def updateLDAPUser(data, user):
if user.get("lastname") != self._getAttribute(config.get("ldap.user_lastname"), data):
user.set("lastname", self._getAttribute(config.get("ldap.user_lastname"), data))
if user.get("firstname") != self._getAttribute(config.get("ldap.user_firstname"), data):
user.set("firstname", self._getAttribute(config.get("ldap.user_firstname"), data))
if user.get("email") != self._getAttribute(config.get("ldap.user_email"), data) and user.get("email") == "":
user.set("email", self._getAttribute(config.get("ldap.user_email"), data))
if user.get("organisation") != self._getAttribute(config.get("ldap.user_org"), data):
user.set("organisation", self._getAttribute(config.get("ldap.user_org"), data))
if user.get("comment") != self._getAttribute(config.get("ldap.user_comment"), data):
user.set("comment", self._getAttribute(config.get("ldap.user_comment"), data))
if user.get("identificator") != self._getAttribute(config.get("ldap.user_identificator"), data):
user.set("identificator", self._getAttribute(config.get("ldap.user_identificator"), data))
# user.removeAttribute('password')
for group in self._getAttribute(config.get("ldap.user_group"), data, ",").split(","):
if group != "" and not usergroups.existGroup(group):
# res = usergroups.create_group(group, description="LDAP Usergroup", option="")
# res.set("ldapusergroup.creationtime", date.format_date())
logging.getLogger('usertracing').info("during ldap user update: skipped creation of ldap user group: " + group)
continue
g = usergroups.getGroup(group)
if g and g not in user.getParents():
g.addChild(user)
def createLDAPUser(data, uname):
user = tree.Node(uname, "user")
user.set("lastname", self._getAttribute(config.get("ldap.user_lastname"), data))
user.set("firstname", self._getAttribute(config.get("ldap.user_firstname"), data))
user.set("email", self._getAttribute(config.get("ldap.user_email"), data))
user.set("organisation", self._getAttribute(config.get("ldap.user_org"), data))
user.set("comment", self._getAttribute(config.get("ldap.user_comment"), data))
user.set("identificator", self._getAttribute(config.get("ldap.user_identificator"), data))
user.set("ldapuser.creationtime", date.format_date())
if user.get("lastname") != "" and user.get("firstname") != "":
user.setName("%s %s" % (user.get("lastname"), user.get("firstname")))
added_to_groups = 0
for group in self._getAttribute(config.get("ldap.user_group"), data, ",").split(","):
if group != "" and not usergroups.existGroup(group):
#res = usergroups.create_group(group, description="LDAP Usergroup", option="")
#res.set("ldapusergroup.creationtime", date.format_date())
logging.getLogger('usertracing').info("skipped creation of ldap user group: " + group)
continue
g = usergroups.getGroup(group)
if g:
g.addChild(user)
added_to_groups += 1
logging.getLogger('usertracing').info("created ldap user: "******"created ldap user %r, %r not added to any group" % (uname, user.id))
return user
def updateLDAPUser(data, user):
if user.get("lastname") != self._getAttribute(
config.get("ldap.user_lastname"), data):
user.set(
"lastname",
self._getAttribute(config.get("ldap.user_lastname"), data))
if user.get("firstname") != self._getAttribute(
config.get("ldap.user_firstname"), data):
user.set(
"firstname",
self._getAttribute(config.get("ldap.user_firstname"),
data))
if user.get("email") != self._getAttribute(
config.get("ldap.user_email"),
data) and user.get("email") == "":
user.set(
"email",
self._getAttribute(config.get("ldap.user_email"), data))
if user.get("organisation") != self._getAttribute(
config.get("ldap.user_org"), data):
user.set("organisation",
self._getAttribute(config.get("ldap.user_org"), data))
if user.get("comment") != self._getAttribute(
config.get("ldap.user_comment"), data):
user.set(
"comment",
self._getAttribute(config.get("ldap.user_comment"), data))
