def create_access(self): user_mail = self.conf.get('main','client_mail') unix_user = self.conf.get('access','unix_user') unix_pass = self.conf.get('access','unix_pass') unix_group = self.conf.get('access','unix_group') ldap_user = self.conf.get('access','ldap_user') ldap_pass = self.conf.get('access','ldap_pass') ldap_group = self.conf.get('access','ldap_group') if CONF_MAP('ldap','enabled') and self.conf.get('access','ldap_to_apply'): self.ask_domain_admin() if ldap_user and not ldap.user_exists(ldap_user): ldap.create_user(ldap_user, user_mail, ldap_pass) if ldap_group and not ldap.group_exists(ldap_group): ldap.create_group(ldap_group) if ldap_user and ldap_group and not ldap.is_member_of(ldap_user, ldap_group): ldap.user_to_group(ldap_user, ldap_group) if CONF_MAP('unix','enabled'): if unix_user and not unix.user_exists(unix_user): unix.create_user(unix_user, user_mail, unix_pass) if unix_group and not unix.group_exists(unix_group): unix.create_group(unix_group) if unix_user and unix_group and not unix.is_member_of(unix_user , unix_group): unix.user_to_group(unix_user, unix_group)
def is_member(self, args): completed = True args.remove('is_member') user = args[0] group = args[1] is_member = ldap.is_member_of(user, group,"") if is_member: L.info(t("The user %(user)s is member of %(group)s") % {'user':user,'group':group}) else: L.info(t("The user %(user)s is NOT member of %(group)s") % {'user':user,'group':group}) return completed
from uwsas.core import L from uwsas import core if __name__ == '__main__': site_name = "${site_name}" site_path = "${site_path}" ldap_group = "${ldap_group}" ldap_dev_team = CONF_MAP('site','ldap_dev_team') unix_group = "${unix_group}" pam_user = os.getenv('PAM_USER') site_home_path = "/home/%s/%s" % (pam_user, site_name) is_member = False if ldap_group: is_member |= ldap.is_member_of(pam_user,ldap_group) if ldap_dev_team: is_member |= ldap.is_member_of(pam_user,ldap_dev_team,'') #L.info("%s, is_member:%s of %s" % (pam_user,is_member,ldap_dev_team)) if unix_group: is_member |= unix.is_member_of(pam_user,unix_group) if is_member: files.mkdir(site_home_path) files.chown(site_home_path) cmd_list = [ 'mount --bind %s %s' % (site_path, site_home_path), ]
try: if not is_admin and CONF_MAP("ldap", "enabled"): is_admin |= ldap.is_admin(pam_user) if ( not is_admin and unix.is_notunix_user(pam_user) and CONF_MAP("ldap", "enabled") and CONF_MAP("centrify", "pam_allow_workaround") ): is_allowed_to_login = False with open("/etc/centrifydc/groups.allow", "r") as f: for group in f: group = group.strip() if group: print pam_user, group, ldap.is_member_of(pam_user, group, "") is_allowed_to_login |= ldap.is_member_of(pam_user, group, "") if not is_allowed_to_login: L.error(t("%s is not allowed here! Bye!") % pam_user) exit(1) if not is_admin: cmd_list = [ "mkdir -p /home/%(user)s" % {"user": pam_user}, "chown root:%(user)s /home/%(user)s" % {"user": pam_user}, "chmod g+rx /home/%(user)s" % {"user": pam_user}, "run-parts --report %s" % CONF_MAP("libpam_script", "auto_mount_dir"), ] completed, pinfo = core.exec_cmd_list(cmd_list) # if not completed: