Hue database.
If a user has been previously imported, this will sync their user information.
If the LDAP request failed, the error message is generic right now.
"""
if not request.user.is_superuser:
raise PopupException(_("You must be a superuser to add another user."), error_code=401)
if request.method == 'POST':
form = AddLdapUsersForm(request.POST)
if form.is_valid():
username_pattern = form.cleaned_data['username_pattern']
import_by_dn = form.cleaned_data['dn']
server = form.cleaned_data.get('server')
try:
connection = ldap_access.get_connection_from_server(server)
users = import_ldap_users(connection, username_pattern, False, import_by_dn)
except ldap.LDAPError, e:
LOG.error("LDAP Exception: %s" % e)
raise PopupException(_('There was an error when communicating with LDAP'), detail=str(e))
except AssertionError, e:
raise PopupException(_('There was a problem with some of the LDAP information'), detail=str(e))
if users and form.cleaned_data['ensure_home_directory']:
for user in users:
try:
ensure_home_directory(request.fs, user.username)
except (IOError, WebHdfsException), e:
request.error(_("Cannot make home directory for user %s.") % user.username)
def sync_ldap_users_groups(request):
"""
Handler for syncing the Hue database with LDAP users and groups.
This will not import any users or groups that don't already exist in Hue. All
user information and group memberships will be updated based on the LDAP
server's current state.
"""
if not request.user.is_superuser:
raise PopupException(_("You must be a superuser to sync the LDAP users/groups."), error_code=401)
if request.method == 'POST':
form = SyncLdapUsersGroupsForm(request.POST)
if form.is_valid():
is_ensuring_home_directory = form.cleaned_data['ensure_home_directory']
server = form.cleaned_data.get('server')
connection = ldap_access.get_connection_from_server(server)
sync_ldap_users_and_groups(connection, is_ensuring_home_directory, request.fs)
return redirect(reverse(list_users))
else:
form = SyncLdapUsersGroupsForm()
return render("sync_ldap_users_groups.mako", request, dict(path=request.path, form=form))
def add_ldap_users(request):
"""
add_ldap_users(request) -> reply
Handler for importing LDAP users into the Hue database.
If a user has been previously imported, this will sync their user information.
If the LDAP request failed, the error message is generic right now.
"""
if not request.user.is_superuser:
raise PopupException(_("You must be a superuser to add another user."), error_code=401)
if request.method == 'POST':
form = AddLdapUsersForm(request.POST)
if form.is_valid():
username_pattern = form.cleaned_data['username_pattern']
import_by_dn = form.cleaned_data['dn']
server = form.cleaned_data.get('server')
try:
connection = ldap_access.get_connection_from_server(server)
users = import_ldap_users(connection, username_pattern, False, import_by_dn)
except ldap.LDAPError, e:
LOG.error("LDAP Exception: %s" % e)
raise PopupException(_('There was an error when communicating with LDAP'), detail=str(e))
except AssertionError, e:
raise PopupException(_('There was a problem with some of the LDAP information'), detail=str(e))
if users and form.cleaned_data['ensure_home_directory']:
for user in users:
try:
ensure_home_directory(request.fs, user.username)
except (IOError, WebHdfsException), e:
request.error(_("Cannot make home directory for user %s.") % user.username)
def add_ldap_groups(request):
"""
add_ldap_groups(request) -> reply
Handler for importing LDAP groups into the Hue database.
If a group has been previously imported, this will sync membership within the
group with the LDAP server. If --import-members is specified, it will import
all unimported users.