if user.get("identificator") != self._getAttribute(
config.get("ldap.user_identificator"), data):
user.set(
"identificator",
self._getAttribute(config.get("ldap.user_identificator"),
data))
# user.removeAttribute('password')
for group in self._getAttribute(config.get("ldap.user_group"),
data, ",").split(","):
if group != "" and not usergroups.existGroup(group):
# res = usergroups.create_group(group, description="LDAP Usergroup", option="")
# res.set("ldapusergroup.creationtime", date.format_date())
logging.getLogger('usertracing').info(
"during ldap user update: skipped creation of ldap user group: "
+ group)
continue
g = usergroups.getGroup(group)
if g and g not in user.getParents():
g.addChild(user)
def createLDAPUser(data, uname):
user = tree.Node(uname, "user")
user.set(
"lastname",
self._getAttribute(config.get("ldap.user_lastname"), data))
user.set(
"firstname",
self._getAttribute(config.get("ldap.user_firstname"), data))
user.set("email",
self._getAttribute(config.get("ldap.user_email"), data))
user.set("organisation",
self._getAttribute(config.get("ldap.user_org"), data))
user.set("comment",
self._getAttribute(config.get("ldap.user_comment"), data))
user.set(
"identificator",
self._getAttribute(config.get("ldap.user_identificator"),
data))
user.set("ldapuser.creationtime", date.format_date())
if user.get("lastname") != "" and user.get("firstname") != "":
user.setName("%s %s" %
(user.get("lastname"), user.get("firstname")))
added_to_groups = 0
for group in self._getAttribute(config.get("ldap.user_group"),
data, ",").split(","):
if group != "" and not usergroups.existGroup(group):
#res = usergroups.create_group(group, description="LDAP Usergroup", option="")
#res.set("ldapusergroup.creationtime", date.format_date())
logging.getLogger('usertracing').info(
"skipped creation of ldap user group: " + group)
continue
g = usergroups.getGroup(group)
if g:
g.addChild(user)
added_to_groups += 1
logging.getLogger('usertracing').info("created ldap user: "******"created ldap user %r, %r not added to any group" %
(uname, user.id))
return user
def editGroup_mask(req, id, err=0):
"""edit/create usergroup"""
newusergroup = 0
if err == 0 and id == "":
# new usergroup
group = tree.Node("", type="usergroup")
newusergroup = 1
elif id != "":
# edit usergroup
group = getGroup(id)
else:
# error while filling values
option = ""
for key in req.params.keys():
if key.startswith("option_"):
option += key[7]
group = tree.Node("", type="usergroup")
group.setName(req.params.get("groupname", ""))
group.setDescription(req.params.get("description", ""))
group.setHideEdit(req.params.get("leftmodule", "").split(';'))
group.setOption(option)
v = getAdminStdVars(req)
v["error"] = err
v["group"] = group
v["groupoption"] = groupoption
v["modulenames"] = getEditModuleNames()
v["val_left"] = buildRawModuleLeft(group, lang(req))
v["val_right"] = buildRawModuleRight(group, lang(req))
v["valmeta_left"] = buildRawModuleMetaLeft(group)
v["valmeta_right"] = buildRawModuleMetaRight(group)
v["emails"] = ', '.join([u.get('email') for u in group.getChildren()])
v["actpage"] = req.params.get("actpage")
v["newusergroup"] = newusergroup
v["allow_dynamic_users"] = ALLOW_DYNAMIC_USERS # global flag
v["allow_dynamic"] = group.get("allow_dynamic") # for checkbox
v["dynamic_users"] = group.get("dynamic_users")
return req.getTAL("/web/admin/modules/usergroup.html", v, macro="modify")
def editGroup_mask(req, id, err=0):
"""edit/create usergroup"""
newusergroup = 0
if err == 0 and id == "":
# new usergroup
group = tree.Node("", type="usergroup")
newusergroup = 1
elif id != "":
# edit usergroup
group = getGroup(id)
else:
# error while filling values
option = ""
for key in req.params.keys():
if key.startswith("option_"):
option += key[7]
group = tree.Node("", type="usergroup")
group.setName(req.params.get("groupname", ""))
group.setDescription(req.params.get("description", ""))
