示例#1
0
文件: backends.py 项目: kfarr2/ITS
    def get_or_init_user(self, username):
        username = escape(username)
        query = "(cn=" + username + ")"
        results = ldapsearch(query, using='groups')
        # create a backdoor for people in the arc group
        ldap_query = "(& (memberuid=" + username + ") (cn=arc))"
        ldap_results = ldapsearch(ldap_query)

        # Get the list of groups that the user belongs too.
        memberOf = results[0][1]['memberOf']

        # Add the username as a list for the uid dictionary key.
        results[0][1]['uid'] = [username]

        user_info = parse_profile(results[0][1])
        first_name = user_info['first_name']
        last_name = user_info['last_name']
        email = user_info['email']

        staff = False
        student = False

        if re.search("(CN=ITS_LAB_Students_GG)", str(memberOf)):
            student = True

        if re.search("(CN=ITS_CAVS_Staff_GG)", str(memberOf)):
            staff = True

        if re.search("(CN=TLC_GG)", str(memberOf)):
            staff = True

        if ldap_results:
            staff = True

        if student or staff:
            User = get_user_model()

            user = User.objects.filter(username=username).first()

            if user is None:
                user = User(first_name=first_name, last_name=last_name, email=email, username=username)

            # Always need to reset the users permissions, to stay up to date with
            # group changes.
            user.is_active = True
            user.is_staff = staff
            user.save()

            return user

        else:
            return None
示例#2
0
def in_allowed_groups(username):
    uid = escape(username)
    groups = ' '.join('(cn={group})'.format(group=g) for g in settings.ALLOWED_LOGIN_GROUPS)
    query = '(& (memberUid={uid}) (| {groups}))'
    query = query.format_map(locals())
    results = ldapsearch(query)
    return bool(results)
示例#3
0
文件: utils.py 项目: kfarr2/alma
def is_ldap_user(username):
    """
    Checks LDAP to ensure a user name exists.
    """
    q = escape(username)
    search = '(uid={q})'.format(q=q)
    return bool(ldapsearch(search))
示例#4
0
def ldap(args):
    q = args.query
    using = args.using
    search_base = args.search_base
    attributes = args.attributes
    parse = args.parse

    if attributes is not None:
        attributes = [a.strip() for a in attributes.split(',')]

    try:
        results = ldapsearch(
            q, using=using, search_base=search_base, attributes=attributes, parse=parse)
    except LDAPInvalidFilterError:
        printer.error('Invalid LDAP filter: {q}'.format(q=q))
        printer.error('Is the query wrapped in parens?')
        return 1

    if not results:
        printer.error('No results found')
        return 2

    for r in results:
        if not parse:
            print('dn', '=>', r['dn'], '\n')
            r = r['attributes']
        for k in sorted(r.keys()):
            v = r[k]
            print(k, '=>', v)
示例#5
0
    def get_or_create_user(self, cas_data, **overrides):
        user = super().get_or_create_user(cas_data, **overrides)

        # Reset on every login in case the user's groups have changed;
        # below we will set these flags as appropriate.
        user.is_active = False
        user.is_staff = False
        user.is_superuser = False

        username = cas_data['username']
        uid = escape(username)

        query = '(cn={uid})'.format(uid=uid)
        results = ldapsearch(query, using='groups')

        # Get the list of groups the user is in.
        member_of = [] if not results else results[0]['member_of']
        groups = [g['name'].lower() for g in member_of]

        if 'its_lab_students_gg' in groups:
            user.is_active = True

        if 'its_cavs_staff_gg' in groups:
            user.is_active = True
            user.is_staff = True

        if 'tlc_gg' in groups:
            user.is_active = True
            user.is_staff = True

        # Automatically add WDT staff as staff & superusers in this app
        query = '(& (memberuid={uid}) (cn=wdt))'.format(uid=uid)
        results = ldapsearch(query)
        if results:
            user.is_active = True
            user.is_staff = True
            user.is_superuser = True

        staff_group, _ = Group.objects.get_or_create(name='staff')
        if user.is_staff:
            user.groups.add(staff_group)
        else:
            user.groups.remove(staff_group)