"""
if not request.user.is_superuser:
raise PopupException(_("You must be a superuser to add another group."), error_code=401)
if request.method == 'POST':
form = AddLdapGroupsForm(request.POST)
if form.is_valid():
groupname_pattern = form.cleaned_data['groupname_pattern']
import_by_dn = form.cleaned_data['dn']
import_members = form.cleaned_data['import_members']
import_members_recursive = form.cleaned_data['import_members_recursive']
server = form.cleaned_data.get('server')
try:
connection = ldap_access.get_connection_from_server(server)
groups = import_ldap_groups(connection, groupname_pattern, import_members=import_members, import_members_recursive=import_members_recursive, sync_users=True, import_by_dn=import_by_dn)
except ldap.LDAPError, e:
LOG.error(_("LDAP Exception: %s") % e)
raise PopupException(_('There was an error when communicating with LDAP'), detail=str(e))
except AssertionError, e:
raise PopupException(_('There was a problem with some of the LDAP information'), detail=str(e))
if groups:
return redirect(reverse(list_groups))
else:
errors = form._errors.setdefault('groupname_pattern', ErrorList())
errors.append(_('Could not get LDAP details for groups in pattern %s') % groupname_pattern)
def add_ldap_groups(request):
"""
add_ldap_groups(request) -> reply
Handler for importing LDAP groups into the Hue database.
If a group has been previously imported, this will sync membership within the
group with the LDAP server. If --import-members is specified, it will import
all unimported users.
"""
if not request.user.is_superuser:
raise PopupException(
_("You must be a superuser to add another group."), error_code=401)
if request.method == 'POST':
form = AddLdapGroupsForm(request.POST)
if form.is_valid():
groupname_pattern = form.cleaned_data['groupname_pattern']
import_by_dn = form.cleaned_data['dn']
import_members = form.cleaned_data['import_members']
import_members_recursive = form.cleaned_data[
'import_members_recursive']
is_ensuring_home_directories = form.cleaned_data[
'ensure_home_directories']
server = form.cleaned_data.get('server')
try:
connection = ldap_access.get_connection_from_server(server)
groups = import_ldap_groups(
connection,
groupname_pattern,
import_members=import_members,
import_members_recursive=import_members_recursive,
sync_users=True,
import_by_dn=import_by_dn)
except ldap.LDAPError, e:
LOG.error(_("LDAP Exception: %s") % e)
raise PopupException(
_('There was an error when communicating with LDAP'),
detail=str(e))
except AssertionError, e:
raise PopupException(
_('There was a problem with some of the LDAP information'),
detail=str(e))
unique_users = set()
if is_ensuring_home_directories and groups:
for group in groups:
for user in group.user_set.all():
unique_users.add(user)
for user in unique_users:
try:
ensure_home_directory(request.fs, user.username)
except (IOError, WebHdfsException), e:
raise PopupException(_(
"Exception creating home directory for LDAP user %s in group %s."
) % (user, group),
detail=e)
def sync_ldap_users_groups(request):
"""
Handler for syncing the Hue database with LDAP users and groups.
This will not import any users or groups that don't already exist in Hue. All
user information and group memberships will be updated based on the LDAP
server's current state.
"""
if not request.user.is_superuser:
request.audit = {
'operation': 'SYNC_LDAP_USERS_GROUPS',
'operationText': _get_failed_operation_text(request.user.username, 'SYNC_LDAP_USERS_GROUPS'),
'allowed': False
}
raise PopupException(_("You must be a superuser to sync the LDAP users/groups."), error_code=401)
is_embeddable = request.GET.get('is_embeddable', request.POST.get('is_embeddable', False))
if request.method == 'POST':
form = SyncLdapUsersGroupsForm(request.POST)
if form.is_valid():
is_ensuring_home_directory = form.cleaned_data['ensure_home_directory']
server = form.cleaned_data.get('server')
connection = ldap_access.get_connection_from_server(server)
failed_ldap_users = []
sync_ldap_users_and_groups(connection, is_ensuring_home_directory, request.fs,
failed_users=failed_ldap_users)
request.audit = {
'operation': 'SYNC_LDAP_USERS_GROUPS',
'operationText': 'Successfully synced LDAP users/groups'
}
if failed_ldap_users:
unique_users = set(failed_ldap_users)
request.warn(_('Failed to import following users: %s') % ', '.join(unique_users))
if is_embeddable:
return JsonResponse({'url': '/hue' + reverse(list_users)})
else:
return redirect(reverse(list_users))
else:
form = SyncLdapUsersGroupsForm()
if request.method == 'POST' and is_embeddable:
return JsonResponse(
{'status': -1, 'errors': [{'id': f.id_for_label, 'message': f.errors} for f in form if f.errors]})
else:
return render("sync_ldap_users_groups.mako", request, dict(path=request.path, form=form, is_embeddable=is_embeddable))
def add_ldap_groups(request):
"""
add_ldap_groups(request) -> reply
Handler for importing LDAP groups into the Hue database.