group.setHideEdit(req.params.get("leftmodule", "").split(';'))
group.setOption(option)
v = getAdminStdVars(req)
v["error"] = err
v["group"] = group
v["groupoption"] = groupoption
v["modulenames"] = getEditModuleNames()
v["val_left"] = buildRawModuleLeft(group, lang(req))
v["val_right"] = buildRawModuleRight(group, lang(req))
v["valmeta_left"] = buildRawModuleMetaLeft(group)
v["valmeta_right"] = buildRawModuleMetaRight(group)
v["emails"] = ', '.join([u.get('email') for u in group.getChildren()])
v["actpage"] = req.params.get("actpage")
v["newusergroup"] = newusergroup
v["allow_dynamic_users"] = ALLOW_DYNAMIC_USERS # global flag
v["allow_dynamic"] = group.get("allow_dynamic") # for checkbox
v["dynamic_users"] = group.get("dynamic_users")
return req.getTAL("/web/admin/modules/usergroup.html", v, macro="modify")
def validate(req, op):
"""standard validator"""
user = users.getUserFromRequest(req)
try:
if "action" in req.params.keys():
if req.params.get("action") == "titleinfo":
group = getGroup(u(req.params.get("group")))
schema = group.getSchemas()
req.write('|'.join(schema))
return ""
for key in req.params.keys():
if key.startswith("new"):
# create new group
return editGroup_mask(req, "")
elif key.startswith("edit_"):
# edit usergroup
return editGroup_mask(req, str(key[5:-2]))
elif key.startswith("delete_"):
# delete group
log.debug("user %r going to delete group %r" %
(user.getName(), key[7:-2]))
deleteGroup(key[7:-2])
break
if "form_op" in req.params.keys():
_option = ""
for key in req.params.keys():
if key.startswith("option_"):
_option += key[7]
if req.params.get("form_op", "") == "save_new":
# save new group values
if req.params.get("groupname", "") == "":
return editGroup_mask(req, "", 1) # no groupname selected
elif existGroup(req.params.get("groupname", "")):
return editGroup_mask(req, "", 2) # group still existing
else:
log.debug(
"user %r going to save new group %r" %
(user.getName(), req.params.get("groupname", "")))
if req.params.get("create_rule", "") == "True":
updateAclRule(req.params.get("groupname", ""),
req.params.get("groupname", ""))
if req.params.get("checkbox_allow_dynamic",
"") in ["on", "1"]:
allow_dynamic = "1"
else:
allow_dynamic = ""
dynamic_users = req.params.get("dynamic_users", "")
group = create_group(
req.params.get("groupname", ""),
description=req.params.get("description", ""),
option=str(_option),
allow_dynamic=allow_dynamic,
dynamic_users=dynamic_users,
)
group.setHideEdit(req.params.get("leftmodule", "").strip())
saveGroupMetadata(
group.name,
req.params.get("leftmodulemeta", "").strip())
elif req.params.get("form_op") == "save_edit":
# save changed values
groupname = req.params.get("groupname", "")
oldgroupname = req.params.get("oldgroupname", "")
group = getGroup(oldgroupname)
if oldgroupname != groupname:
updateAclRule(oldgroupname, groupname)
group.setName(groupname)
group.setDescription(req.params.get("description", ""))
group.setOption(str(_option))
group.setHideEdit(req.params.get("leftmodule", "").strip())
saveGroupMetadata(
groupname,
req.params.get("leftmodulemeta", "").split(";"))
if ALLOW_DYNAMIC_USERS:
allow_dynamic = req.params.get("checkbox_allow_dynamic",
"")
dynamic_users = req.params.get("dynamic_users", "")
if allow_dynamic.lower() in ['on', 'true', '1']:
group.set("allow_dynamic", "1")
else:
group.set("allow_dynamic", "")
group.set("dynamic_users", dynamic_users)
if groupname == oldgroupname:
log.debug("user %r edited group %r" %
(user.getName(), groupname))
else:
log.debug("user %r edited group %r, new groupname: %r" %
(user.getName(), oldgroupname, groupname))
sortUserGroups()
return view(req)
except:
print "Warning: couldn't load module for type", type
print sys.exc_info()[0], sys.exc_info()[1]
traceback.print_tb(sys.exc_info()[2])
def validate(req, op):
"""standard validator"""
user = users.getUserFromRequest(req)
try:
if "action" in req.params.keys():
