def dict_to_filter(criteria, or_search=False, or_keys=None, or_values=None): """Turn dictionary criteria into ldap queryFilter string """ or_keys = (or_keys is None) and or_search or or_keys or_values = (or_values is None) and or_search or or_values _filter = None for attr, values in criteria.items(): attr = encode_utf8(attr) if not isinstance(values, list): values = [values] attrfilter = None for value in values: if isinstance(value, unicode): value = encode_utf8(value) valuefilter = LDAPFilter(filter_format('(%s=%s)', (attr, value))) if attrfilter is None: attrfilter = valuefilter continue if or_values: attrfilter |= valuefilter else: attrfilter &= valuefilter if _filter is None: _filter = attrfilter continue if or_keys: _filter |= attrfilter else: _filter &= attrfilter if _filter is None: _filter = LDAPFilter() return _filter
def dict_to_filter(criteria, or_search, only_values=False): """Turn dictionary criteria into ldap queryFilter string """ _filter = None for attr, values in criteria.items(): attr = encode_utf8(attr) if not isinstance(values, list): values = [values] for value in values: if isinstance(value, unicode): value = encode_utf8(value) if _filter is None: if only_values: _filter = LDAPFilter('%s' % value) else: _filter = LDAPFilter('(%s=%s)' % (attr, value)) else: if only_values: _next = '%s' % value else: _next = '(%s=%s)' % (attr, value) if or_search: _filter |= _next else: _filter &= _next if _filter is None: _filter = LDAPFilter() return _filter
def dict_to_filter(criteria, or_search=False, or_keys=None, or_values=None): """Turn dictionary criteria into ldap queryFilter string """ or_keys = (or_keys is None) and or_search or or_keys or_values = (or_values is None) and or_search or or_values _filter = None for attr, values in criteria.items(): attr = encode_utf8(attr) if not isinstance(values, list): values = [values] attrfilter = None for value in values: if isinstance(value, unicode): value = encode_utf8(value) attr = ''.join(map(lambda x: ESCAPE_CHARS.get(x, x), attr)) if isinstance(value, str): value = ''.join(map(lambda x: ESCAPE_CHARS.get(x, x), value)) valuefilter = LDAPFilter('(%s=%s)' % (attr, value)) if attrfilter is None: attrfilter = valuefilter continue if or_values: attrfilter |= valuefilter else: attrfilter &= valuefilter if _filter is None: _filter = attrfilter continue if or_keys: _filter |= attrfilter else: _filter &= attrfilter if _filter is None: _filter = LDAPFilter() return _filter
def enumerateGroups(self, id=None, exact_match=False, sort_by=None, max_results=None, **kw): """ -> ( group_info_1, ... group_info_N ) o Return mappings for groups matching the given criteria. o 'id' in combination with 'exact_match' true, will return at most one mapping per supplied ID ('id' and 'login' may be sequences). o If 'exact_match' is False, then 'id' may be treated by the plugin as "contains" searches (more complicated searches may be supported by some plugins using other keyword arguments). o If 'sort_by' is passed, the results will be sorted accordingly. known valid values are 'id' (some plugins may support others). o If 'max_results' is specified, it must be a positive integer, limiting the number of returned mappings. If unspecified, the plugin should return mappings for all groups satisfying the criteria. o Minimal keys in the returned mappings: 'id' -- (required) the group ID 'pluginid' -- (required) the plugin ID (as returned by getId()) 'properties_url' -- (optional) the URL to a page for updating the group's properties. 'members_url' -- (optional) the URL to a page for updating the principals who belong to the group. o Plugin *must* ignore unknown criteria. o Plugin may raise ValueError for invalid critera. o Insufficiently-specified criteria may have catastrophic scaling issues for some implementations. """ groups = self.groups if not groups: return () if id: kw["id"] = id if not kw: # show all matches = groups.ids else: try: matches = groups.search(criteria=kw, exact_match=exact_match) except ValueError: return () if sort_by == "id": matches = sorted(matches) pluginid = self.getId() ret = [dict(id=encode_utf8(_id), pluginid=pluginid) for _id in matches] if max_results and len(ret) > max_results: ret = ret[:max_results] return ret
def __init__(self, queryFilter=None): if queryFilter is not None \ and not isinstance(queryFilter, basestring) \ and not isinstance(queryFilter, LDAPFilter): raise TypeError('Query filter must be LDAPFilter or string') queryFilter = encode_utf8(queryFilter) self._filter = queryFilter if isinstance(queryFilter, LDAPFilter): self._filter = str(queryFilter)
def enumerateUsers(self, id=None, login=None, exact_match=False, sort_by=None, max_results=None, **kw): """-> ( user_info_1, ... user_info_N ) o Return mappings for users matching the given criteria. o 'id' or 'login', in combination with 'exact_match' true, will return at most one mapping per supplied ID ('id' and 'login' may be sequences). o If 'exact_match' is False, then 'id' and / or login may be treated by the plugin as "contains" searches (more complicated searches may be supported by some plugins using other keyword arguments). o If 'sort_by' is passed, the results will be sorted accordingly. known valid values are 'id' and 'login' (some plugins may support others). o If 'max_results' is specified, it must be a positive integer, limiting the number of returned mappings. If unspecified, the plugin should return mappings for all users satisfying the criteria. o Minimal keys in the returned