        user.save()
        return user
示例#6
0
def in_allowed_groups(username):
    uid = escape(username)
    groups = ' '.join('(cn={group})'.format(group=g)
                      for g in settings.ALLOWED_LOGIN_GROUPS)
    query = '(& (memberUid={uid}) (| {groups}))'
    query = query.format_map(locals())
    results = ldapsearch(query)
    return bool(results)
示例#7
0
文件: backends.py 项目: kfarr2/alma
 def get_groups(self, username):
     """
     Method to get the groups the user is involved in.
     Calls an LDAP search.
     Returns a list of groups.
     """
     results = ldap.ldapsearch("(& (memberUid=" + ldap.escape(username) + ") (cn=*))")
     groups = [result[1]['cn'][0] for result in results]
     return groups
示例#8
0
def autocomplete(request):
    """Do an LDAP search and return a JSON array."""
    q = request.GET.get('query', '')
    # Require a minimum of three characters before searching LDAP.
    if len(q) < 3:
        return JsonResponse([], safe=False)
    search = '(uid={q}*)'.format(q=q)
    results = ldapsearch(search)
    results.sort(key=lambda r: r['username'][0])
    return JsonResponse(results, safe=False)
示例#9
0
def autocomplete(request):
    """Do an LDAP search and return a JSON array."""
    q = request.GET.get('query', '')
    # Require a minimum of three characters before searching LDAP.
    if len(q) < 3:
        return JsonResponse([], safe=False)
    search = '(uid={q}*)'.format(q=q)
    results = ldapsearch(search)
    results.sort(key=lambda r: r['username'][0])
    return JsonResponse(results, safe=False)
示例#10
0
    def get_groups(self, username):
        if settings.DEBUG and settings.LDAP_DISABLED:
            return LOGIN_GROUPS

        results = ldap.ldapsearch('(& (memberUid=' + username + ') (cn=*))')
        groups = [result[1]['cn'][0] for result in results]

        try:
            user = User.objects.get(username=username)
        except User.DoesNotExist:
            pass
        else:
            groups.extend([group.name for group in user.groups.all()])

        return groups
示例#11
0
 def get_groups(self, username):
     """
     Method to get the groups the user is involved in.
     Calls an LDAP search -> Returns a list of groups.
     """
     if SETTINGS.DEBUG and LDAP_DISABLED:
         return LOGIN_GROUPS
     results = ldap.ldapsearch("(& (memberUid=" + username + ") (cn=*))")
     groups = [result[1]['cn'][0] for result in results]
     try:
         user = User.objects.get(username=username)
         groups.extend([group.name for group in user.groups.all()])
     except User.DoesNotExist:
         pass
     return groups
示例#12
0
文件: forms.py 项目: kfarr2/ITS
def check_ldap(username):

    """
    Checks LDAP to ensure a user name exists.
    """

    q = escape(username)
    search = '(uid={q}*)'.format(q=q)
    results = ldapsearch(search)

    if results:
        return True

    else:
        return False
示例#13
0
    def get_or_init_user(self, username):
        try:
            user = User.objects.get(username=username)
        except User.DoesNotExist:
            # user will have an "unusable" password
            user = User.objects.create_user(username, '')
            user.save()

        # get the user's first and last name
        results = ldap.ldapsearch("(& (uid=" + ldap.escape(username) + ") (cn=*))")
        info = ldap.parse_profile(results[0][1])
        user.first_name = info['first_name']
        user.last_name = info['last_name']
        user.email = info['email']
        user.save()

        return user
示例#14
0
文件: backends.py 项目: bcomnes/traq
    def get_groups(self, username):
        """
        Method to get the groups the user is involved in.
        Calls an LDAP search.
        Returns a list of groups.
        """
        if SETTINGS.DEBUG and LDAP_DISABLED:
            return LOGIN_GROUPS

        results = ldap.ldapsearch("(& (memberUid=" + username + ") (cn=*))")
        groups = [result[1]['cn'][0] for result in results]
        try:
            user = User.objects.get(username=username)
            groups.extend([group.name for group in user.groups.all()])
        except User.DoesNotExist:
            pass

        return groups
示例#15
0
文件: views.py 项目: kfarr2/alma
def autocomplete(request):
    """
    Does an LDAP search and returns a JSON array of objects
    """
    q = escape(request.GET.get('query', ""))
    if len(q) < 3:
        return JsonResponse([], safe=False)

    # only return a handful of results
    MAX_RESULTS = 5

    search = '(uid={q}*)'.format(q=q)
    results = ldapsearch(search, size_limit=MAX_RESULTS)
    # I don't think LDAP guarantees the sort order, so we have to sort ourselves
    results.sort(key=lambda o: o[1]['uid'][0])
    output = []

    for result in results[:MAX_RESULTS]:
        output.append(parse_profile(result[1]))

    return JsonResponse(output, safe=False)
示例#16
0
文件: backends.py 项目: kfarr2/alma
 def get_profile(self, username):
     results = ldap.ldapsearch("(uid=" + ldap.escape(username) + ")")
     dn, entry = results[0]
     profile = ldap.parse_profile(entry)
     return profile
示例#17
0
def check_ldap(username):
    """Check LDAP to ensure a user name exists."""
    q = escape(username)
    search = '(uid={q}*)'.format(q=q)
    results = ldapsearch(search)
    return bool(results)
示例#18
0
def check_ldap(username):
    """Check LDAP to ensure a user name exists."""
    q = escape(username)
    search = '(uid={q}*)'.format(q=q)
    results = ldapsearch(search)
    return bool(results)