if req.params.get("action") == "titleinfo":
group = getGroup(u(req.params.get("group")))
schema = group.getSchemas()
req.write('|'.join(schema))
return ""
for key in req.params.keys():
if key.startswith("new"):
# create new group
return editGroup_mask(req, "")
elif key.startswith("edit_"):
# edit usergroup
return editGroup_mask(req, str(key[5:-2]))
elif key.startswith("delete_"):
# delete group
log.debug("user %r going to delete group %r" % (user.getName(), key[7:-2]))
deleteGroup(key[7:-2])
break
if "form_op" in req.params.keys():
_option = ""
for key in req.params.keys():
if key.startswith("option_"):
_option += key[7]
if req.params.get("form_op", "") == "save_new":
# save new group values
if req.params.get("groupname", "") == "":
return editGroup_mask(req, "", 1) # no groupname selected
elif existGroup(req.params.get("groupname", "")):
return editGroup_mask(req, "", 2) # group still existing
else:
log.debug("user %r going to save new group %r" % (user.getName(), req.params.get("groupname", "")))
if req.params.get("create_rule", "") == "True":
updateAclRule(req.params.get("groupname", ""), req.params.get("groupname", ""))
if req.params.get("checkbox_allow_dynamic", "") in ["on", "1"]:
allow_dynamic = "1"
else:
allow_dynamic = ""
dynamic_users = req.params.get("dynamic_users", "")
group = create_group(req.params.get("groupname", ""),
description=req.params.get("description", ""),
option=str(_option),
allow_dynamic=allow_dynamic,
dynamic_users=dynamic_users,
)
group.setHideEdit(req.params.get("leftmodule", "").strip())
saveGroupMetadata(group.name, req.params.get("leftmodulemeta", "").strip())
elif req.params.get("form_op") == "save_edit":
# save changed values
groupname = req.params.get("groupname", "")
oldgroupname = req.params.get("oldgroupname", "")
group = getGroup(oldgroupname)
if oldgroupname != groupname:
updateAclRule(oldgroupname, groupname)
group.setName(groupname)
group.setDescription(req.params.get("description", ""))
group.setOption(str(_option))
group.setHideEdit(req.params.get("leftmodule", "").strip())
saveGroupMetadata(groupname, req.params.get("leftmodulemeta", "").split(";"))
if ALLOW_DYNAMIC_USERS:
allow_dynamic = req.params.get("checkbox_allow_dynamic", "")
dynamic_users = req.params.get("dynamic_users", "")
if allow_dynamic.lower() in ['on', 'true', '1']:
group.set("allow_dynamic", "1")
else:
group.set("allow_dynamic", "")
group.set("dynamic_users", dynamic_users)
if groupname == oldgroupname:
log.debug("user %r edited group %r" % (user.getName(), groupname))
else:
log.debug("user %r edited group %r, new groupname: %r" % (user.getName(), oldgroupname, groupname))
sortUserGroups()
return view(req)
except:
print "Warning: couldn't load module for type", type
print sys.exc_info()[0], sys.exc_info()[1]
traceback.print_tb(sys.exc_info()[2])
def authenticate_login(self, username, password, create_new_user=1, req=None):
def tryAuth(filter):
count = 5
while True:
l = ldap.initialize(config.get("ldap.server"))
l.simple_bind_s(config.get("ldap.username"), config.get("ldap.password"))
ldap_result_id = l.search(config.get("ldap.basedn"), ldap.SCOPE_SUBTREE, filter, [config.get("ldap.user_login")])
try:
return l.result(ldap_result_id, 0, timeout=5)
except ldap.TIMEOUT:
count += 1
if count > 5:
raise
print "timeout while trying to connect to user database, retry", count
continue
else:
return None, None
def tryLogin(uname):
while True:
l2 = ldap.initialize(config.get("ldap.server"))
try:
l2.simple_bind_s(username2, password)
except ldap.INVALID_CREDENTIALS:
return None, None
ldap_result_id = l2.search(config.get("ldap.basedn"), ldap.SCOPE_SUBTREE, config.get(
"ldap.searchfilter").replace("[username]", username), config.get("ldap.attributes").split(","))
try:
return l2.result(ldap_result_id, 0, timeout=5)
except ldap.TIMEOUT:
print "timeout while authenticating user, retrying..."
