def reset_password(self, password_stub): email = self.cleaned_data['email'] challenge = self.cleaned_data['challenge'] password_full = password_stub + challenge try: protocol = '' # protocol for logging what is happing protocol += 'initialize & bind; ' l = util.ldap_connection() protocol += 'find user by mail; ' users = l.search_s(settings.LDAP_USERGP, ldap.SCOPE_SUBTREE, '(&(mail=%s))' % (email)) if (len(users) <= 0): raise util.LdapException("No user with this email found") # reset only the first account cn = users[0][0] login = users[0][1]['uid'][0] protocol += 'change modify password' l.modify_s(users[0][0], [(ldap.MOD_REPLACE, 'userPassword', str(util.hash_password(password_full)))]) # release binding protocol += 'release binding; ' l.unbind_s() return login except ldap.LDAPError, e: raise util.LdapException("%s: %s" % (e, protocol))
def as_ldap(self): """ Returns a hash with LDAP entries for using with ldap.add(...) / ldap.modify(...): { 'user' : ... # used for putting into the user section (add) 'automount' : ... # used for putting into the automount section (add) 'exedient' : ... # used for changing the expedient ACL (modify) } """ uid = settings.LDAP_UID_START + self.id gid = settings.LDAP_GID_START + self.id info_dict = { 'safe_name' : self.safe_name, 'uid' : uid, 'gid' : gid, 'island' : self.island } # used for string replacements home = settings.LDAP_HOME % info_dict mount_info = settings.LDAP_MOUNT_INFO % info_dict password = util.hash_password(self.password) return { 'user' : [ ('objectClass', ['top', 'posixAccount', 'inetOrgPerson', 'ldapPublicKey']), ('uid', str(self.safe_name)), ('sn', str(self.safe_name)), ('uidNumber', str(uid)), ('gidNumber', str(gid)), ('homeDirectory', str(home)), ('givenName', str(self.name)), ('o', str(self.organization)), ('mail', str(self.email)), ('userPassword', str(password)), ('loginShell', str(settings.LDAP_LOGIN_SHELL)), ('sshPublicKey', str(self.public_key)), ('description', str(self.island))], 'automount' : [ ('objectClass', 'automount'), ('automountInformation', str(mount_info))], 'expedient' : [ (ldap.MOD_ADD, 'uniqueMember', str("uid=%s,%s" % (self.safe_name, settings.LDAP_USERGP)))] }
def authenticate(self): l = util.ldap_connection() user = l.search_s(settings.LDAP_USERGP, ldap.SCOPE_SUBTREE, '(&(cn=%s)(userPassword=%s))' % (self.cleaned_data['login'], util.hash_password(self.cleaned_data['password']))) l.unbind_s() if user and (len(user) > 0): return True else: return False