def get_or_init_user(self, username): username = escape(username) query = "(cn=" + username + ")" results = ldapsearch(query, using='groups') # create a backdoor for people in the arc group ldap_query = "(& (memberuid=" + username + ") (cn=arc))" ldap_results = ldapsearch(ldap_query) # Get the list of groups that the user belongs too. memberOf = results[0][1]['memberOf'] # Add the username as a list for the uid dictionary key. results[0][1]['uid'] = [username] user_info = parse_profile(results[0][1]) first_name = user_info['first_name'] last_name = user_info['last_name'] email = user_info['email'] staff = False student = False if re.search("(CN=ITS_LAB_Students_GG)", str(memberOf)): student = True if re.search("(CN=ITS_CAVS_Staff_GG)", str(memberOf)): staff = True if re.search("(CN=TLC_GG)", str(memberOf)): staff = True if ldap_results: staff = True if student or staff: User = get_user_model() user = User.objects.filter(username=username).first() if user is None: user = User(first_name=first_name, last_name=last_name, email=email, username=username) # Always need to reset the users permissions, to stay up to date with # group changes. user.is_active = True user.is_staff = staff user.save() return user else: return None
def in_allowed_groups(username): uid = escape(username) groups = ' '.join('(cn={group})'.format(group=g) for g in settings.ALLOWED_LOGIN_GROUPS) query = '(& (memberUid={uid}) (| {groups}))' query = query.format_map(locals()) results = ldapsearch(query) return bool(results)
def is_ldap_user(username): """ Checks LDAP to ensure a user name exists. """ q = escape(username) search = '(uid={q})'.format(q=q) return bool(ldapsearch(search))
def ldap(args): q = args.query using = args.using search_base = args.search_base attributes = args.attributes parse = args.parse if attributes is not None: attributes = [a.strip() for a in attributes.split(',')] try: results = ldapsearch( q, using=using, search_base=search_base, attributes=attributes, parse=parse) except LDAPInvalidFilterError: printer.error('Invalid LDAP filter: {q}'.format(q=q)) printer.error('Is the query wrapped in parens?') return 1 if not results: printer.error('No results found') return 2 for r in results: if not parse: print('dn', '=>', r['dn'], '\n') r = r['attributes'] for k in sorted(r.keys()): v = r[k] print(k, '=>', v)
def get_or_create_user(self, cas_data, **overrides): user = super().get_or_create_user(cas_data, **overrides) # Reset on every login in case the user's groups have changed; # below we will set these flags as appropriate. user.is_active = False user.is_staff = False user.is_superuser = False username = cas_data['username'] uid = escape(username) query = '(cn={uid})'.format(uid=uid) results = ldapsearch(query, using='groups') # Get the list of groups the user is in. member_of = [] if not results else results[0]['member_of'] groups = [g['name'].lower() for g in member_of] if 'its_lab_students_gg' in groups: user.is_active = True if 'its_cavs_staff_gg' in groups: user.is_active = True user.is_staff = True if 'tlc_gg' in groups: user.is_active = True user.is_staff = True # Automatically add WDT staff as staff & superusers in this app query = '(& (memberuid={uid}) (cn=wdt))'.format(uid=uid) results = ldapsearch(query) if results: user.is_active = True user.is_staff = True user.is_superuser = True staff_group, _ = Group.objects.get_or_create(name='staff') if user.is_staff: user.groups.add(staff_group) else: user.groups.remove(staff_group) user.save() return user
def get_groups(self, username): """ Method to get the groups the user is involved in. Calls an LDAP search. Returns a list of groups. """ results = ldap.ldapsearch("(& (memberUid=" + ldap.escape(username) + ") (cn=*))") groups = [result[1]['cn'][0] for result in results] return groups
def autocomplete(request): """Do an LDAP search and return a JSON array.""" q = request.GET.get('query', '') # Require a minimum of three characters before searching LDAP. if len(q) < 3: return JsonResponse([], safe=False) search = '(uid={q}*)'.format(q=q) results = ldapsearch(search) results.sort(key=lambda r: r['username'][0]) return JsonResponse(results, safe=False)
def get_groups(self, username): if settings.DEBUG and settings.LDAP_DISABLED: return LOGIN_GROUPS results = ldap.ldapsearch('(& (memberUid=' + username + ') (cn=*))') groups = [result[1]['cn'][0] for result in results] try: user = User.objects.get(username=username) except User.DoesNotExist: pass else: groups.extend([group.name for group in user.groups.all()]) return groups
def get_groups(self, username): """ Method to get the groups the user is involved in. Calls an LDAP search -> Returns a list of groups. """ if SETTINGS.DEBUG and LDAP_DISABLED: return LOGIN_GROUPS results = ldap.ldapsearch("(& (memberUid=" + username + ") (cn=*))") groups = [result[1]['cn'][0] for result in results] try: user = User.objects.get(username=username) groups.extend([group.name for group in user.groups.all()]) except User.DoesNotExist: pass return groups
def check_ldap(username): """ Checks LDAP to ensure a user name exists. """ q = escape(username) search = '(uid={q}*)'.format(q=q) results = ldapsearch(search) if results: return True else: return False
def get_or_init_user(self, username): try: user = User.objects.get(username=username) except User.DoesNotExist: # user will have an "unusable" password user = User.objects.create_user(username, '') user.save() # get the user's first and last name results = ldap.ldapsearch("(& (uid=" + ldap.escape(username) + ") (cn=*))") info = ldap.parse_profile(results[0][1]) user.first_name = info['first_name'] user.last_name = info['last_name'] user.email = info['email'] user.save() return user
def get_groups(self, username): """ Method to get the groups the user is involved in. Calls an LDAP search. Returns a list of groups. """ if SETTINGS.DEBUG and LDAP_DISABLED: return LOGIN_GROUPS results = ldap.ldapsearch("(& (memberUid=" + username + ") (cn=*))") groups = [result[1]['cn'][0] for result in results] try: user = User.objects.get(username=username) groups.extend([group.name for group in user.groups.all()]) except User.DoesNotExist: pass return groups
def autocomplete(request): """ Does an LDAP search and returns a JSON array of objects """ q = escape(request.GET.get('query', "")) if len(q) < 3: return JsonResponse([], safe=False) # only return a handful of results MAX_RESULTS = 5 search = '(uid={q}*)'.format(q=q) results = ldapsearch(search, size_limit=MAX_RESULTS) # I don't think LDAP guarantees the sort order, so we have to sort ourselves results.sort(key=lambda o: o[1]['uid'][0]) output = [] for result in results[:MAX_RESULTS]: output.append(parse_profile(result[1])) return JsonResponse(output, safe=False)
def get_profile(self, username): results = ldap.ldapsearch("(uid=" + ldap.escape(username) + ")") dn, entry = results[0] profile = ldap.parse_profile(entry) return profile
def check_ldap(username): """Check LDAP to ensure a user name exists.""" q = escape(username) search = '(uid={q}*)'.format(q=q) results = ldapsearch(search) return bool(results)