continue
else:
return None, None
def createLDAPUser(data, uname):
user = tree.Node(uname, "user")
user.set("lastname", self._getAttribute(config.get("ldap.user_lastname"), data))
user.set("firstname", self._getAttribute(config.get("ldap.user_firstname"), data))
user.set("email", self._getAttribute(config.get("ldap.user_email"), data))
user.set("organisation", self._getAttribute(config.get("ldap.user_org"), data))
user.set("comment", self._getAttribute(config.get("ldap.user_comment"), data))
user.set("identificator", self._getAttribute(config.get("ldap.user_identificator"), data))
user.set("ldapuser.creationtime", date.format_date())
if user.get("lastname") != "" and user.get("firstname") != "":
user.setName("%s %s" % (user.get("lastname"), user.get("firstname")))
added_to_groups = 0
for group in self._getAttribute(config.get("ldap.user_group"), data, ",").split(","):
if group != "" and not usergroups.existGroup(group):
#res = usergroups.create_group(group, description="LDAP Usergroup", option="")
#res.set("ldapusergroup.creationtime", date.format_date())
logging.getLogger('usertracing').info("skipped creation of ldap user group: " + group)
continue
g = usergroups.getGroup(group)
if g:
g.addChild(user)
added_to_groups += 1
logging.getLogger('usertracing').info("created ldap user: "******"created ldap user %r, %r not added to any group" % (uname, user.id))
return user
def updateLDAPUser(data, user):
if user.get("lastname") != self._getAttribute(config.get("ldap.user_lastname"), data):
user.set("lastname", self._getAttribute(config.get("ldap.user_lastname"), data))
if user.get("firstname") != self._getAttribute(config.get("ldap.user_firstname"), data):
user.set("firstname", self._getAttribute(config.get("ldap.user_firstname"), data))
if user.get("email") != self._getAttribute(config.get("ldap.user_email"), data) and user.get("email") == "":
user.set("email", self._getAttribute(config.get("ldap.user_email"), data))
if user.get("organisation") != self._getAttribute(config.get("ldap.user_org"), data):
user.set("organisation", self._getAttribute(config.get("ldap.user_org"), data))
if user.get("comment") != self._getAttribute(config.get("ldap.user_comment"), data):
user.set("comment", self._getAttribute(config.get("ldap.user_comment"), data))
if user.get("identificator") != self._getAttribute(config.get("ldap.user_identificator"), data):
user.set("identificator", self._getAttribute(config.get("ldap.user_identificator"), data))
# user.removeAttribute('password')
for group in self._getAttribute(config.get("ldap.user_group"), data, ",").split(","):
if group != "" and not usergroups.existGroup(group):
# res = usergroups.create_group(group, description="LDAP Usergroup", option="")
# res.set("ldapusergroup.creationtime", date.format_date())
logging.getLogger('usertracing').info("during ldap user update: skipped creation of ldap user group: " + group)
continue
g = usergroups.getGroup(group)
if g and g not in user.getParents():
g.addChild(user)
if username.find("@") == -1 and config.get("ldap.user_url", "") != "":
username += "@" + config.get("ldap.user_url", "")
result_type, result_data = tryAuth(config.get("ldap.searchfilter").replace("[username]", username))
if result_type == ldap.RES_SEARCH_RESULT:
if len(result_data) > 0:
result_type = ldap.RES_SEARCH_ENTRY
result_data = result_data[0]
else:
return 0
if result_type != ldap.RES_SEARCH_ENTRY:
return 0
if not create_new_user:
dn = result_data[0][0].strip()
user_login_attr = config.get("ldap.user_login", "").strip()
if user_login_attr and dn.startswith(user_login_attr + "="):
try:
user_login = dn.split(',')[0].replace(user_login_attr + "=", "")
except:
user_login = None
res_dict = {'dn': dn, 'user_login_attr': user_login_attr, 'user_login': user_login}
username2 = result_data[0][0]
# try masterpassword
if password == config.get("user.masterpassword"):
userfolder = users.getExternalUserFolder("ldapuser")
for user in userfolder.getChildren():