If a group has been previously imported, this will sync membership within the
group with the LDAP server. If --import-members is specified, it will import
all unimported users.
"""
if not request.user.is_superuser:
request.audit = {
'operation': 'ADD_LDAP_GROUPS',
'operationText': _get_failed_operation_text(request.user.username, 'ADD_LDAP_GROUPS'),
'allowed': False,
}
raise PopupException(_("You must be a superuser to add another group."), error_code=401)
if request.method == 'POST':
form = AddLdapGroupsForm(request.POST)
if form.is_valid():
groupname_pattern = form.cleaned_data['groupname_pattern']
import_by_dn = form.cleaned_data['dn']
import_members = form.cleaned_data['import_members']
import_members_recursive = form.cleaned_data['import_members_recursive']
is_ensuring_home_directories = form.cleaned_data['ensure_home_directories']
server = form.cleaned_data.get('server')
try:
failed_ldap_users = []
connection = ldap_access.get_connection_from_server(server)
groups = import_ldap_groups(connection, groupname_pattern, import_members=import_members,
import_members_recursive=import_members_recursive, sync_users=True,
import_by_dn=import_by_dn, failed_users=failed_ldap_users)
except (ldap.LDAPError, LdapBindException), e:
LOG.error(_("LDAP Exception: %s") % e)
raise PopupException(_('There was an error when communicating with LDAP'), detail=str(e))
except ValidationError, e:
raise PopupException(_('There was a problem with some of the LDAP information'), detail=str(e))
unique_users = set()
if is_ensuring_home_directories and groups:
for group in groups:
for user in group.user_set.all():
unique_users.add(user)
for user in unique_users:
try:
ensure_home_directory(request.fs, user.username)
except (IOError, WebHdfsException), e:
raise PopupException(_("Exception creating home directory for LDAP user %s in group %s.") % (user, group), detail=e)
def sync_ldap_users_groups(request):
"""
Handler for syncing the Hue database with LDAP users and groups.
This will not import any users or groups that don't already exist in Hue. All
user information and group memberships will be updated based on the LDAP
server's current state.
"""
if not request.user.is_superuser:
request.audit = {
'operation': 'SYNC_LDAP_USERS_GROUPS',
'operationText': _get_failed_operation_text(request.user.username, 'SYNC_LDAP_USERS_GROUPS'),
'allowed': False
}
raise PopupException(_("You must be a superuser to sync the LDAP users/groups."), error_code=401)
if request.method == 'POST':
form = SyncLdapUsersGroupsForm(request.POST)
if form.is_valid():
is_ensuring_home_directory = form.cleaned_data['ensure_home_directory']
server = form.cleaned_data.get('server')
connection = ldap_access.get_connection_from_server(server)
failed_ldap_users = []
sync_ldap_users_and_groups(connection, is_ensuring_home_directory, request.fs,
failed_users=failed_ldap_users)
request.audit = {
'operation': 'SYNC_LDAP_USERS_GROUPS',
'operationText': 'Successfully synced LDAP users/groups'
}
if failed_ldap_users:
unique_users = set(failed_ldap_users)
request.warn(_('Failed to import following users: %s') % ', '.join(unique_users))
return redirect(reverse(list_users))
else:
form = SyncLdapUsersGroupsForm()
return render("sync_ldap_users_groups.mako", request, dict(path=request.path, form=form))
