def create_on_internal_ldap(sender, user, **kwargs): """ BackendUser instances are used to represent external backends (e.g. LDAP) users. If such a user is created, we should therefor create the user on the backend. """ if user is not None: try: internal_ldap = get_internal_ldap_connected() created = internal_ldap.create_user(user.backend_id, user.backend_pk, user.django_user.password, user.primary_group.backend_id, '/home/' + user.get_username()) # FIXME: this is the first time we really know the ID/PK given by the backend. # all other operations having used to old ones might not be valid anymore... user.backend_id = created.get(UserBackend.FIELD_ID) user.backend_pk = created.get(UserBackend.FIELD_PK) user.save() except UserBackendError as ex: user.delete() # XXX: cleanup? raise ex finally: try: internal_ldap.disconnect() except: pass
def create_on_internal_ldap(sender, user, **kwargs): """ BackendUser instances are used to represent external backends (e.g. LDAP) users. If such a user is created, we should therefor create the user on the backend. """ if user is not None: try: internal_ldap = get_internal_ldap_connected() created = internal_ldap.create_user( user.backend_id, user.backend_pk, user.django_user.password, user.primary_group.backend_id, '/home/' + user.get_username() ) # FIXME: this is the first time we really know the ID/PK given by the backend. # all other operations having used to old ones might not be valid anymore... user.backend_id = created.get(UserBackend.FIELD_ID) user.backend_pk = created.get(UserBackend.FIELD_PK) user.save() except UserBackendError as ex: user.delete() # XXX: cleanup? raise ex finally: try: internal_ldap.disconnect() except: pass
def remove_member_from_internal_ldap_group(sender, group, user, **kwargs): """ Whenever a member is removed from a group we need to sync the LDAP group. """ if group is not None and user is not None: try: internal_ldap = get_internal_ldap_connected() internal_ldap.remove_group_member(group.backend_pk, user.backend_pk) finally: try: internal_ldap.disconnect() except: pass
def authenticate(self, username=None, password=None): """ :inherit. """ # check if the user already exists in our system # if so, use the defined backend_pk for validating the credentials on the backend # if its a Django only user, disallow the login user = None if User.objects.filter(username=username).exists(): user = User.objects.get(username=username) if hasattr(user, 'backend_user'): username = user.backend_user.backend_pk else: return None # not allowed, Django only user try: internal_ldap = get_internal_ldap_connected() user_backend = get_user_backend_connected() user_backend.auth_user(username, password) if user is not None: # existing user if not user.check_password(password): user.set_password(password) # XXX: not needed. should we leave it empty? internal_ldap.set_user_password(username, password) user.save() else: # new user uid = BackendUser.generate_internal_uid() group = self.create_user_groups(username, uid) user = self.create_users(username, password, uid, group.backend_group) group.add_user(user.backend_user) if user.is_active: return user else: return None except AuthenticationError: raise PermissionDenied except UserNotFoundError: if user is not None: # exists locally but not on backend user.delete() except ConnectionError as ex: logger.exception(ex) return None finally: try: internal_ldap.disconnect() user_backend.disconnect() except: pass
def delete_on_internal_ldap(sender, user, **kwargs): """ In case the BackendUser record is deleted, we need to cleanup the LDAP server. """ if user is not None: try: internal_ldap = get_internal_ldap_connected() internal_ldap.delete_user(user.backend_pk) except UserNotFoundError: pass # already deleted except UserBackendError as ex: # XXX: recreate? raise ex finally: try: internal_ldap.disconnect() except: pass
def delete_on_internal_ldap(sender, group, **kwargs): """ In case the BackendGroup record is deleted, we need to cleanup the internal LDAP server. """ if group is not None: try: internal_ldap = get_internal_ldap_connected() internal_ldap.delete_group(group.backend_pk) except GroupNotFoundError: pass # already deleted except GroupBackendError as ex: # XXX: recreate? raise ex finally: try: internal_ldap.disconnect() except: pass
def create_on_internal_ldap(sender, group, **kwargs): """ BackendGroup instances are used to represent external backends (e.g. LDAP) groups. If such a group is created, we should therefor create the group on the backend. """ if group is not None: try: internal_ldap = get_internal_ldap_connected() created = internal_ldap.create_group(group.backend_id, group.backend_pk) # FIXME: this is the first time we really know the ID/PK given by the backend. # all other operations having used to old ones might not be valid anymore... group.backend_id = created.get(GroupBackend.FIELD_ID) group.backend_pk = created.get(GroupBackend.FIELD_PK) group.save() except GroupBackendError as ex: group.delete() # XXX: cleanup? raise ex finally: try: internal_ldap.disconnect() except: pass