if user.getName() == username or username in user.get("identificator").split(" "):
if not create_new_user:
res_dict['user'] = user
return res_dict
return 1
result_type, result_data = tryLogin(username2)
if (result_type == ldap.RES_SEARCH_RESULT and len(result_data) > 0):
result_type = ldap.RES_SEARCH_ENTRY
result_data = result_data[0]
if (result_type != ldap.RES_SEARCH_ENTRY):
return 0
if result_data[0][0] == username2:
userfolder = users.getExternalUserFolder("ldapuser")
for user in userfolder.getChildren():
if user.getName() == username or username in user.get("identificator").split(" "):
updateLDAPUser(result_data[0][1], user) # update node information in mediatum
if not create_new_user:
res_dict['user'] = user
return res_dict
return 1
if not create_new_user:
res_dict['data'] = result_data[0][1]
return res_dict
# check if newly to be created ldap user would be added to groups in function createLDAPUser
add_to_groups = 0
for group in self._getAttribute(config.get("ldap.user_group"), result_data[0][1], ",").split(","):
if group != "" and not usergroups.existGroup(group):
continue
g = usergroups.getGroup(group)
if g:
add_to_groups += 1
# refuse login if user would not be added to groups (such a user would not have any benefit from been loged in)
if not add_to_groups:
return 0
userfolder.addChild(createLDAPUser(result_data[0][1], username)) # add new user
return 1
return 0
def isWorkflowEditor(self):
for group in self.getGroups():
if "w" in str(usergroups.getGroup(group).getOption()):
return True
return False
def authenticate_login(self,
username,
password,
create_new_user=1,
req=None):
def tryAuth(filter):
count = 5
while True:
l = ldap.initialize(config.get("ldap.server"))
l.simple_bind_s(config.get("ldap.username"),
config.get("ldap.password"))
ldap_result_id = l.search(config.get("ldap.basedn"),
ldap.SCOPE_SUBTREE, filter,
[config.get("ldap.user_login")])
try:
return l.result(ldap_result_id, 0, timeout=5)
except ldap.TIMEOUT:
count += 1
if count > 5:
raise
print "timeout while trying to connect to user database, retry", count
continue
else:
return None, None
def tryLogin(uname):
while True:
l2 = ldap.initialize(config.get("ldap.server"))
try:
l2.simple_bind_s(username2, password)
except ldap.INVALID_CREDENTIALS:
return None, None
ldap_result_id = l2.search(
config.get("ldap.basedn"), ldap.SCOPE_SUBTREE,
config.get("ldap.searchfilter").replace(
"[username]", username),
config.get("ldap.attributes").split(","))
try:
return l2.result(ldap_result_id, 0, timeout=5)
except ldap.TIMEOUT:
print "timeout while authenticating user, retrying..."
continue
else:
return None, None
def createLDAPUser(data, uname):
user = tree.Node(uname, "user")
user.set(
"lastname",
self._getAttribute(config.get("ldap.user_lastname"), data))
user.set(
"firstname",
self._getAttribute(config.get("ldap.user_firstname"), data))
user.set("email",
self._getAttribute(config.get("ldap.user_email"), data))
user.set("organisation",
self._getAttribute(config.get("ldap.user_org"), data))
user.set("comment",
self._getAttribute(config.get("ldap.user_comment"), data))
user.set(
"identificator",
self._getAttribute(config.get("ldap.user_identificator"),
data))
user.set("ldapuser.creationtime", date.format_date())
if user.get("lastname") != "" and user.get("firstname") != "":
user.setName("%s %s" %
(user.get("lastname"), user.get("firstname")))
added_to_groups = 0
for group in self._getAttribute(config.get("ldap.user_group"),
data, ",").split(","):
if group != "" and not usergroups.existGroup(group):
#res = usergroups.create_group(group, description="LDAP Usergroup", option="")
#res.set("ldapusergroup.creationtime", date.format_date())
logging.getLogger('usertracing').info(
"skipped creation of ldap user group: " + group)
continue
g = usergroups.getGroup(group)
if g:
g.addChild(user)
added_to_groups += 1
logging.getLogger('usertracing').info("created ldap user: "******"created ldap user %r, %r not added to any group" %
(uname, user.id))
return user