mappings: 'id' -- (required) the user ID, which may be different than the login name 'login' -- (required) the login name 'pluginid' -- (required) the plugin ID (as returned by getId()) 'editurl' -- (optional) the URL to a page for updating the mapping's user o Plugin *must* ignore unknown criteria. o Plugin may raise ValueError for invalid criteria. o Insufficiently-specified criteria may have catastrophic scaling issues for some implementations. """ # TODO: sort_by in node.ext.ldap if login: if not isinstance(login, basestring): # XXX TODO raise NotImplementedError("sequence is not supported yet.") kw["login"] = login # pas search users gives both login and name if login is meant if "login" in kw and "name" in kw: del kw["name"] if id: if not isinstance(id, basestring): # XXX TODO raise NotImplementedError("sequence is not supported yet.") kw["id"] = id users = self.users if not users: return tuple() try: matches = users.search(criteria=kw, attrlist=("login",), exact_match=exact_match) except ValueError: return tuple() pluginid = self.getId() ret = list() for id, attrs in matches: ret.append({"id": encode_utf8(id), "login": attrs["login"][0], "pluginid": pluginid}) if max_results and len(ret) > max_results: ret = ret[:max_results] return ret
def enumerateUsers(self, id=None, login=None, exact_match=False, sort_by=None, max_results=None, **kw): """-> ( user_info_1, ... user_info_N ) o Return mappings for users matching the given criteria. o 'id' or 'login', in combination with 'exact_match' true, will return at most one mapping per supplied ID ('id' and 'login' may be sequences). o If 'exact_match' is False, then 'id' and / or login may be treated by the plugin as "contains" searches (more complicated searches may be supported by some plugins using other keyword arguments). o If 'sort_by' is passed, the results will be sorted accordingly. known valid values are 'id' and 'login' (some plugins may support others). o If 'max_results' is specified, it must be a positive integer, limiting the number of returned mappings. If unspecified, the plugin should return mappings for all users satisfying the criteria. o Minimal keys in the returned mappings: 'id' -- (required) the user ID, which may be different than the login name 'login' -- (required) the login name 'pluginid' -- (required) the plugin ID (as returned by getId()) 'editurl' -- (optional) the URL to a page for updating the mapping's user o Plugin *must* ignore unknown criteria. o Plugin may raise ValueError for invalid criteria. o Insufficiently-specified criteria may have catastrophic scaling issues for some implementations. """ default = tuple() if not self.is_plugin_active(pas_interfaces.IUserEnumerationPlugin): return default # XXX: sort_by in node.ext.ldap if login: if not isinstance(login, basestring): # XXX raise NotImplementedError('sequence is not supported yet.') kw['login'] = login # pas search users gives both login and name if login is meant if "login" in kw and "name" in kw: del kw["name"] if id: if not isinstance(id, basestring): # XXX raise NotImplementedError('sequence is not supported yet.') kw['id'] = id users = self.users if not users: return default try: matches = users.search(criteria=kw, attrlist=('login', ), exact_match=exact_match) # raised if exact_match and result not unique. except ValueError: return default pluginid = self.getId() ret = list() for id, attrs in matches: ret.append({ 'id': encode_utf8(id), 'login': attrs['login'][0], 'pluginid': pluginid }) if max_results and len(ret) > max_results: ret = ret[:max_results] return ret
def enumerateGroups(self, id=None, exact_match=False, sort_by=None, max_results=None, **kw): """ -> ( group_info_1, ... group_info_N ) o Return mappings for groups matching the given criteria. o 'id' in combination with 'exact_match' true, will return at most one mapping per supplied ID ('id' and 'login' may be sequences). o If 'exact_match' is False, then 'id' may be treated by the plugin as "contains" searches (more complicated searches may be supported by some plugins using other keyword arguments). o If 'sort_by' is passed, the results will be sorted accordingly. known valid values are 'id' (some plugins may support others). o If 'max_results' is specified, it must be a positive integer, limiting the number of returned mappings. If unspecified, the plugin should return mappings for all groups satisfying the criteria. o Minimal keys in the returned mappings: 'id' -- (required) the group ID 'pluginid' -- (required) the plugin ID (as returned by getId()) 'properties_url' -- (optional) the URL to a page for updating the group's properties. 'members_url' -- (optional) the URL to a page for updating the principals who belong to the group. o Plugin *must* ignore unknown criteria. o Plugin may raise ValueError for invalid critera. o Insufficiently-specified criteria may have catastrophic scaling issues for some implementations. """ default = () if not self.is_plugin_active(pas_interfaces.IGroupEnumerationPlugin): return default groups = self.groups if not groups: return default if id: kw['id'] = id if not kw: # show all matches = groups.ids else: try: matches = groups.search(criteria=kw, exact_match=exact_match) # raised if exact_match and result not unique. except ValueError: return default if sort_by == 'id': matches = sorted(matches) pluginid = self.getId() ret = [dict(id=encode_utf8(_id), pluginid=pluginid) for _id in matches] if max_results and len(ret) > max_results: ret = ret[:max_results] return ret