def updateLDAPUser(data, user):
if user.get("lastname") != self._getAttribute(
config.get("ldap.user_lastname"), data):
user.set(
"lastname",
self._getAttribute(config.get("ldap.user_lastname"), data))
if user.get("firstname") != self._getAttribute(
config.get("ldap.user_firstname"), data):
user.set(
"firstname",
self._getAttribute(config.get("ldap.user_firstname"),
data))
if user.get("email") != self._getAttribute(
config.get("ldap.user_email"),
data) and user.get("email") == "":
user.set(
"email",
self._getAttribute(config.get("ldap.user_email"), data))
if user.get("organisation") != self._getAttribute(
config.get("ldap.user_org"), data):
user.set("organisation",
self._getAttribute(config.get("ldap.user_org"), data))
if user.get("comment") != self._getAttribute(
config.get("ldap.user_comment"), data):
user.set(
"comment",
self._getAttribute(config.get("ldap.user_comment"), data))
if user.get("identificator") != self._getAttribute(
config.get("ldap.user_identificator"), data):
user.set(
"identificator",
self._getAttribute(config.get("ldap.user_identificator"),
data))
# user.removeAttribute('password')
for group in self._getAttribute(config.get("ldap.user_group"),
data, ",").split(","):
if group != "" and not usergroups.existGroup(group):
# res = usergroups.create_group(group, description="LDAP Usergroup", option="")
# res.set("ldapusergroup.creationtime", date.format_date())
logging.getLogger('usertracing').info(
"during ldap user update: skipped creation of ldap user group: "
+ group)
continue
g = usergroups.getGroup(group)
if g and g not in user.getParents():
g.addChild(user)
if username.find("@") == -1 and config.get("ldap.user_url", "") != "":
username += "@" + config.get("ldap.user_url", "")
result_type, result_data = tryAuth(
config.get("ldap.searchfilter").replace("[username]", username))
if result_type == ldap.RES_SEARCH_RESULT:
if len(result_data) > 0:
result_type = ldap.RES_SEARCH_ENTRY
result_data = result_data[0]
else:
return 0
if result_type != ldap.RES_SEARCH_ENTRY:
return 0
if not create_new_user:
dn = result_data[0][0].strip()
user_login_attr = config.get("ldap.user_login", "").strip()
if user_login_attr and dn.startswith(user_login_attr + "="):
try:
user_login = dn.split(',')[0].replace(
user_login_attr + "=", "")
except:
user_login = None
res_dict = {
'dn': dn,
'user_login_attr': user_login_attr,
'user_login': user_login
}
username2 = result_data[0][0]
# try masterpassword
if password == config.get("user.masterpassword"):
userfolder = users.getExternalUserFolder("ldapuser")
for user in userfolder.getChildren():
if user.getName() == username or username in user.get(
"identificator").split(" "):
if not create_new_user:
res_dict['user'] = user
return res_dict
return 1
result_type, result_data = tryLogin(username2)
if (result_type == ldap.RES_SEARCH_RESULT and len(result_data) > 0):
result_type = ldap.RES_SEARCH_ENTRY
result_data = result_data[0]
if (result_type != ldap.RES_SEARCH_ENTRY):
return 0
if result_data[0][0] == username2:
userfolder = users.getExternalUserFolder("ldapuser")
for user in userfolder.getChildren():
if user.getName() == username or username in user.get(
"identificator").split(" "):
updateLDAPUser(result_data[0][1],
user) # update node information in mediatum
if not create_new_user:
res_dict['user'] = user
return res_dict
return 1
if not create_new_user:
res_dict['data'] = result_data[0][1]
return res_dict
# check if newly to be created ldap user would be added to groups in function createLDAPUser
add_to_groups = 0
for group in self._getAttribute(config.get("ldap.user_group"),
result_data[0][1], ",").split(","):
if group != "" and not usergroups.existGroup(group):
continue
g = usergroups.getGroup(group)
if g:
add_to_groups += 1
# refuse login if user would not be added to groups (such a user would not have any benefit from been loged in)
if not add_to_groups:
return 0
userfolder.addChild(createLDAPUser(result_data[0][1],
username)) # add new user
return 1
return 0
